0

I'm developing a small tool to record some sensors in GNU/Linux. Some of the sensors transmit their data over UDP, so I'm using libtins to capture it.

I would like to control the sensors start/stop from a webapp, but listening to a network interface requires root privileges. I don't like the idea of hard-coding a sudo-password to run the sniffer every time a button is clicked and I would rather avoid running all my processes as root, but surely must be a proper way to give interface access permissions to a process so the sniffing can be started from, let's say, a python or bash script.

Can someone give me any hint?

dvilela
  • 113
  • 1
    I found this: "CAP_NET_ADMIN allows us to set an interface to promiscuous mode, and CAP_NET_RAW permits raw access to an interface for capturing directly off the wire" (source). Unfortunately capabilities won't work if set to a script. But if you used a binary executable and granted the capabilities during installation once, then I guess this might work. – Kamil Maciorowski Apr 27 '20 at 09:22
  • Thanks everyone. Yes, I do need to sniff in this case. @KamilMaciorowski, that was very helpful. I found the command here did the trick for me. Would yo like to make your comment an answer so I can select it? – dvilela Apr 27 '20 at 09:50
  • 1
    I have no practical experience with this therefore I will pass. I think it will be better if you post an answer. – Kamil Maciorowski Apr 27 '20 at 10:13

1 Answers1

1

The setcap command did the trick:

sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip <binaryFile>
dvilela
  • 113