[tproxy] tproxy non-root access
Igmar Palsenberg
maillist at jdimedia.nl
Thu Jul 20 09:08:10 CEST 2006
> Is it true that my program needs to have root access in order to change
> socket options with tproxy?
You need CAP_NET_ADMIN capabilities.
> If so, is there a workaround for it?
Either change the code, or make sure your program somehow get's / keeps
the CAP_NET_ADMIN caps.
> Currently, I have a program running under a non-root user and needs to
> use tproxy but it keeps getting "Operation not permmited" error when
> trying to set socket option using tproxy.
You can simply drop all capabilities except CAP_NET_ADMIN and be done with
it. See the capabilities and prctl() manpage.
Igmar
More information about the tproxy
mailing list