打开在linux RAW插槽而不超级用户 [英] Opening RAW sockets in linux without being superuser
问题描述
我必须写一个ping功能在Linux上运行。语言是C ++,所以C如果也没关系。
I have to write a ping function to run on Linux. The language is C++, so C if fine too.
在互联网上搜索和查看源$ C $ C为平
命令,事实证明,我应该创建一个原始套接字:
Searching on the Internet and looking at the source code for the ping
command, it turns out that I should create a raw socket:
icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
如果我跑我的申请没有被超级用户,则插座
函数返回 1
即不创建插座成功。如果我运行它作为一个超级用户,一切工作正常。
If I run my application without being superuser, the socket
function returns -1
i.e. the socket is not created successfully. If I run it as a superuser, all works fine.
现在,在平
命令就创建一个原始套接字,我可以运行它的超级用户没有权利
Now, the ping
command do create a raw socket and I can run it without superuser rights.
我的问题是:我怎么能答应我的应用程序的所有权限,而不需要由超级用户执行创建原始套接字
My question is: how can I grant my application all permissions needed to create a raw socket without being executed by a superuser?
推荐答案
平
需要 CAP_NET_RAW
能力做这一点没有(其他)具有超级用户权限,也是如此你的程序。运行
ping
needs the cap_net_raw
capability to do this without (other) superuser rights, and so does your program. Run
setcap cap_net_raw+ep your_executable_file
为根目录,然后普通用户将可以使用该程序。
as root, and then normal users will be able to use the program.
这篇关于打开在linux RAW插槽而不超级用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!