Re: make ping executable by normal users?
Dnia 2016-06-06, pon o godzinie 12:00 -0500, David Wright pisze:
> On Mon 06 Jun 2016 at 18:38:55 (+0200), Norbert Kiszka wrote:
> > Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze:
> > > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote:
> > > > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze:
> > > > > On Mon 06 Jun 2016 at 15:27:16 (+0000), Mark Fletcher wrote:
> > > > > > On Mon, 6 Jun 2016 at 23:15, Santiago Vila <sanvila@unex.es> wrote:
> > > > > >
> > > > > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > > > > > > Check your firewall rules.
> > > > > > >
> > > > > > > It can't be firewall rules. Try this to block outgoing ping:
> > > > > > >
> > > > > > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
> > > > > > >
> > > > > > > then try to ping anywhere. You will get a different error message,
> > > > > > > namely "Destination Port Unreachable".
> > > > > > >
> > > > > > > [ Why people do not read all messages in the thread before answering
> > > > > > > is a mystery to me ].
> > > > >
> > > > > > No, that's not true, you definitely can get this very error due to
> > > > > > something to do with the firewall, maybe it's not able to resolve the ping
> > > > > > target rather than not able to reach the resulting host, I'm damned if I
> > > > > > can remember the specifics but I've definitely seen this happen on an lfs
> > > > > > box before and it was nothing to do with perms (as I said before, to your
> > > > > > point about people not reading the whole thread...)
> > > > >
> > > > > I don't understand this argument.
> > > > >
> > > > > Why would ping bother to open a socket to a host it couldn't resolve?
> > > > >
> > > > > I know precious little about firewall rules, but AIUI the rules
> > > > > determine whether to respond with things like Drop, Reject, Deny.
> > > > > Now the OP didn't manage to open a socket; that's in the error message:
> > > > > "ping: icmp open socket: Operation not permitted"
> > > > > So how would ping find out how the firewall was going to react to its
> > > > > ping message without opening a socket to send something?
> > > >
> > > > Did You change linux kernel, kernel modules or something lastly?
> > >
> > > I now know even less about what you're talking about. I don't have a
> > > problem. I have easily duplicated the OP's error message in the
> > > following way:
> > >
> > > $ cp -ip /bin/ping /tmp
> > > $ /tmp/ping alum.local
> > > ping: icmp open socket: Operation not permitted
> > > $ /sbin/getcap /tmp/ping
> > > $ /sbin/getcap /bin/ping
> > > /bin/ping = cap_net_raw+ep
> > > $
> > >
> > > That's jessie. On wheezy:
> > >
> > > $ ls -l /bin/ping /tmp/ping
> > > -rwsr-xr-x 1 root root 31104 Apr 12 2011 /bin/ping
> > > -rwxr-xr-x 1 david david 31104 Apr 12 2011 /tmp/ping
> >
> > Show output of those commands:
> >
> > # iptables -L
> > # lsmod
> > $ uname -a
> > $ cat /etc/issue
>
> Gladly, though I think you're taking an unhealthy interest in *my* machine.
>
> # /sbin/iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> #
>
> Bear in mind that I rebooted after making the change posted in this thread,
> so that change is lost.
>
> $ lsmod
> Module Size Used by
> iptable_filter 12488 0
> ip_tables 16975 1 iptable_filter
> x_tables 17978 2 ip_tables,iptable_filter
> ctr 12807 2
> ccm 17361 2
> snd_hrtimer 12540 1
> snd_seq_midi 12744 0
> snd_seq_midi_event 13124 1 snd_seq_midi
> snd_rawmidi 22372 1 snd_seq_midi
> snd_seq 51562 3 snd_seq_midi_event,snd_seq_midi
> snd_seq_device 12980 3 snd_seq,snd_rawmidi,snd_seq_midi
> bnep 17184 2
> cpufreq_powersave 12422 0
> cpufreq_userspace 12477 0
