Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] ping: socket: Operation not permitted (Read 66468 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] ping: socket: Operation not permitted

Hello, today I was trying to troubleshoot a network problem and I realised that ping now requires root to be executed.

Code: [Select]
ping www.google.com
ping: socket: Operation not permitted

Code: [Select]
sudo ping www.google.com
PING www.google.com (216.58.201.164) 56(84) bytes of data.
64 bytes from mad08s06-in-f4.1e100.net (216.58.201.164): icmp_seq=1 ttl=115 time=22.9 ms
64 bytes from mad08s06-in-f4.1e100.net (216.58.201.164): icmp_seq=2 ttl=115 time=12.2 ms

I checked this and it solves the problem but I don't know if this should be fixed from installation. I normally update every day so I don't know when exactly happened.

The command I used to solve the issue:


Code: [Select]
sysctl -w net.ipv4.ping_group_range="0 1000"

Best regards.
Artix Linux Colombia

Re: ping: socket: Operation not permitted

Reply #1
thanks for report, we will fix it soon as possible.

your solution is right!


Re: ping: socket: Operation not permitted

Reply #2
It's the new iputils package upgrade:
downgrading package iputils (20200821-1 => 20190709-3)
The old package had /usr/bin/ping as black text with a red background which meant ca=30;41 (capability set, it wasn't setuid) but probably the sysctl way is the new better way as you suggest.

Re: ping: socket: Operation not permitted

Reply #3
It's the new iputils package upgrade:
downgrading package iputils (20200821-1 => 20190709-3)
The old package had /usr/bin/ping as black text with a red background which meant ca=30;41 (capability set, it wasn't setuid) but probably the sysctl way is the new better way as you suggest.
this is no solution, add sysctl -w net.ipv4.ping_group_range="0 1000" is the right way. They removed it for a reason

Re: ping: socket: Operation not permitted

Reply #4
Here's another way I found:
sysctl.d change

Code: [Select]
# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
#   #define GID_T_MAX (((gid_t)~0U) >> 1)
-net.ipv4.ping_group_range = 0 2147483647

I put that in /etc/sysctl.d/local.conf then ran sysctl -p /etc/sysctl.d/local.conf to load it. Hopefully it will now persist over reboots.
Apparently the - at the start of the line is important sometimes. That config ships with some alternative init.


Re: ping: socket: Operation not permitted

Reply #6
0 - 1000 might not work for everyone if there were multiple users, the first user is 1000 and the next 1001 by default. The number is a range of permitted gid's  and $ getent group or  /etc/group shows what is assigned.

Re: ping: socket: Operation not permitted

Reply #7
What I did was:

Code: [Select]
sudo setcap 'cap_net_admin,cap_net_raw+ep' $(which ping)

without knowing exactly what I was doing, but it worked.

Re: ping: socket: Operation not permitted

Reply #8
0 - 1000 might not work for everyone if there were multiple users, the first user is 1000 and the next 1001 by default. The number is a range of permitted gid's  and $ getent group or  /etc/group shows what is assigned.
So change it to 65565 ;D



 

Re: [SOLVED] ping: socket: Operation not permitted

Reply #11
Is it better to wait a new package update or fix it by myself?