How to allow non root user to execute hping command ?

-
If you run hping command without root permission or without sudo and you receive this error :

[open_sockraw] socket(): Operation not permitted
[main] can't open raw socket

This command might be able to help you.

sudo setcap cap_net_raw+ep /usr/bin/hping3

(or any location of the hping command)

setcap command is to set file capabilities.

What are filesystem capabilities?  
For the purpose of performing permission checks, traditional Unix implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is non-zero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list). 
Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute.

I believe all command that need to open raw socket, by using the method above will be able to allow non root user to run the command.



---

Comments

Post a Comment

Feel free to leave your question or comment here, we will reply you as soon as possible.

Popular posts from this blog

Setup mail server with ldap authentication in docker

-
Getting an email server to run in docker is easy but getting an email server with ldap authentication to run in docker spend me a week to get up and running. Here are the steps that I taken. I will assume you already know how to install docker. Install LDAP. docker run \              --detach \              --restart unless-stopped \              --name openldap \              -e LDAP_ORGANISATION=domain \              -e LDAP_DOMAIN=domain.com \              -e LDAP_ADMIN_PASSWORD=complex-password \              -e LDAP_RFC2307BIS_SCHEMA=true \              -e LDAP_REMOVE_CONFIG_AFTER_SETUP=true \              -e LDAP_TLS=false \              -p 389:389 \              --volume /data/openldap/var_lib_ldap:/var/lib/ldap \              --volume /data/openldap/etc_ldap_slapd.d:/etc/ldap/slapd.d \              osixia/openldap:latest Install postfix-book schema into the ldap. # cd /etc/ldap/schema # apt update # apt install vim wget # wget https://raw.githubusercontent.com/variablenix/ldap-
Read more

Boot Acronis from PXE

-
Image
I found these two articles about booting into acronis environment using PXE. Source : http://thesystemadministrator.com/the_system_administrator/tips_%26_tricks/pxe%2c_aka_pre-execution_environment_-_part_1/ http://thesystemadministrator.com/the_system_administrator/tips_&_tricks/pxe,_aka_pre-execution_environment_and_acronis_-_part_2/ Few days ago, I’ve received 50 new servers without any OS preinstalled. The servers came without floppy drive and CD/DVD. I tried to connect an external CD (USB) or Disk on Key, but servers didn’t start. So, I decided to run PXE Boot . If you don't know what PXE is, here’s what is written in Wikipedia: “The Preboot Execution Environment (PXE, aka Pre-Execution Environment, or 'pixie') is an environment to boot computers using a network interface card independently of available data storage devices (like hard disks) or installed operating systems.” There are several solutions of PXE implementation. Microsoft has its Remote Installation Ser
Read more