Opened 8 years ago

Closed 6 years ago

#7589 closed enhancement (fixed)

Test deploying ooni as a non-root user

Reported by: aagbsn Owned by: hellais
Priority: Medium Milestone:
Component: Archived/Ooni Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Test ooni deployment without root.
You'll need a system that supports capability bits CAP_NET_RAW and CAP_NET_ADMIN.

These instructions are for using tcpdump as non root. We may need to set the capabilities on the actual python interpreter. If you're using a virtualenv, there should be a python binary inside $YOURVIRTUALENV/bin/

Instructions for tcpdump. Modify as necessary.

sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/tcpdump
groupadd pcap
usermod -a -G pcap ooni
chgrp pcap /usr/sbin/tcpdump

Also, verify that these settings persist through a reboot.

Child Tickets

Change History (2)

comment:1 Changed 7 years ago by aagbsn

Is this something that we want to add to our debian packages, or should users run ooniprobe as root? A complication is that if a user runs ooniprobe, and has configuration options and input files stored in their user directories, when running ooniprobe as root they will need to specify paths that they would not need to specify when running ooni as that user.

comment:2 Changed 6 years ago by hellais

Resolution: fixed
Status: newclosed

I think this ticket is now superseeded by: https://trac.torproject.org/projects/tor/ticket/13602.

Note: See TracTickets for help on using tickets.