ping as normal user

Issues related to configuring your network
Post Reply
fidel
Posts: 2
Joined: 2007/01/18 09:49:30

ping as normal user

Post by fidel » 2007/01/18 10:22:58

[code]# ping www.google.ch
ping: icmp open socket: Operation not permitted
[/code]
Is there a way to allow normal users commands like "ping", "traceroute" etc? Do those users need to belong to a certain group (which one)?
Thanks in advance!
Greets
fidel

pjwelsh
Posts: 2629
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: ping as normal user

Post by pjwelsh » 2007/01/18 16:23:47

I was hoping one of the better selinux people would step up to this one...

You are running with selinux enabled. That's good(ish). The bad(ish) is that you need to know a whole new layer of commands to handle the Manditory Access Controls (MAC) in addition to the Descretionary Access Controls (DAC) like "chmod" and "chown" that you are acclimated too...

as root:
[quote]setsebool -P user_ping 1[/quote]

It get alot more fun from here... Spend some google time with something like "selinux faq" or "selinux howto". It's NOT easy... A large number of people give up and disable selinux. It's better to keep it if you can work through your issues...

fidel
Posts: 2
Joined: 2007/01/18 09:49:30

Re: ping as normal user

Post by fidel » 2007/01/30 08:07:01

Thanks for your reply! Sorry, didn't get noticed about your post, so my reply comes quite late.
Point is, SELinux is not enabled in that box. So the restriction must come from somewhere else, any idea what else that could be?

pjwelsh
Posts: 2629
Joined: 2007/01/07 02:18:02
Location: Central IL USA

Re: ping as normal user

Post by pjwelsh » 2007/01/30 16:12:27

Then likely you "ping" does not have the correct perms with SUID root:

ls -ls `which ping`
-rwsr-xr-x 1 root root 33272 May 3 2006 /bin/ping

notice the "s" in the user perm. If that is not set, you will get strange results, also:

chmod 4755 /bin/ping

as root should fix that... unless that is STILL not the problem :lol:

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

ping as normal user

Post by foxb » 2007/01/30 16:54:15

Can you ping localhost?
http://groups.google.com/group/alt.os.linux.suse/browse_thread/thread/4b168ec08169d8dd/48e4bdd16709bc6d?lnk=st&q=ping%3A+icmp+open+socket%3A+Operation+not+permitted&rnum=1&hl=en#48e4bdd16709bc6d

Do you have ipv6 enabled?

because this site explains the error:
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-6.html

If not see here:
http://www.davidgoodwin.net/archives/00000003.php

Post Reply

Return to “CentOS 4 - Networking Support”