Red Hat Bugzilla – Bug 962913
can't use tcptraceroute as ordinary user
Last modified: 2013-05-16 07:42:54 EDT
Description of problem:
I have one user having troubles accessing her SMTP server. As the machine is NATted and I don't have access to it ATM, I wanted to instruct the user how to check the connection via tcptraceroute. Unfortunately, this seems to be impossible in Fedora ... while it works in other distros.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. tcptraceroute smtp.seznam.cz 25
You have no enough privileges to use this traceroute method.
socket: Operation not permitted
Selected device br0, address 192.168.1.10, port 48440 for outgoing packets
Tracing the path to smtp.seznam.cz (184.108.40.206) on TCP port 25 (smtp), 30 hops max
1 192.168.1.1 0.395 ms 0.333 ms 0.215 ms
9 smtp.seznam.cz (220.127.116.11) [open] 4.848 ms 6.350 ms 5.232 ms
Can someone tell me, why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?
Have answered you here:
> why a network diagnostic tool should be denied to send TCP packets without having root, while there are zillions of applications that make TCP connections without requiring root privileges?
It is not "denied" by the application, just the application itself has no enough rights for this. Yes, the diagnostic "You have no enough rights..." is some kind of bit to the modern "end user", conservatively say I would prefer classic "socket: open: Permissing Denied" (which should show that such a denying is not the application choice).
Closed cantfix, since IMHO I have no rights neither to set setuid bit, nor to play with cap_net_raw .
See more at: