Re: make ping executable by normal users?

To: debian-user@lists.debian.org
Subject: Re: make ping executable by normal users?
From: Reco <recoverym4n@gmail.com>
Date: Mon, 6 Jun 2016 18:47:30 +0300
Message-id: <[🔎] 20160606154727.GA9110@e1030>
In-reply-to: <[🔎] 20160606135747.GA24375@cantor.unex.es>
References: <[🔎] CAC4O8c8KergF4GGpz4RbHKcP7jU2zefCeLL4opL=CG0LVfSoBA@mail.gmail.com> <[🔎] 5754A27E.1020802@omiha.com> <[🔎] 20160606135747.GA24375@cantor.unex.es>

	Hi.

On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > Check your firewall rules.
> 
> It can't be firewall rules. Try this to block outgoing ping:
> 
> iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
> 
> then try to ping anywhere. You will get a different error message,
> namely "Destination Port Unreachable".

But if you transform the rule in question a little, like this:

iptables -I OUTPUT -p icmp --icmp-type echo-request \
	-j REJECT --reject-with icmp-admin-prohibited

ping will respond with 'Operation not permitted'. An exact wording of the
message seems to depend on actual ping implementation.

So, checking firewall rules is a valid advice. It's just this particular
problem happens due to lack of file capabilities.

Reco

Reply to:

Follow-Ups:
- Re: make ping executable by normal users?
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- make ping executable by normal users?
  - From: Britton Kerin <britton.kerin@gmail.com>
- Re: make ping executable by normal users?
  - From: Jan Bakuwel <jan.bakuwel@omiha.com>
- Re: make ping executable by normal users?
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: June 2016
Next by Date: Re: libreCAD, can't find help docs
Previous by thread: Re: make ping executable by normal users?
Next by thread: Re: make ping executable by normal users?
Index(es):
- Date
- Thread