Hi all,
please find the current state of my attempts at running the
ping-localhost.sh test without requiring root privileges.
When using the Linux kernel, ping can use the CAP_NET_RAW capability
instead of root privileges. Similarly to the suid file permission bit,
capabilities can be given to executables. I plan to look into checking
for capabilities instead of root privileges, in a later version of this.
Br,
Erik
---
diff --git a/tests/ping-localhost.sh b/tests/ping-localhost.sh
index 65802810..9920850f 100755
--- a/tests/ping-localhost.sh
+++ b/tests/ping-localhost.sh
@@ -21,7 +21,7 @@
#
# * Shell: SVR3 Bourne shell, or newer.
#
-# * id(1).
+# * cut(1), id(1), uname(1).
. ./tools.sh
@@ -56,11 +56,34 @@ if test "$TEST_IPV4" = "no" && test "$TEST_IPV6" = "no";
then
exit 77
fi
-if test `func_id_uid` != 0; then
- echo "ping needs to run as root"
+have_privs="no"
+test `func_id_uid` = 0 && have_privs="yes"
+
+need_privs="yes"
+PING_GROUP_RANGE=/proc/sys/net/ipv4/ping_group_range
+if test `uname -s` = "Linux" && test -f "$PING_GROUP_RANGE"
+then
+ low=`cut -f1 "$PING_GROUP_RANGE"`
+ high=`cut -f2 "$PING_GROUP_RANGE"`
+ for grp_id in `id -G`; do
+ test "$low" -le "$grp_id" && test "$high" -ge "$grp_id" &&
+ need_privs="no" && break
+ done
+fi
+
+if test "$need_privs" = "yes" && test "$have_privs" = "no"; then
+ echo >&2 "ping needs to run as root"
exit 77
fi
+# ping6 requires privileges
+test "$need_privs" = "no" && test "$have_privs" = "no" &&
+ test "$TEST_IPV6" != "no" && TEST_IPV6="no" &&
+ echo >&2 "ping6 needs to run as root, skipping IPv6 test" &&
+ test "$TEST_IPV4" = "no" &&
+ echo >&2 "Not testing IPv4 either. Skipping test." &&
+ exit 77
+
errno=0
errno2=0
