F15 ping must run as root?
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 14 15:55:30 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/14/2011 11:23 AM, Panu Matilainen wrote:
> On 03/14/2011 01:49 PM, Jon Stanley wrote:
>> On Mon, Mar 14, 2011 at 7:40 AM, Joachim Backes
>> <joachim.backes at rhrk.uni-kl.de> wrote:
>>
>>> I saw that in F15 ping must be started with root rights, otherwhise I get:
>>>
>>> ping: icmp open socket: Operation not permitted
>>
>> Ping has *always* needed root privs, it generally gets them by being
>> suid root. Don't have an F15 box here handy to look, but I'm
>> suspecting that either it somehow isn't suid root, or something else
>> is preventing suid from working (no suid mount option? SELinux?)
>
> In F15, capabilities are used instead of suid root (see
> http://fedoraproject.org/wiki/Features/RemoveSETUID):
>
> [pmatilai at turre ~]$ ls -l /bin/ping
> -rwxr-xr-x. 1 root root 40840 Feb 9 18:00 /bin/ping
> [pmatilai at turre ~]$ getcap /bin/ping
> /bin/ping = cap_net_raw+ep
>
> As for the actual problem: are you using a custom-built kernel? That's
> one possible reason for lacking capability support.
>
> - Panu -
Yes if you are using a kernel that does not support file capabilities,
then you would have to chmod 4755 /bin/ping
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1+OnIACgkQrlYvE4MpobNmWACfa5Q26+aojvT2QkQG0qtQ3KVZ
V7AAoKAaOiPaI8gMIXsEb6DR+Bh5uKvc
=vPXU
-----END PGP SIGNATURE-----
More information about the test
mailing list