> cpufreq_conservative 13872 0
> cpufreq_stats 12694 0
> nfsd 236959 2
> auth_rpcgss 45765 1 nfsd
> oid_registry 12387 1 auth_rpcgss
> nfs_acl 12463 1 nfsd
> nfs 168022 0
> lockd 73443 2 nfs,nfsd
> fscache 44782 1 nfs
> sunrpc 211341 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
> joydev 16847 0
> ecb 12649 1
> btusb 25417 0
> bluetooth 340064 21 bnep,btusb
> 6lowpan_iphc 16548 1 bluetooth
> iTCO_wdt 12727 0
> iTCO_vendor_support 12585 1 iTCO_wdt
> snd_hda_codec_idt 48266 1
> snd_hda_codec_generic 58021 2 snd_hda_codec_idt
> arc4 12480 2
> dell_wmi 12437 0
> sparse_keymap 12730 1 dell_wmi
> tg3 154678 0
> iwl3945 53405 0
> iwlegacy 53921 1 iwl3945
> mac80211 425575 2 iwl3945,iwlegacy
> snd_hda_intel 26023 0
> ptp 17462 1 tg3
> coretemp 12708 0
> pps_core 17080 1 ptp
> libphy 27468 1 tg3
> snd_hda_controller 26262 1 snd_hda_intel
> sdhci_pci 17697 0
> snd_hda_codec 93797 4 snd_hda_codec_idt,snd_hda_codec_generic,snd_hda_intel,snd_hda_controller
> cfg80211 350041 3 iwl3945,iwlegacy,mac80211
> sdhci 34721 1 sdhci_pci
> kvm 330411 0
> pcmcia 44245 0
> dell_laptop 16941 0
> mmc_core 91803 2 sdhci,sdhci_pci
> yenta_socket 38561 0
> snd_hwdep 12906 1 snd_hda_codec
> rfkill 18387 5 cfg80211,bluetooth,dell_laptop
> psmouse 93505 0
> snd_pcm_oss 44124 0
> firewire_ohci 34856 0
> dcdbas 13087 1 dell_laptop
> pcmcia_rsrc 17292 1 yenta_socket
> sg 25573 0
> i2c_i801 16845 0
> serio_raw 12737 0
> snd_mixer_oss 21822 1 snd_pcm_oss
> lpc_ich 16616 0
> mfd_core 12537 1 lpc_ich
> pcmcia_core 18024 3 pcmcia,pcmcia_rsrc,yenta_socket
> uhci_hcd 38948 0
> snd_pcm 78128 4 snd_pcm_oss,snd_hda_codec,snd_hda_intel,snd_hda_controller
> shpchp 30673 0
> ehci_pci 12464 0
> tpm_tis 17063 0
> snd_timer 26105 3 snd_hrtimer,snd_pcm,snd_seq
> snd 55101 13 snd_pcm_oss,snd_hwdep,snd_timer,snd_hda_codec_idt,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel,snd_seq_device,snd_mixer_oss
> rng_core 12645 0
> ehci_hcd 64933 1 ehci_pci
> tpm 26879 1 tpm_tis
> usbcore 171098 4 btusb,uhci_hcd,ehci_hcd,ehci_pci
> usb_common 12408 1 usbcore
> soundcore 12890 2 snd,snd_hda_codec
> wmi 17147 1 dell_wmi
> evdev 17136 4
> battery 13164 0
> ac 12627 0
> acpi_cpufreq 17050 0
> processor 27590 3 acpi_cpufreq
> binfmt_misc 12733 1
> loop 21987 0
> firewire_sbp2 17533 0
> firewire_core 51113 2 firewire_ohci,firewire_sbp2
> crc_itu_t 12331 1 firewire_core
> fuse 77496 1
> parport_pc 26004 0
> ppdev 16686 0
> lp 12766 0
> parport 35213 3 lp,ppdev,parport_pc
> autofs4 34865 2
> ext4 438464 3
> crc16 12327 2 ext4,bluetooth
> mbcache 17027 1 ext4
> jbd2 72964 1 ext4
> sd_mod 43684 5
> crc_t10dif 12399 1 sd_mod
> crct10dif_generic 12517 1
> crct10dif_common 12340 2 crct10dif_generic,crc_t10dif
> ata_generic 12450 0
> ata_piix 29371 4
> libata 161908 2 ata_generic,ata_piix
> scsi_mod 164132 4 sg,libata,sd_mod,firewire_sbp2
> i915 762655 1
> i2c_algo_bit 12647 1 i915
> drm_kms_helper 44450 1 i915
> video 17763 1 i915
> thermal 17343 0
> button 12824 1 i915
> drm 207686 3 i915,drm_kms_helper
> i2c_core 36838 5 drm,i915,i2c_i801,drm_kms_helper,i2c_algo_bit
> thermal_sys 27122 3 video,thermal,processor
> $
>
> Why root?
>
> $ uname -a
> Linux west 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) i686 GNU/Linux
> $ cat /etc/issue
> Debian GNU/Linux 8 \n \l
>
> $
>
> I don't think you'll learn much from that lot, but happy to oblige.
>
> Cheers,
> David.
>
1. Did You tried another kernel? If not, maybe try from backports for first.
2. iptable_filter 12488 0
> ip_tables 16975 1 iptable_filter
Little suspicious for me. What needs this modules when you have default "no rules"?
BTW. You are using wifi currently? Ping to localhost doesnt works too?
Reply to: