On further inspection, just wrapping it all in a script doesn’t work. The calling program or user must be effectively root (or root) so a simple script won’t work (as that is really just using the shell pgrogram to launch further commands). You’d have to call the perl program from a user who has an effective ID of 0, set the SETUID bit on the perl pgm and change it’s owner to root (Danger Danger, bad idea) or build a custom binary to do it. OR, just have perl script call the existing ping binary which should already have the appropriate permissions set up. You can also use a TCP type ping, but I suspect that might not have the same effect. TCP sockets do not require root permissions.
On Oct 29, 2015, at 10:17 AM, Bigendian Smalls <[email protected]<mailto:[email protected]>> wrote: hey Venkat - Pinging (even /bin/ping) requires root (if you look at it on a UNIX / linux machine it is almost always a SETUID binary, executing with root privelidges) privileges. The perl version is no different (same underlying reasons - opening a socket in raw mode is a high privilege operation). I suspect the maintenance you applied did one of a couple things: removed a setuid privilege from a binary or script you used to run ping with your code changed to use icmp instead of tcp (tcp sockets do not require root, but the ping is not the same as an icmp ping) Like the former - the perl5.6 pgm was a setuid (sticky bit set so the pgm ran as root user). Adding it back will fix this problem but (big but) -> This is a scary prospect, as then any script run by perl would be run with root privileges and I really don’t think you want that. You can also just package the script / perl up to run inside another script which can be owned by root and have it’s SETUID bit set, this may also work. But essentially the calling program must have effective root privileges in order to icmp ping. If you google “perl icmp requires root privilege” you’ll see lots of solutions as this isn’t a z/os specific issue, but one of UNIX/linux permissions. Chad On Oct 29, 2015, at 6:51 AM, venkat kulkarni <[email protected]<mailto:[email protected]><mailto:[email protected]>> wrote: Hello All, We applied maintenance few months back and all went well. But when we started looking at icmp then we are getting below issues. SYS01:/u/venka> /usr/local/bin/perl5.6 -e 'use Net::Ping; $p=Net::Ping->new("icmp", 2) or die bye; print "$ARGV[0] is alive \n" if $p->ping($ARGV[0]); $p->close;' sys01 icmp ping requires root privilege at -e line 1 icmp ping requires root privilege at /usr/local/nde/ade/bin/perl/ADE_Label_Utils.pm line 338 I am not able to find solution for this issue and where and to whom we need to give root privilege. Regards Venkat ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]><mailto:[email protected]> with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]> with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
