Ethereal-users: Re: [Ethereal-users] how to run ethereal as non-root under unix ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 12 Nov 2001 11:38:34 -0800 (PST)
> Is there any workaround / solution to run ethereal as non-root ?

Workaround 1:

	Use BSD.  :-) On BSD (FreeBSD, NetBSD, OpenBSD, and BSD/OS), you
	can make the "/dev/bpfN" devices readable by ordinary users,
	e.g.  by yourself, and run Ethereal (or tcpdump, or Ksnuffle, or
	any other sniffer program) as yourself.

Workaround 2:

	Modify the Linux login program (or {x,g,k,...}dm program) so
	that it consults some file (or NIS database, or LDAP database,
	or whatever) to get, for a user account, a set of enabled
	capabilities for that user, and sets those capabilities for the
	processes it creates.  (I'm assuming here that capability bits
	are inherited by child processes.)  Then give yourself
	CAP_NET_RAW and CAP_NET_ADMIN capabilities (CAP_NET_ADMIN may
	only be necessary in order to get the list of network interfaces
	for the combo box to show).

	Linux *has* the ability, in the kernel (at least 2.2 and later
	kernels) to give various privileges to non-root users;
	unfortunately, there is, as far as I know, no userland support
	for it.