3

I have a program that captures network traffic off a network interface. (It's a C program sitting on libpcap.)

I'm running Fedora 26.

When I run the program as root, things look great:

[craig ~]$ sudo su -
[root ~]$ /home/craig/mybinary
(output is as expected)

But, when I run the program as myself (craig), it fails:

[craig ~]$ /home/craig/mybinary
Operation not permitted
[craig ~]$ echo $?
1

What I want is any user who runs this program to run it "as root". I think I set the setuid bit and owner/group appropriately:

[root@localhost ~]# chmod 6774 /home/craig/mybinary
[root@localhost ~]# ls -lah /home/craig/mybinary
-rwsrwsr--. 1 root  root  1.3M Mar  7  2017 mybinary

But the behavior is unchanged - when I run this process as craig, it fails with permission-related errors.

Am I missing a step/setting?

Craig Otis
  • 31,257
  • 32
  • 136
  • 234
  • Have you checked if `/home/craig` is not on a filesystem mounted with `nosuid` and for potential interference from SELinux? Furthermore, if the only privileged operations performed by your binary are related to network sniffing, then you do not need full-blown root privileges. Likely `CAP_NET_RAW` (and maybe `CAP_NET_ADMIN`) would be sufficient: `setcap cap_net_raw=ep /home/craig/mybinary`. – tomix86 Jan 04 '18 at 17:45
  • Try `sudo chmod o+x /home/craig/mybinary`. You need to make sure everyone can execute it. As described in your question only `root.root` has access to execute the file. – Tinkerer Apr 17 '21 at 04:41

0 Answers0