Can ping only as ROOT!? [Solved]

Issues Related to Networking (Wired and Wireless)

Moderator: Moderators

Can ping only as ROOT!? [Solved]

Postby Honeyman » Fri Sep 06, 2013 23:08

Hey all,

I just noticed that only with ROOT-permissions I can issue the 'ping' command. It had worked only a few days ago (as regular user)

Code: Select all
$ ping fob.spline.inf.fu-berlin.de
ping: icmp open socket: Operation not permitted


But then....

Code: Select all
$ sudo !!
PING fob.spline.inf.fu-berlin.de (130.133.110.152) 56(84) bytes of data.
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=9 ttl=50 time=883 ms
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=10 ttl=50 time=303 ms
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=11 ttl=50 time=70.0 ms
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=12 ttl=50 time=78.1 ms
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=13 ttl=50 time=33.1 ms
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=14 ttl=50 time=29.2 ms
........



Hhmmm...I'm not told that bash couldn't find the command, but I checked anyway

Code: Select all
$ which ping
/bin/ping


Code: Select all
$ echo $PATH
PATH=/usr/local/texlive/2011/bin/i386-linux:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin


I looked around for a solution and found this Ubuntu forum thread: http://ubuntuforums.org/showthread.php?t=927709

I checked permissions of the ping executable

Code: Select all
ls -l `which ping`
-rwx--x--x 1 root root 47448  4. Feb 2013  /bin/ping


According to the Ubuntu thread they should be:

Code: Select all
-rwsr-xr-x 1 root root 30856 2007-07-06 02:40 /bin/ping


In order to fix the issue one is supposed to do:

Code: Select all
$ sudo chmod u+s `which ping`


Is that correct? For Sabayon also? The answer comes from, eh, Ubuntu, so I'm not quite sure. What could have messed up the permission settings? As I said it worked fine on Wednesday and I did not upgrade any packages in the meantime or tinker around with my system in any way.

Thanks for your help
Last edited by Honeyman on Sat Sep 07, 2013 22:15, edited 2 times in total.
Je me regarde pour me désoler,
je me compare pour me consoler

Maurice de Talleyrand
Honeyman
Growing Hen
 
Posts: 159
Joined: Sun Apr 08, 2012 2:25
Location: Berlin, Germany

Re: Can ping only as ROOT!?

Postby waitnsea » Sat Sep 07, 2013 8:53

Hi Honeyman, you could do
as root :
Code: Select all
# cp /bin/ping  /usr/bin/ping
# cd /usr/bin
# chown root ping
# chmod +s ping

then come back yourself : cd ~
$ nano .bashrc and add in queue:
$ alias ping=/usr/bin/ping
(or why not with a second line:)
$ alias ping=/usr/bin/ping
$ alias ping='ping -c5'

Has anybody better ?
Asus-X7BJ Core i7 : 2 Hdd de 500 Go
ArchLinux XFCE - kernel 3.10
Sabayon XFCE - kernel 3.8
NVidia GeForce GT 425M
WiFi Atheros 9285
waitnsea
Baby Hen
 
Posts: 4
Joined: Thu Feb 16, 2012 20:31
Location: Golfe-Juan, France

Re: Can ping only as ROOT!?

Postby svantoviit » Sat Sep 07, 2013 18:25

Honeyman wrote:What could have messed up the permission settings?

Must be something different than permissions of the ping executable.
Code: Select all
$ ls -l `which ping`
-rwx--x--x 1 root root 47448 Feb  4  2013 /bin/ping
It's the same as yours. But works.
Code: Select all
$ ping -c 1 fob.spline.inf.fu-berlin.de
PING fob.spline.inf.fu-berlin.de (130.133.110.152) 56(84) bytes of data.
64 bytes from fob.spline.inf.fu-berlin.de (130.133.110.152): icmp_seq=1 ttl=50 time=41.4 ms

--- fob.spline.inf.fu-berlin.de ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 41.412/41.412/41.412/0.000 ms

Maybe capabilities issue?
Code: Select all
# getcap /bin/ping
/bin/ping = cap_net_raw+ep
If your output is different, change it with
Code: Select all
# setcap cap_net_raw+ep /bin/ping
svantoviit
Old Dear Hen
 
Posts: 651
Joined: Sun Feb 28, 2010 17:55

Re: Can ping only as ROOT!?

Postby waitnsea » Sat Sep 07, 2013 19:12

Best !
:D
je découvre ! Et je m'instruis ici
Thanks
Asus-X7BJ Core i7 : 2 Hdd de 500 Go
ArchLinux XFCE - kernel 3.10
Sabayon XFCE - kernel 3.8
NVidia GeForce GT 425M
WiFi Atheros 9285
waitnsea
Baby Hen
 
Posts: 4
Joined: Thu Feb 16, 2012 20:31
Location: Golfe-Juan, France

Re: Can ping only as ROOT!?

Postby Honeyman » Sat Sep 07, 2013 21:50

svantoviit:

You were right, it was a capabilities issues and your suggestion also solved the problem. Now I only have to find out what file capabilities actually mean, this is the first time I hit upon that Linux/UNIX feature.

Today I asked a friend from my local LUG here in Berlin about my problem, and he told me, that different distributions handle certain commands (ping, ifconfig, ...) differently and that a regular user on a Fedora system for example may not execute the ifconfig command, typing the absolute path (/sbin/ifconfig) works though. I do not get the logic behind that, but after all I'm using Sabayon and not Fedora, yeah! :twisted:
Je me regarde pour me désoler,
je me compare pour me consoler

Maurice de Talleyrand
Honeyman
Growing Hen
 
Posts: 159
Joined: Sun Apr 08, 2012 2:25
Location: Berlin, Germany


Return to Networking and Wireless

Who is online

Users browsing this forum: No registered users and 1 guest