diff --git a/server.go b/server.go
index c2a6be0..8aeca1c 100644
--- a/server.go
+++ b/server.go
@@ -11,6 +11,7 @@ import (
 	E "github.com/sagernet/sing/common/exceptions"
 	"github.com/sagernet/sing/common/metadata"
 	"github.com/sagernet/sing/service"
+	"golang.org/x/sys/unix"
 	"log"
 	"nekobox_core/gen"
 	"nekobox_core/internal/boxbox"
@@ -359,13 +360,25 @@ func (s *server) CompileGeoSiteToSrs(ctx context.Context, in *gen.CompileGeoSite
 }
 
 func (s *server) IsPrivileged(ctx context.Context, _ *gen.EmptyReq) (*gen.IsPrivilegedResponse, error) {
-	if runtime.GOOS == "windows" {
-		return &gen.IsPrivilegedResponse{
-			HasPrivilege: false,
-		}, nil
+	ret := false
+	if runtime.GOOS == "windows" || os.Geteuid() == 0 {
+		ret = true
+	} else if runtime.GOOS == "linux" {
+		caps := unix.CapUserHeader{
+			Version: unix.LINUX_CAPABILITY_VERSION_3,
+			Pid:     0, // current
+		}
+		var data [2]unix.CapUserData
+		err := unix.Capget(&caps, &data[0])
+		if err != nil {
+			ret = false
+		} else {
+			// CAP_NET_ADMIN = 12
+			ret = (data[0].Effective & (1 << unix.CAP_NET_ADMIN)) != 0
+		}
 	}
 
-	return &gen.IsPrivilegedResponse{HasPrivilege: os.Geteuid() == 0}, nil
+	return &gen.IsPrivilegedResponse{HasPrivilege: ret}, nil
 }
 
 func (s *server) SpeedTest(ctx context.Context, in *gen.SpeedTestRequest) (*gen.SpeedTestResponse, error) {