Traceroute permissions

From thelinuxwiki
Jump to: navigation, search

$ traceroute -I 4.2.2.2
The specified type of tracerouting is allowed for superuser only

Most Linux distros don’t allow the –I switch for traceroute by regular users by default. Traceroute would have to be configured by enabling the setuid bit or with a setcap modification.

example using setcap:
Setting...

# setcap cap_net_raw+ep /usr/bin/traceroute

viewing..

# getcap /usr/bin/traceroute
/usr/bin/traceroute = cap_net_raw+ep

for more info see manpages for setuid or setcap