0

I'm developing a small tool to record some sensors in GNU/Linux. Some of the sensors transmit their data over UDP, so I'm using libtins to capture it.

I would like to control the sensors start/stop from a webapp, but listening to a network interface requires root privileges. I don't like the idea of hard-coding a sudo-password to run the sniffer every time a button is clicked and I would rather avoid running all my processes as root, but surely must be a proper way to give interface access permissions to a process so the sniffing can be started from, let's say, a python or bash script.

Can someone give me any hint?

dvilela
  • 113
  • 3
  • 1
    I found this: "`CAP_NET_ADMIN` allows us to set an interface to promiscuous mode, and `CAP_NET_RAW` permits raw access to an interface for capturing directly off the wire" ([source](https://blog.bravi.org/?p=912)). Unfortunately capabilities [won't work if set to a script](https://unix.stackexchange.com/a/87371/108618). But if you used a binary executable and granted the capabilities during installation once, then I guess this might work. – Kamil Maciorowski Apr 27 '20 at 09:22
  • Thanks everyone. Yes, I do need to sniff in this case. @KamilMaciorowski, that was very helpful. I found the command [here](https://unix.stackexchange.com/questions/207863/how-to-see-if-a-file-has-cap-net-admin) did the trick for me. Would yo like to make your comment an answer so I can select it? – dvilela Apr 27 '20 at 09:50
  • 1
    I have no practical experience with this therefore I will pass. I think it will be better if you post an answer. – Kamil Maciorowski Apr 27 '20 at 10:13

1 Answers1

1

The setcap command did the trick:

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip <binaryFile>
dvilela
  • 113
  • 3