Skip to content

Instantly share code, notes, and snippets.

@srugano
Created October 9, 2021 12:23
Show Gist options
  • Save srugano/93df27f96a826a6bc1973e6b9a3d8244 to your computer and use it in GitHub Desktop.
Save srugano/93df27f96a826a6bc1973e6b9a3d8244 to your computer and use it in GitHub Desktop.
Enable tcpdump for non-root users on Debian/Ubuntu.
#!/usr/bin/env bash
# NOTE: This will let anyone who belongs to the 'pcap' group
# execute 'tcpdump'
# NOTE2: User running the script MUST be a sudoer. It is
# convenient to be able to sudo without a password.
sudo groupadd pcap
sudo usermod -a -G pcap $USER
sudo chgrp pcap /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
sudo ln -s /usr/sbin/tcpdump /usr/bin/tcpdump
@isidroas
Copy link

Hello, thanks for sharing. Some comments testing in Ubuntu 23.10:

  • /usr/sbin/tcpdump does not exists. /usr/bin/tcpdump do exist
  • I only needed this line sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump. I guess that the reason is the default permissions:
$ ls -l /usr/bin/tcpdump
-rwxr-xr-x 1 root root 1339512 Aug  1  2023 /usr/bin/tcpdump

where others can execute

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment