-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/10/2012 10:13 AM, don fisher wrote: > On 02/10/12 13:07, Rick Stevens wrote: >> On 02/10/2012 11:19 AM, Kevin Martin wrote: >>> >>> >>> On 02/10/2012 08:10 AM, don fisher wrote: >>>> On 02/10/12 11:15, Rick Stevens wrote: >>>>> On 02/10/2012 05:08 AM, don fisher wrote: >>>>>> On 02/10/12 08:17, Kevin Martin wrote: >>>>>>> >>>>>>> >>>>>>> On 02/09/2012 03:20 PM, don fisher wrote: >>>>>>>> Sorry to be back again. My mail and browser work, and >>>>>>>> I can ping as root. When I try to ping as a user I >>>>>>>> get: >>>>>>>> >>>>>>>> ping: icmp open socket: Operation not permitted >>>>>>>> >>>>>>>> There is probably a group that I need to add to my >>>>>>>> profile, but it was not obvious to me. Suggestions >>>>>>>> welcome. Is there a way to add groups to my account >>>>>>>> without using system-config-users? >>>>>>>> >>>>>>>> Where are these things documented? >>>>>>>> >>>>>>>> Thanks, Don >>>>>>> >>>>>>> Don, what are the permissions on /bin/ping (ls -al >>>>>>> /bin/ping)? Mine are set to 755 (-rwxr-xr-x) and ping >>>>>>> works for me as non-root. >>>>>>> >>>>>>> Kevin >>>>>> Yesterday I built a new system on another disk that >>>>>> allows ping to work as expected. My system crashed once,o >>>>>> a few thing must have been "disturbed". I was trying to >>>>>> figure out how t repair it. >>>>> >>>>> Smells like an selinux thing. Check your logs to see if >>>>> you're getting AVC denials. If so, you may need to >>>>> relabel. >>>> Rick, Where are the seliunx messages logged? I looked in >>>> /var/log/secure and the only thing I saw was a notice of when >>>> I used sudo to test ping. What would I need to relabel? I am >>>> a dunce on security issues. >> >> They'd be in /var/log/messages if that's what's happening. You >> can "touch /.autorelabel" to force a full autorelabel on reboot. >> That can take some time. >> ---------------------------------------------------------------------- >> >> - - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - >> - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - We are >> born naked, wet and hungry. Then things get worse. - >> ---------------------------------------------------------------------- > >> Thanks. I tried that as you had mentioned it yesterday. I tried a new > version 3.2.3-2 of the kernel, but it will not handle my radeon > chip set. Still at 3.1.9-1. All I touch appears broken:-( > > Don I doubt this is SELinux related. If ping works as root and does not as non root, I would suspect this has to do with capabilities. getcap /bin/ping /bin/ping = cap_net_raw+ep ls -l /bin/ping - -rwxr-xr-x. 1 root root 40840 Nov 10 04:32 /bin/ping Ping needs the cap_net_raw capability to work, meaning it is allowed to send raw packets on the network. Either it needs to be setuid or use file capabilities. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk85HcMACgkQrlYvE4MpobNH8ACfcQeF86fy1sRYRn7HK7TNc1DY wRUAoJz2jb0OQC/AU1zjpC70hnlzUpqb =43Tx -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org