Bug 962913

Summary: can't use tcptraceroute as ordinary user
Product: [Fedora] Fedora Reporter: Karel Volný <kvolny>
Component: tracerouteAssignee: Dmitry Butskoy <dmitry>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 18CC: dmitry, jsynacek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-16 11:42:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karel Volný 2013-05-14 18:55:07 UTC 
Description of problem:
I have one user having troubles accessing her SMTP server. As the machine is NATted and I don't have access to it ATM, I wanted to instruct the user how to check the connection via tcptraceroute. Unfortunately, this seems to be impossible in Fedora ... while it works in other distros.

Version-Release number of selected component (if applicable):
traceroute-2.0.19-1.fc18.x86_64

How reproducible:
always

Steps to Reproduce:
1. tcptraceroute smtp.seznam.cz 25
  
Actual results:
You have no enough privileges to use this traceroute method.
socket: Operation not permitted

Expected results:
Selected device br0, address 192.168.1.10, port 48440 for outgoing packets
Tracing the path to smtp.seznam.cz (77.75.72.48) on TCP port 25 (smtp), 30 hops max
 1  192.168.1.1  0.395 ms  0.333 ms  0.215 ms
...
 9  smtp.seznam.cz (77.75.72.48) [open]  4.848 ms  6.350 ms  5.232 ms


Additional info:
Can someone tell me, why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?
Comment 1 Dmitry Butskoy 2013-05-16 11:42:54 UTC 
Have answered you here:
https://bugzilla.redhat.com/show_bug.cgi?id=733030#c7

> why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?

It is not "denied" by the application, just the application itself has no enough rights for this. Yes, the diagnostic "You have no enough rights..." is some kind of bit to the modern "end user", conservatively say I would prefer classic "socket: open: Permissing Denied" (which should show that such a denying is not the application choice).

Closed cantfix, since IMHO I have no rights neither to set setuid bit, nor to play with cap_net_raw .

See more at:
https://bugzilla.redhat.com/show_bug.cgi?id=733030#c7