Artix Linux Forum

Hello, today I was trying to troubleshoot a network problem and I realised that ping now requires root to be executed.

ping www.google.com
ping: socket: Operation not permitted

sudo ping www.google.com
PING www.google.com (216.58.201.164) 56(84) bytes of data.
64 bytes from mad08s06-in-f4.1e100.net (216.58.201.164): icmp_seq=1 ttl=115 time=22.9 ms
64 bytes from mad08s06-in-f4.1e100.net (216.58.201.164): icmp_seq=2 ttl=115 time=12.2 ms

I checked this (https://github.com/MichaIng/DietPi/issues/1012) and it solves the problem but I don't know if this should be fixed from installation. I normally update every day so I don't know when exactly happened.

The command I used to solve the issue:

sysctl -w net.ipv4.ping_group_range="0 1000"

Best regards.

thanks for report, we will fix it soon as possible.

your solution is right!

It's the new iputils package upgrade:
downgrading package iputils (20200821-1 => 20190709-3)
The old package had /usr/bin/ping as black text with a red background which meant ca=30;41 (capability set, it wasn't setuid) but probably the sysctl way is the new better way as you suggest.

this is no solution, add sysctl -w net.ipv4.ping_group_range="0 1000" is the right way. They removed it for a reason

Here's another way I found:
sysctl.d change (https://github.com/systemd/systemd/commit/6304fec37cdd3a892ec22b1358b0b4b31f58f84c)

# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
#   #define GID_T_MAX (((gid_t)~0U) >> 1)
-net.ipv4.ping_group_range = 0 2147483647

I put that in /etc/sysctl.d/local.conf then ran sysctl -p /etc/sysctl.d/local.conf to load it. Hopefully it will now persist over reboots.
Apparently the - at the start of the line is important sometimes. That config ships with some alternative init.

https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange

0 - 1000 might not work for everyone if there were multiple users, the first user is 1000 and the next 1001 by default. The number is a range of permitted gid's  and $ getent group or  /etc/group shows what is assigned.

What I did was:

sudo setcap 'cap_net_admin,cap_net_raw+ep' $(which ping)

without knowing exactly what I was doing, but it worked.

So change it to 65565 ;D

That exactly was removed... Nice, that you not know, that you doing  8)

This is fixed with openrc-0.42.1-16 in gremlins, which has an updated sysctl.conf.
The alpm hook takes care of this.

Is it better to wait a new package update or fix it by myself?