Re: make ping executable by normal users?

On Wed, Jun 08, 2016 at 02:44:52PM +0100, Ben Hutchings wrote: > [...] see bug #770492. Truly amazing! For "ping", it would be like this: $ /sbin/getcap /bin/ping /bin/ping = cap_net_raw+ep $ chown root:root /bin/ping chown: changing ownership of '/bin/ping': Operation not permitted $

Re: make ping executable by normal users?

On Tue, 2016-06-07 at 14:56 -0800, Britton Kerin wrote: > On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote: > > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: > > > On my old debian system I could ping as a normal user.  The ping > > > binary had the suid bit

Re: make ping executable by normal users?

On Tue, Jun 07, 2016 at 02:56:11PM -0800, Britton Kerin wrote: > On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote: > > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: > >> On my old debian system I could ping as a normal user. The ping > >> binary had the suid

Re: make ping executable by normal users?

On Tue, Jun 07, 2016 at 02:56:11PM -0800, Britton Kerin wrote: > How, just by executing dpkg-reconfigure, did I tell it this is what > I wanted? If that's the default, why wasn't it that way to begin with? AFAIK, the tar file format, on which the .deb package format is based, does not allow for

Re: make ping executable by normal users?

On Tue 07 Jun 2016 at 14:56:11 (-0800), Britton Kerin wrote: > On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote: > > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: > >> On my old debian system I could ping as a normal user. The ping > >> binary had the suid

Re: make ping executable by normal users?

On Thu, Jun 2, 2016 at 2:33 PM, Santiago Vila wrote: > On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: >> On my old debian system I could ping as a normal user. The ping >> binary had the suid bit set. Now I get: >> >> $ ping www.google.com >> ping: icmp

Re: make ping executable by normal users?

Le decadi 20 prairial, an CCXXIV, Reco a écrit : > Yes, and "aptitude search '~nping'" shows 41 result for me (42 actually > if you count busybox). > I'm somewhat lazy to test each and every implementation of ping to check > which one fails in 'icmp open socket' instead of 'sendmsg'. > > So, my

Re: make ping executable by normal users?

On Mon, Jun 06, 2016 at 11:29:52AM -0500, David Wright wrote: > On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote: > > On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote: > > > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > > > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago

Re: make ping executable by normal users?

Dnia 2016-06-06, pon o godzinie 14:04 -0500, David Wright pisze: > On Mon 06 Jun 2016 at 19:50:55 (+0200), Norbert Kiszka wrote: > > 1. Did You tried another kernel? If not, maybe try from backports for first. > > > > 2. iptable_filter 12488 0 > > > ip_tables 16975 1

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 19:50:55 (+0200), Norbert Kiszka wrote: > 1. Did You tried another kernel? If not, maybe try from backports for first. > > 2. iptable_filter 12488 0 > > ip_tables 16975 1 iptable_filter > > Little suspicious for me. What needs this modules when you

Re: make ping executable by normal users?

Dnia 2016-06-06, pon o godzinie 12:00 -0500, David Wright pisze: > On Mon 06 Jun 2016 at 18:38:55 (+0200), Norbert Kiszka wrote: > > Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze: > > > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote: > > > > Dnia 2016-06-06, pon o

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 18:38:55 (+0200), Norbert Kiszka wrote: > Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze: > > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote: > > > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze: > > > > On Mon 06 Jun 2016 at

Re: make ping executable by normal users?

Dnia 2016-06-06, pon o godzinie 11:26 -0500, David Wright pisze: > On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote: > > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze: > > > On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote: > > > > On Mon, 6 Jun 2016 at

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 19:26:04 (+0300), Reco wrote: > On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote: > > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 18:11:27 (+0200), Norbert Kiszka wrote: > Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze: > > On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote: > > > On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote: > > > > > > > On Mon, Jun 06,

Re: make ping executable by normal users?

On Mon, Jun 06, 2016 at 11:14:11AM -0500, David Wright wrote: > On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > > Check your firewall rules. > > > > > >

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote: > On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > Check your firewall rules. > > > > It can't be firewall rules. Try this to block outgoing ping: > > > >

Re: make ping executable by normal users?

Dnia 2016-06-06, pon o godzinie 11:00 -0500, David Wright pisze: > On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote: > > On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote: > > > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > > Check your

Re: make ping executable by normal users?

On Mon 06 Jun 2016 at 15:27:16 (+), Mark Fletcher wrote: > On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote: > > > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > > Check your firewall rules. > > > > It can't be firewall rules. Try this to block outgoing

Re: make ping executable by normal users?

On Mon, Jun 06, 2016 at 03:27:16PM +, Mark Fletcher wrote: > you definitely can get this very error due to something to do with > the firewall, Well, you can get this very error if you follow the steps I explained here:

Re: make ping executable by normal users?

Hi. On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote: > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > Check your firewall rules. > > It can't be firewall rules. Try this to block outgoing ping: > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j

Re: make ping executable by normal users?

On Mon, 6 Jun 2016 at 23:15, Santiago Vila wrote: > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > > Check your firewall rules. > > It can't be firewall rules. Try this to block outgoing ping: > > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT > >

Re: make ping executable by normal users?

On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote: > Check your firewall rules. It can't be firewall rules. Try this to block outgoing ping: iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT then try to ping anywhere. You will get a different error message, namely

Re: make ping executable by normal users?

Dnia 2016-06-06, pon o godzinie 10:06 +1200, Jan Bakuwel pisze: > Hi Britton, > > On 03/06/16 09:56, Britton Kerin wrote: > > On my old debian system I could ping as a normal user. The ping > > binary had the suid bit set. Now I get: > > > > $ ping www.google.com > > ping: icmp open

Re: make ping executable by normal users?

Hi Britton, On 03/06/16 09:56, Britton Kerin wrote: > On my old debian system I could ping as a normal user. The ping > binary had the suid bit set. Now I get: > > $ ping www.google.com > ping: icmp open socket: Operation not permitted > 2 $ > > presumably because the bit isn't set.

Re: make ping executable by normal users?

On Fri, 3 Jun 2016 at 06:56, Britton Kerin wrote: > On my old debian system I could ping as a normal user. The ping > binary had the suid bit set. Now I get: > > $ ping www.google.com > ping: icmp open socket: Operation not permitted > 2 $ > > presumably

Re: make ping executable by normal users?

On Thu, Jun 02, 2016 at 11:28:40PM +0100, Lisi Reisz wrote: > So far as I can see, ping IS executable by normal users. But then I have > only > got Wheezy and Jessie. Are you using Stretch or Sid?? This is not really new in stretch. You can experiment this funny effect in jessie as well. Try

Re: make ping executable by normal users?

On Thu, Jun 02, 2016 at 01:56:08PM -0800, Britton Kerin wrote: > On my old debian system I could ping as a normal user. The ping > binary had the suid bit set. Now I get: > > $ ping www.google.com > ping: icmp open socket: Operation not permitted > 2 $ > > presumably because the

Re: make ping executable by normal users?

On Thursday 02 June 2016 22:56:08 Britton Kerin wrote: > On my old debian system I could ping as a normal user. The ping > binary had the suid bit set. Now I get: > > $ ping www.google.com > ping: icmp open socket: Operation not permitted > 2 $ > > presumably because the bit isn't

make ping executable by normal users?

On my old debian system I could ping as a normal user. The ping binary had the suid bit set. Now I get: $ ping www.google.com ping: icmp open socket: Operation not permitted 2 $ presumably because the bit isn't set. What's the right fix? I could setuid it but then if I understand