Drop sudo need

[laixintao]

Replacement for RAW_SOCKET?

This tool need sudo because this:

pingtop/ping.py

Line 202 in c8c522c

my_socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, icmp)

[ryankrage77]

If I run it with sudo, I get command not found, otherwise it fails.

[laixintao]

@ryankrage77 Did you install for current user only instead of installing globally?

Try type which pingtop and use absolute path to run:

sudo /usr/local/bin/pingtop xxx

(replace /usr/local/bin/pingtop with your absolute path.)

Or you can install for sudo user:

sudo pip install pingtop

[gzxultra]

no way to work around this, kernel will not allow sending of packets that cannot be trusted.

[sgowie]

If the python interpreter being invoked has been provided the appropriate capabilities, sudo is not required.

e.g.

$ pip install pingtop --user
$ NEWPATH=$(pwd)/.local/bin/python
$ cp $(which python) $NEWPATH
$ sudo setcap cap_net_raw=ep $NEWPATH
$ sed -i "1s;/usr/bin/python;$NEWPATH;" .local/bin/pingtop

This lets you run the installed pingtop without invoking sudo, and only the specific privileges required for pingtop to do its thing are granted.

$ .local/bin/pingtop google.ca cnn.com

[gzxultra]

@sgowie there is no setcap on OS X

[laixintao]

@gzxultra I am thinking support tcpping, if use tcpping do we still need sudo ?

[laixintao]

I will check BSD ping's source code, see how does it run without sudo.

[gzxultra]

@laixintao could you try this

https://apple.stackexchange.com/questions/312857/how-does-macos-allow-standard-users-to-ping#answer-312861

socket.SOCK_DGRAM in Python

[laixintao]

Solved by @gzxultra