Creating raw socket in Python without root privileges
As you noted raw sockets require higher privilege than a regular user have.You can circumvent this issue in two ways:
- Activating the SUID bit for the file with a command like
chmod +s fileand set its owner torootwithchown root.root file. This will run your script as root, regardless of the effective user that executed it. Of course this could be dangerous if your script has some flaw. - Setting the CAP_NET_RAW capability on the given file with a command like
setcap cap_net_raw+ep file. This will give it only the privileges required to open a raw socket and nothing else.
EDIT:
As pointed out by @Netch the given solutions will not work with any interpreted language (like Python). You will need some "hack" to make it work. Try googling for "Python SUID", you should find something.
There is not a way for an unprivileged process (Python or otherwise) to elevate their own privileges. It's kind of the cornerstone of having this whole privileged/unprivileged users thinga-ma-jig. In regards to raw sockets, from manual page raw(7):
Only processes with an effective user ID of 0 or the CAP_NET_RAW capability are allowed to open raw sockets.
User ID of 0 means root. See here for info about raw sockets on linux.
As pointed out in Faust's answer/comments you won't be able to directly set the CAP_NET_RAW capability for your python program, due to it being a script that gets executed by the Python interpreter, but there may be solutions out on the web that can get around this limitation.
You can also go another path and set up the application using the sudoers file, then run it via sudo
Or my preferred option is just to compile it with Nuitka, then it runs like any other executable and can be assigned run as root etc