asked 2018-06-10 12:33:28 +0300
After upgrading to the latest SailfishOS 2.2.0.29 Mouhijoki, ping started to fail.
For example:
$ ping google.com
PING google.com (216.58.216.142): 56 data bytes
ping: permission denied (are you root?)
What is causing this? And how to fix it? Thanks.
answered 2018-06-11 23:52:10 +0300
Indeed the busybox ping is used now. Busybox uses stricter permission set for ping than the iputols ping that was usedin previous release.
The correct way to fix this is to add the nemo user to the "net_raw" group;
devel-su usermod -a nemo -G net_raw
Note that even though this sets the group immediately, it does not take effect until you log out of your window manager session and log back in. (this means either device reboot or killing lipstick)
You can however test that it works before booting by ssh'ing to your localhost from console and then trying to ping as nemo; now it will work because sshd forks a new user session for you and the new permissions are in force.
( And by the way as usual this was already noted, discussed and fixed in TMO exactly 9 days ago; https://talk.maemo.org/showpost.php?p=1544960&postcount=37 )
--- edit ---
Update to Nurmonjoki 2.2.1.18 reset the groups, so ping stopped working again... Solution, same as above.
All of my friends use this website and it's a great resource for questions and answers and this post is also very useful. There are few awesome tricks that help in English writing and https://womenlite.com/ is one of the best English essays repository. I was confused in this question and i am glad to read this now and it anwsered my questions.
BraydenHoutman ( 2018-11-09 15:58:30 +0300 )edit@juicemebusybox ping doesn't work on SFOS 3.2 :
$ version
Sailfish OS 3.2.1.19 (Nuuksio)
$ groups | grep net_raw
nemo lp video users lpadmin alien ssu timed oneshot system bluetooth graphics input audio camera mtp net_raw sudo
$ strace -e network busybox ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
ping: permission denied (are you root?)
+++ exited with 1 +++
$ sysctl net.ipv4.ping_group_range
net.ipv4.ping_group_range = 1 0
$ id net_raw
uid=3004(net_raw) gid=3004(net_raw) groups=3004(net_raw)
$ man icmp | sed -n '/ping_group_range/,/^$/p'
ping_group_range (two integers; default: see below; since Linux 2.6.39)
Range of the group IDs (minimum and maximum group IDs, inclu‐
sive) that are allowed to create ICMP Echo sockets. The default
is "1 0", which means no group is allowed to create ICMP Echo
sockets.
$ sudo sysctl -w net.ipv4.ping_group_range="0 $(id -g net_raw)"
net.ipv4.ping_group_range = 0 3004
$ busybox ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: permission denied (are you root?)
What values should I set net.ipv4.ping_group_range for busybox ping ?
@BraydenHoutman, it works for me. (altough I am using 3.3.0.16 Rokua but that should not matter.)
nemo@Sailfish ~]$
[nemo@Sailfish ~]$ ping 192.168.255.1
PING 192.168.255.1 (192.168.255.1): 56 data bytes
64 bytes from 192.168.255.1: seq=0 ttl=64 time=2.883 ms
64 bytes from 192.168.255.1: seq=1 ttl=64 time=108.497 ms
^C
--- 192.168.255.1 ping statistics ---
3 packets transmitted, 2 packets received, 33% packet loss
round-trip min/avg/max = 2.883/55.690/108.497 ms
[nemo@Sailfish ~]$
answered 2018-06-10 14:16:20 +0300
I know that I can issue it as root, but why I need to? What's changed?
I succeed to build iputils from here.
Did busybox come with the latest update?
I have noticed that pkcon install/remove something-something also now requires devel-su
answered 2018-06-10 13:54:08 +0300
DISCLAIMER: Don't do this. See discussion/better version in comments.
(Original comment removed, which recommended setting the (presumed) ping binary setuid root)
This is a convenient way to be able to run 'ping' as root user, but I strongly recommend against it. /bin/ping is a symlink to busybox and the command above will set the setuid bit for the busybox executable, which will affect all commands delegated to busybox.
Mohjive ( 2018-06-10 14:14:31 +0300 )edit@nephros It does not work on SFOS3.2 :
$ version
Sailfish OS 3.2.1.19 (Nuuksio)
$ sudo rm -v /bin/ping
rm: remove symbolic link `/bin/ping'? y
$ sudo cp -puv /bin/busybox /bin/ping
`/bin/busybox' -> `/bin/ping'
$ ls -l /bin/ping
-rwxr-xr-x 1 root root 121144 2019-10-16 01:06 /bin/ping
$ sudo setcap cap_net_raw+p /bin/ping
$ getcap /bin/ping
/bin/ping = cap_net_raw+p
$ groups | grep net_raw
nemo lp video users lpadmin alien ssu timed oneshot system bluetooth graphics input audio camera mtp net_raw sudo
$ sudo sysctl -w net.ipv4.ping_group_range="0 $(id -g net_raw)"
net.ipv4.ping_group_range = 0 3004
$ /bin/ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: permission denied (are you root?)
$ strace -e network /bin/ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
ping: permission denied (are you root?)
+++ exited with 1 +++
Asked: 2018-06-10 12:33:28 +0300
Seen: 3,682 times
Last updated: Jul 30 '19
Now that you mentioned that, it's quite annoying.
Direc ( 2018-06-11 18:24:50 +0300 )edit