In an embedded system (2.4 kernel) I need raw socket access to the eth0 interface from a process not running as root.
I tried to address this problem by setting the CAP_NET_RAW capability from the command line and programmatically using cap_set_proc(), both with no success. It seems that I do not have the permission to do so, in the program I get an EPERM error, on the command line
Failed to set cap's on process `1586': (Operation not permitted)
cap_t caps = cap_get_proc();
cap_list = CAP_NET_RAW;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET) == -1)
if (cap_set_proc(caps) == -1)
if (seteuid(getuid()) != 0)
Generally, you need root permissions to receive raw packets on an interface. This restriction is a security precaution, because a process that receives raw packets gains access to communications of all other processes and users using that interface.
However, if you have access to root on the machine, you can use the setuid flag to give your process root privileges even when the process is executed as a non-root user.
First, ensure that this capability is set successfully when the process is run as root. Then use
sudo chown root process sudo chmod ugo+s process
to set root as owner of the process and set the
setuid flag. Then check that the capability is set when the process is run by other users. Because this process will now have all superuser privileges, you should observe security precautions, and drop the privileges as soon as your code no longer requires it (after enabling the CAP_NET_RAW).
You can follow this method to ensure you're dropping them properly.