We have moved to a new Sailfish OS Forum. Please start new discussions there.
13

Ping: Permission denied

asked 2018-06-10 12:33:28 +0200

wickedsp1d3r gravatar image

After upgrading to the latest SailfishOS 2.2.0.29 Mouhijoki, ping started to fail.

For example:

$ ping google.com
PING google.com (216.58.216.142): 56 data bytes
ping: permission denied (are you root?)

What is causing this? And how to fix it? Thanks.

edit retag flag offensive close delete

Comments

1

Now that you mentioned that, it's quite annoying.

Direc ( 2018-06-11 18:24:50 +0200 )edit

4 Answers

Sort by » oldest newest most voted
9

answered 2018-06-11 23:52:10 +0200

juiceme gravatar image

updated 2018-09-06 13:24:07 +0200

Indeed the busybox ping is used now. Busybox uses stricter permission set for ping than the iputols ping that was usedin previous release.

The correct way to fix this is to add the nemo user to the "net_raw" group;

devel-su usermod -a nemo -G net_raw

Note that even though this sets the group immediately, it does not take effect until you log out of your window manager session and log back in. (this means either device reboot or killing lipstick)

You can however test that it works before booting by ssh'ing to your localhost from console and then trying to ping as nemo; now it will work because sshd forks a new user session for you and the new permissions are in force.

( And by the way as usual this was already noted, discussed and fixed in TMO exactly 9 days ago; https://talk.maemo.org/showpost.php?p=1544960&postcount=37 )

--- edit ---

Update to Nurmonjoki 2.2.1.18 reset the groups, so ping stopped working again... Solution, same as above.

edit remove flag flag offensive (1) delete publish link more

Comments

1

All of my friends use this website and it's a great resource for questions and answers and this post is also very useful. There are few awesome tricks that help in English writing and https://womenlite.com/ is one of the best English essays repository. I was confused in this question and i am glad to read this now and it anwsered my questions.

BraydenHoutman ( 2018-11-09 15:58:30 +0200 )edit

@juicemebusybox ping doesn't work on SFOS 3.2 :

$ version
Sailfish OS 3.2.1.19 (Nuuksio)
$ groups | grep net_raw          
nemo lp video users lpadmin alien ssu timed oneshot system bluetooth graphics input audio camera mtp net_raw sudo
$ strace -e network busybox ping 192.168.1.1       
PING 192.168.1.1 (192.168.1.1): 56 data bytes
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
ping: permission denied (are you root?)
+++ exited with 1 +++
$ sysctl net.ipv4.ping_group_range                         
net.ipv4.ping_group_range = 1   0
$ id net_raw                                                       
uid=3004(net_raw) gid=3004(net_raw) groups=3004(net_raw)
$ man icmp | sed -n '/ping_group_range/,/^$/p'
       ping_group_range (two integers; default: see below; since Linux 2.6.39)
              Range of the group IDs (minimum and maximum  group  IDs,  inclu‐
              sive) that are allowed to create ICMP Echo sockets.  The default
              is "1 0", which means no group is allowed to  create  ICMP  Echo
              sockets.

$ sudo sysctl -w net.ipv4.ping_group_range="0 $(id -g net_raw)"
net.ipv4.ping_group_range = 0 3004
$ busybox ping 192.168.1.1                                     
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: permission denied (are you root?)

What values should I set net.ipv4.ping_group_range for busybox ping ?

