Running tcpdump as non root user

This is a short guide to setup tcpdump as a non root user but only so that specific users which are added to a group can actually run tcpdump. This is different from running tcpdump from sudo which will still actually be running tcpdump as a root user.

You can enable this for non root users in a secure method by using the following commands

groupadd tcpdump
addgroup <username> tcpdump
chown root.tcpdump /usr/sbin/tcpdump
chmod 0750 /usr/sbin/tcpdump
setcap "CAP_NET_RAW+eip" /usr/sbin/tcpdump

As a brief explanation of the above.

We create a group called tcpdump
We then add the user or users that we want to be able to use tcpdump to the group.
We then change the user/group of tcpdump to match root and the new group.
We then make sure the permissions are set on tcpdump so that members of the group can execute it but other normal users cannot.
We then use setcap to give the CAP_NET_RAW priviledge to the executable when it runs. This is so that tcpdump can open its raw socket which is not normally permitted unless you are root.

Known Issues

When upgrading packages on the system the tcpdump can reset the permissions. So expect to rerun the chmod / setcap commands

Did You find this page useful?

Yes No

Last Modified: 08 March 2017

Releated Posts

2017-09-02 - Raspberry PI - Router Guide

2013-03-01 - Linux - What and how to kill a zombie process

2013-02-14 - Linux - Getting sshfs to work

2012-12-12 - Linux - List / Copy group membership for users

2012-12-08 - Linux - ssh key authentication

2012-12-04 - Linux - sudo without a password

2012-10-13 - Rasberry Pi - Alternative method to play video without omx gstreamer element

2012-10-10 - How to run tcpdump as root

2012-07-13 - Linux - Killing all processes for a specific user

2012-04-05 - Using gdb to debug a core file

2012-01-16 - Linux - Color Coding The Bash Prompt

2012-01-14 - Linux - Automatically set the DISPLAY environment variable in SSH connection

2012-01-06 - Adding extra swap space to linux