I want to allow a normal user to run NMAP's advanced scans like XMAS, TCP FIN, TCP NULL scans. Can somebody please tell me how to do that ?? Since it uses raw packets so whether setting the setuid bit will work or not ?
Asked
Active
Viewed 2,549 times
1 Answers
2
Yes, setuid bit should work fine (unless there is some protection in nmap that does not allow it to run with setuid bit enabled, but I don't think so).
Another possible (and in my opinion, much better) option is to configure sudo to allow certain users to run nmap with some similar configuration in /etc/sudoers:
username ALL = NOPASSWD: /usr/bin/nmap
Vladimir Blaskov
- 6,183
- 1
- 27
- 22
-
1You need to use 'sudo'. While there are specific reasons it won't work with `nmap`, in general, you can't just make a program *setuid* and expect it to do the right thing without it even knowing what the right thing *is*. – David Schwartz Sep 20 '11 at 07:45