SebM ( 2020-06-17 11:23:42 +0200 )edit

@BraydenHoutman, it works for me. (altough I am using 3.3.0.16 Rokua but that should not matter.)

   nemo@Sailfish ~]$ 
   [nemo@Sailfish ~]$ ping 192.168.255.1
   PING 192.168.255.1 (192.168.255.1): 56 data bytes
   64 bytes from 192.168.255.1: seq=0 ttl=64 time=2.883 ms
   64 bytes from 192.168.255.1: seq=1 ttl=64 time=108.497 ms
   ^C
   --- 192.168.255.1 ping statistics ---
   3 packets transmitted, 2 packets received, 33% packet loss
   round-trip min/avg/max = 2.883/55.690/108.497 ms
   [nemo@Sailfish ~]$
juiceme ( 2020-06-20 18:50:42 +0200 )edit
5

answered 2018-06-10 13:27:22 +0200

updated 2018-06-10 13:28:06 +0200

simple...

devel-su ping google.com (enter) (password) (enter)

edit flag offensive delete publish link more
5

answered 2018-06-10 14:16:20 +0200

wickedsp1d3r gravatar image

I know that I can issue it as root, but why I need to? What's changed?

edit flag offensive delete publish link more

Comments

3

My guess is that they removed the ping binary/iputils package and replaced ping with a symlink to busybox, probably to save space. I tried to install iputils, but got a message "this request will break your system".

Mohjive ( 2018-06-10 14:23:24 +0200 )edit

I succeed to build iputils from here. Did busybox come with the latest update?

wickedsp1d3r ( 2018-06-10 16:27:16 +0200 )edit
2

I have noticed that pkcon install/remove something-something also now requires devel-su

Spam Hunter ( 2018-06-10 18:04:22 +0200 )edit
0

answered 2018-06-10 13:54:08 +0200

nephros gravatar image

updated 2019-07-30 17:45:02 +0200

DISCLAIMER: Don't do this. See discussion/better version in comments.

(Original comment removed, which recommended setting the (presumed) ping binary setuid root)

edit flag offensive delete publish link more

Comments

5

This is a convenient way to be able to run 'ping' as root user, but I strongly recommend against it. /bin/ping is a symlink to busybox and the command above will set the setuid bit for the busybox executable, which will affect all commands delegated to busybox.

Mohjive ( 2018-06-10 14:14:31 +0200 )edit
1

@Mohjive darn, yea that's a very good point.

How about this then:

$ devel-su
# rm /bin/ping
# cp /bin/busybox /bin/ping
# chmod +s /bin/ping

or even better:

$ devel-su
# rm /bin/ping
# cp /bin/busybox /bin/ping
# setcap cap_net_raw+p /bin/ping
nephros ( 2018-06-11 15:37:00 +0200 )edit
1

I checked net.ipv4.ping_group_range but it is already allowing ping for all users.

Direc ( 2018-06-11 18:41:21 +0200 )edit

@nephros It does not work on SFOS3.2 :

$ version 
Sailfish OS 3.2.1.19 (Nuuksio)
$ sudo rm -v /bin/ping
rm: remove symbolic link `/bin/ping'? y
$ sudo cp -puv /bin/busybox /bin/ping
`/bin/busybox' -> `/bin/ping'
$ ls -l /bin/ping          
-rwxr-xr-x 1 root root 121144 2019-10-16 01:06 /bin/ping
$ sudo setcap cap_net_raw+p /bin/ping                        
$ getcap /bin/ping   
/bin/ping = cap_net_raw+p
$ groups | grep net_raw                                                                  
nemo lp video users lpadmin alien ssu timed oneshot system bluetooth graphics input audio camera mtp net_raw sudo
$ sudo sysctl -w net.ipv4.ping_group_range="0 $(id -g net_raw)"                        
net.ipv4.ping_group_range = 0 3004
$ /bin/ping 192.168.1.1    
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: permission denied (are you root?)
$ strace -e network /bin/ping 192.168.1.1    
PING 192.168.1.1 (192.168.1.1): 56 data bytes
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
ping: permission denied (are you root?)
+++ exited with 1 +++
SebM ( 2020-06-17 11:48:02 +0200 )edit
Login/Signup to Answer

Question tools

Follow
6 followers

Stats

Asked: 2018-06-10 12:33:28 +0200

Seen: 4,074 times

Last updated: Jul 30 '19