Bug 962913 - can't use tcptraceroute as ordinary user
can't use tcptraceroute as ordinary user
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: traceroute (Show other bugs)
18
Unspecified Unspecified
urgent Severity urgent
: ---
: ---
Assigned To: Dmitry Butskoy
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-14 14:55 EDT by Karel Volný
Modified: 2013-05-16 07:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-16 07:42:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Karel Volný 2013-05-14 14:55:07 EDT
Description of problem:
I have one user having troubles accessing her SMTP server. As the machine is NATted and I don't have access to it ATM, I wanted to instruct the user how to check the connection via tcptraceroute. Unfortunately, this seems to be impossible in Fedora ... while it works in other distros.

Version-Release number of selected component (if applicable):
traceroute-2.0.19-1.fc18.x86_64

How reproducible:
always

Steps to Reproduce:
1. tcptraceroute smtp.seznam.cz 25
  
Actual results:
You have no enough privileges to use this traceroute method.
socket: Operation not permitted

Expected results:
Selected device br0, address 192.168.1.10, port 48440 for outgoing packets
Tracing the path to smtp.seznam.cz (77.75.72.48) on TCP port 25 (smtp), 30 hops max
 1  192.168.1.1  0.395 ms  0.333 ms  0.215 ms
...
 9  smtp.seznam.cz (77.75.72.48) [open]  4.848 ms  6.350 ms  5.232 ms


Additional info:
Can someone tell me, why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?
Comment 1 Dmitry Butskoy 2013-05-16 07:42:54 EDT
Have answered you here:
https://bugzilla.redhat.com/show_bug.cgi?id=733030#c7

> why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?

It is not "denied" by the application, just the application itself has no enough rights for this. Yes, the diagnostic "You have no enough rights..." is some kind of bit to the modern "end user", conservatively say I would prefer classic "socket: open: Permissing Denied" (which should show that such a denying is not the application choice).

Closed cantfix, since IMHO I have no rights neither to set setuid bit, nor to play with cap_net_raw .

See more at:
https://bugzilla.redhat.com/show_bug.cgi?id=733030#c7

Note You need to log in before you can comment on or make changes to this bug.