Running tcpdump as non root user

This is a short guide to setup tcpdump as a non root user but only so that specific users which are added to a group can actually run tcpdump.

You can enable this for non root users in a secure method by using the following commands

groupadd tcpdump
addgroup <username> tcpdump
chown root.tcpdump /usr/sbin/tcpdump
chmod 0750 /usr/sbin/tcpdump
setcap "CAP_NET_RAW+eip" /usr/sbin/tcpdump

As a brief explanation of the above.

  • We create a group called tcpdump
  • We then add the user or users that we want to be able to use tcpdump to the group.
  • We then change the user/group of tcpdump to match root and the new group.
  • We then make sure the permissions are set on tcpdump so that members of the group can execute it but other normal users cannot.
  • We then use setcap to give the CAP_NET_RAW priviledge to the executable when it runs. This is so that tcpdump can open its raw socket which is not normally permitted unless you are root.

Known Issues

  • When upgrading packages on the system the tcpdump can reset the permissions. So expect to rerun the chmod / setcap commands

Last Modified: 19 November 2016

Releated Posts

2013-03-01 - Linux - What and how to kill a zombie process
2013-02-14 - Linux - Getting sshfs to work
2012-12-12 - Linux - List / Copy group membership for users
2012-12-08 - Linux - ssh key authentication
2012-12-04 - Linux - sudo without a password
2012-10-13 - Rasberry Pi - Alternative method to play video without omx gstreamer element
2012-10-10 - How to run tcpdump as root
2012-07-13 - Linux - Killing all processes for a specific user
2012-04-05 - Using gdb to debug a core file
2012-01-16 - Linux - Color Coding The Bash Prompt
2012-01-14 - Linux - Automatically set the DISPLAY environment variable in SSH connection
2012-01-06 - Adding extra swap space to linux