On Wed, Sep 27, 2023 at 11:46:07AM -0700, Mike Wright wrote: > Hi everybody, > > I have no idea how I got in this mess, but I've lost the ability to use ping > as a regular user. sudo still works. > > Nothing in lsattr, regular perms are 755 no suid. > > ping: socktype: SOCK_RAW > ping: socket: Operation not permitted > ping: => missing cap_net_raw+p capability or setuid? > > Any help? Especially ideas on how I managed to do this? What fedora version is this? ping used to use 'capabilities' to give itself the needed permssions to send things to the network. capabilities are pretty rough grained. ie, the 'cap_net_raw' lets you do a lot of things with network (more than ping really needs to work). Any currently supported fedora tho should no longer be using capabilities for ping instead it's using a change to kernel config to allow ports by ping. From f31: https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange So, check: grep ping_group_range /usr/lib/sysctl.d/*.conf (which should be: /usr/lib/sysctl.d/50-default.conf:-net.ipv4.ping_group_range = 0 2147483647 ) kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
