ping
March 4, 2017 — 16:01

Author: silver  Category: linux  Comments: 0

When trying to ping as non root user you might get the following error:

ping: icmp open socket: Operation not permitted

There are several ways to fix this:

reinstall pkg (debian):

$ sudo apt-get install --reinstall iputils-ping

(sets cap)

manually set cap:

$ sudo setcap cap_net_raw+ep /bin/ping
$ sudo setcap cap_net_raw+ep /bin/ping6
$ sudo getcap /bin/ping
$ sudo getcap /bin/ping6

needs kernel config:
CONFIG_EXT4_FS_SECURITY=y


dont use SOCK_RAW:

socket(PF_INET, SOCK_DGRAM, PROT_ICMP)

$ cat /proc/sys/net/ipv4/ping_group_range
$ sysctl net.ipv4.ping_group_range
  • “1 0” default, nobody except root
  • “100 100” single group
  • “0 2147483647” everyone (max gid)
$ sysctl net.ipv4.ping_group_range = "0 2147483647"


/etc/sysctl.d/local.conf
net.ipv4.ping_group_range=0 2147483647


suid:

chmod +s /usr/ping
chmod +s /usr/ping6

Leave a Reply