[TriLUG] icmp as non-root (on Mandrake)
Jon Carnes
jonc at nc.rr.com
Tue Sep 28 00:15:46 EDT 2004
On Mon, 2004-09-27 at 16:45, Michael Hrivnak wrote:
> I'm trying to run pingplotter in wine under Mandrake 10, but I get this error:
>
> "WARNING: Trying to use ICMP (network ping) will fail unless running as root"
>
> I found some stuff in /etc/sysctl.conf that talks about disabling icmp, but
> it's all turned off. I also found some info about /etc/security/msec, but I
> don't really understand it. Anyway, how can I alow a user to use icmp?
>
> Also, if you can suggest a linux alternative to pingplotter, that would be
> cool too!
>
> Thanks,
>
> Michael
A most excellent question! I looked in "man ping" and found this nugget:
SECURITY
ping requires CAP_NET_RAWIO capability to be executed.
It may be used as set-uid root.
That might prove a bit useful.
... and indeed if you look on systems where ping works:
$ ls -l /bin |grep ping
-rwsr-xr-x 1 root root 28628 Jan 24 2003 ping
... and on Mandrake 10:
# ls -l /bin |grep ping
-rwsr-xr-x 1 root root 22456 Jul 10 2003 fping*
-rwxr-x--- 1 root ntools 30860 Jul 28 2003 ping*
Interesting... Note that "fping" is set-uid root while ping will only
work if you *are* root. Fping works fine as a user
If you want ping to work as a user then:
chmod u+s /bin/ping
Of course I'm betting that MSEC will change it back unless you edit the
file: /usr/share/msec/perm.<msec level>
Or you could copy /bin/ping to your personal /bin directory and then
set-uid on that copy. That would by-pass MSEC and just make ping
available to you as a user.
Interesting problem.
Take care - Jon Carnes
More information about the TriLUG
mailing list