Running tcpdump as non root user
This is a short guide to setup tcpdump as a non root user but only so that specific users which are added to a group can actually run tcpdump. This is different from running tcpdump from sudo which will still actually be running tcpdump as a root user.
You can enable this for non root users in a secure method by using the following commands
groupadd tcpdump addgroup <username> tcpdump chown root.tcpdump /usr/sbin/tcpdump chmod 0750 /usr/sbin/tcpdump setcap "CAP_NET_RAW+eip" /usr/sbin/tcpdump
As a brief explanation of the above.
- We create a group called tcpdump
- We then add the user or users that we want to be able to use tcpdump to the group.
- We then change the user/group of tcpdump to match root and the new group.
- We then make sure the permissions are set on tcpdump so that members of the group can execute it but other normal users cannot.
- We then use setcap to give the CAP_NET_RAW priviledge to the executable when it runs. This is so that tcpdump can open its raw socket which is not normally permitted unless you are root.
- When upgrading packages on the system the tcpdump can reset the permissions. So expect to rerun the chmod / setcap commands
Did You find this page useful?
Thanks for the feeback. Please consider sharing with others.