AppImage

Root privileges

I have created an AppImage for my application (GitHub - fizzyade/pingnoo: An open source ping analyser) but I’m wondering how to handle the requirement of root privileges.

My application is traceroute/ping analyser and it creates and sends ICMP packets directly, this requires root privileges to send the packets.

Does anybody have any idea on the best way to go about handling this?

Tell your users to run the application as root: sudo Your.AppImage does not work?

Thanks for the response.

That’s not really a long term solution, there are obvious security issues regarding this and issues with and created files which will then be owned by root.

It’s fine for me developing, CLion actually has an elevation service which allows me to easily launch and debug the application.

I’ve actually created a new ping engine plugin for the application that spawns ping commands to do the actual ping transmission & reception, but there are inherent problems with that as well as I can’t get a timestamp of when the ping was actually sent, so I tentatively use the process creation time as my epoch, but it’s far from accurate, especially when dealing with values down to milliseconds.

I suspect I’m going to end up creating a “ping service” for the application which can be installed (and have the correct permissions to send raw packets) and create another ping engine plugin which talks to the service, this would allow me to have accurate time stamping and the application can run as a user.

I meant sudo of course (corrected above).

Yeah, I knew what you meant!

As per my reply above though, it’s not something that is workable really, running under sudo means that any files created will be created as root, and running as root is not something that I’d really recommend people to do.

I have implemented a small workaround, because of the modular nature of my application I have created a new ping engine implementation for Linux which uses the ping binary, this allows the application to run unprivileged yet able to send ICMP packets, however, the measurement is not as accurate as I’m spawning a child task.

I will provide another option for Linux which is the use of a daemon which can be installed and the application will talk to the daemon to send and receive ICMP packets, this will allow it to work exactly as it does when running as root, but without requiring the AppImage to be run as root, I have a choice of making the helper daemon either run as root or with setcap privileges for raw sockets.