It is currently Fri Jun 22, 2018 1:17 pm


All times are UTC




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: HOWTO: Run GNS3 on Linux as a non-root user
PostPosted: Sat Apr 13, 2013 1:50 pm 
Offline

Joined: Sun Sep 16, 2012 9:55 pm
Posts: 541
Location: England
I've been trying to work out the best way to run GNS3 without running it as a root user. Previously I'd used sudo or gksudo to run as root, but this caused it's own set of problems. I started looking at the way in which wireshark is run as a regular user and have applied the same principle to GNS3.

On newer versions of Linux (Kernel > 2.2), it runs using 'Linux capabilities'.

Dependancies: libcap2 (e.g. sudo apt-get install libcap2-bin)

1. After installing GNS3 and Dynamips, locate your dynamips executable (e.g: /usr/local/bin/dynamips-0.2.8-RC...) and change to the directory containg dynamips
2. Run the following command, from your terminal
Code:
sudo setcap cap_net_raw,cap_net_admin+eip dynamips-028-RC5-community-x86_64.bin
(Change the dynamips version to match the version installed on your machine.

3. GNS3 can now be run with sudo or gksudo and will still allow you to interface directly to an ethernet interface.

I have tested this on Linux Mint 14 with Dynamips routers, Qemu and Virtualbox and all seems well. But it should work on any linux system where lipcap2-bin is available.



_________________
Daniel
Forum Moderator & Debian Package Maintainer for GNS3, Dynamips & VPCS.
Standalone DEB Packages are available from http://gns3.serverb.co.uk - To be updated!


Top
 Profile  
 
 Post subject: Re: HOWTO: Run GNS3 on Linux as a non-root user
PostPosted: Sat Apr 13, 2013 3:51 pm 
Offline

Joined: Tue Jul 17, 2012 1:34 pm
Posts: 214
@claydon_dan

Or you can...

sudo chown root dynamips*
sudo chmod 4755 dynamips*

This allows you to run gns3 as an regular unprivileged user without sudo or gksudo


Best of luck,
Jason

_________________
J.Neumann, GNS3 Contributor & Forum Moderator (Minion ID: sin.zx81.1981ad)
Author: Cisco Routers for Small Business (Apress)


Top
 Profile  
 
 Post subject: Re: HOWTO: Run GNS3 on Linux as a non-root user
PostPosted: Sat Apr 13, 2013 7:02 pm 
Offline

Joined: Sun Sep 16, 2012 9:55 pm
Posts: 541
Location: England
@Jason

That is very true, both methods will work. The main adavntage using the setcap method is you are limiting what can be done by the priviliged program, whcih some security concious folk may like.

_________________
Daniel
Forum Moderator & Debian Package Maintainer for GNS3, Dynamips & VPCS.
Standalone DEB Packages are available from http://gns3.serverb.co.uk - To be updated!


Top
 Profile  
 
 Post subject: Re: HOWTO: Run GNS3 on Linux as a non-root user
PostPosted: Sat Apr 13, 2013 10:04 pm 
Offline

Joined: Tue Jul 17, 2012 1:34 pm
Posts: 214
I agree with you that It's more restrictive and a better way to go. I only pointed out the other option since setcap may not be available on all Unixes, like OS X for example.

However since Wireshark runs on OS X, there must be a similar method of securing dynamips? I'll see what I can dig up, and nice job with your setcap discovery.

Jason



_________________
J.Neumann, GNS3 Contributor & Forum Moderator (Minion ID: sin.zx81.1981ad)
Author: Cisco Routers for Small Business (Apress)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO