[tproxy] tproxy non-root access

Igmar Palsenberg maillist at jdimedia.nl
Thu Jul 20 09:08:10 CEST 2006

> Is it true that my program needs to have root access in order to change
> socket options with tproxy?

You need CAP_NET_ADMIN capabilities.

> If so, is there a workaround for it?

Either change the code, or make sure your program somehow get's / keeps 
the CAP_NET_ADMIN caps.

> Currently, I have a program running under a non-root user and needs to
> use tproxy but it keeps getting "Operation not permmited" error when
> trying to set socket option using tproxy.

You can simply drop all capabilities except CAP_NET_ADMIN and be done with 
it. See the capabilities and prctl() manpage. 


More information about the tproxy mailing list