摘录


As a breif explenation of the above.
We create a group called tcpdump. 
We then add the user or users that we want to be able to use tcpdump to the group.
We then change the user/group of tcpdump to match root and the new group.
We then make sure the permissions are set on tcpdump so that members of the group can execute it but other normal users cannot.
We then use setcap to give the CAP_NET_RAW priviledge to the executable when it runs. This is so that tcpdump can open its raw socket which is not normally permitted unless you are root.

点评

第四条指令有问题

原文

点击这里查看原文

其它

本帖内容由21QA云收藏工具自动生成,欢迎使用。

系统消息 若觉得内容不错,请点击左上角的"赞"图标,以优化网站的内容呈现。 另外,请及时验证注册邮箱,否则收不到21QA发出的红包。 官方Q群:250203055

asked 16 Jan '16, 15:04

%E8%B7%AF%E4%BA%BA%E7%94%B2's gravatar image

路人甲
131576638836

Be the first one to answer this question!
toggle preview

powered by O*S*Q*A

粤ICP备14040061号-1