[code]# ping www.google.ch
ping: icmp open socket: Operation not permitted
[/code]
Is there a way to allow normal users commands like "ping", "traceroute" etc? Do those users need to belong to a certain group (which one)?
Thanks in advance!
Greets
fidel
ping as normal user
Re: ping as normal user
I was hoping one of the better selinux people would step up to this one...
You are running with selinux enabled. That's good(ish). The bad(ish) is that you need to know a whole new layer of commands to handle the Manditory Access Controls (MAC) in addition to the Descretionary Access Controls (DAC) like "chmod" and "chown" that you are acclimated too...
as root:
[quote]setsebool -P user_ping 1[/quote]
It get alot more fun from here... Spend some google time with something like "selinux faq" or "selinux howto". It's NOT easy... A large number of people give up and disable selinux. It's better to keep it if you can work through your issues...
You are running with selinux enabled. That's good(ish). The bad(ish) is that you need to know a whole new layer of commands to handle the Manditory Access Controls (MAC) in addition to the Descretionary Access Controls (DAC) like "chmod" and "chown" that you are acclimated too...
as root:
[quote]setsebool -P user_ping 1[/quote]
It get alot more fun from here... Spend some google time with something like "selinux faq" or "selinux howto". It's NOT easy... A large number of people give up and disable selinux. It's better to keep it if you can work through your issues...
Re: ping as normal user
Thanks for your reply! Sorry, didn't get noticed about your post, so my reply comes quite late.
Point is, SELinux is not enabled in that box. So the restriction must come from somewhere else, any idea what else that could be?
Point is, SELinux is not enabled in that box. So the restriction must come from somewhere else, any idea what else that could be?
Re: ping as normal user
Then likely you "ping" does not have the correct perms with SUID root:
ls -ls `which ping`
-rwsr-xr-x 1 root root 33272 May 3 2006 /bin/ping
notice the "s" in the user perm. If that is not set, you will get strange results, also:
chmod 4755 /bin/ping
as root should fix that... unless that is STILL not the problem :lol:
ls -ls `which ping`
-rwsr-xr-x 1 root root 33272 May 3 2006 /bin/ping
notice the "s" in the user perm. If that is not set, you will get strange results, also:
chmod 4755 /bin/ping
as root should fix that... unless that is STILL not the problem :lol:
ping as normal user
Can you ping localhost?
http://groups.google.com/group/alt.os.linux.suse/browse_thread/thread/4b168ec08169d8dd/48e4bdd16709bc6d?lnk=st&q=ping%3A+icmp+open+socket%3A+Operation+not+permitted&rnum=1&hl=en#48e4bdd16709bc6d
Do you have ipv6 enabled?
because this site explains the error:
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-6.html
If not see here:
http://www.davidgoodwin.net/archives/00000003.php
http://groups.google.com/group/alt.os.linux.suse/browse_thread/thread/4b168ec08169d8dd/48e4bdd16709bc6d?lnk=st&q=ping%3A+icmp+open+socket%3A+Operation+not+permitted&rnum=1&hl=en#48e4bdd16709bc6d
Do you have ipv6 enabled?
because this site explains the error:
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-6.html
If not see here:
http://www.davidgoodwin.net/archives/00000003.php