From 6de8270422e442942329dcf34ffca6f62e6e282f Mon Sep 17 00:00:00 2001 From: Kelvin Zhang Date: Fri, 17 Jan 2020 12:35:00 -0500 Subject: Add explanation about difference between setcap and sudo --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6940cde..7c80389 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ cargo install bandwhich ``` This installs `bandwhich` to `~/.cargo/bin/bandwhich` but you need root priviliges to run `bandwhich`. To fix that, there are a few options: -- Give the executable elevated permissions: `sudo setcap cap_net_raw,cap_net_admin+ep ~/.cargo/bin/bandwhich` +- Give the executable elevated permissions: `sudo setcap cap_net_raw,cap_net_admin+ep ~/.cargo/bin/bandwhich` (not 100% the same as `sudo`, see explanation below) - Run `sudo ~/.cargo/bin/bandwhich` instead of just `bandwhich` - Create a symlink: `sudo ln -s ~/.cargo/bin/bandwhich /usr/local/bin/` (or another path on root's PATH) - Set root's PATH to match your own `sudo env "PATH=$PATH" bandwhich` @@ -86,9 +86,11 @@ OPTIONS: On Linux, you can give the `bandwhich` binary a permanent capability to use the required privileges, so that you don't need to use `sudo bandwhich` anymore: ```bash -sudo setcap cap_net_raw,cap_net_admin=+ep "$HOME/.cargo/bin/bandwhich" +sudo setcap cap_net_raw,cap_net_admin+ep "$HOME/.cargo/bin/bandwhich" ``` +This is not 100% the same as running `bandwhich` as `sudo`. The above `setcap` commands gives `bandwhich` capability to sniff network packets. In order to run, `bandwhich` also needs the ability to read `procfs`. Normally processes can read `procfs`, however, if your system has [hidepid](https://linux-audit.com/linux-system-hardening-adding-hidepid-to-proc/) enabled, this assumption might not hold. + ### raw_mode `bandwhich` also supports an easier-to-parse mode that can be piped or redirected to a file. For example, try: ``` -- cgit v1.2.3