This method is no longer preferred, as it carries more security risk. In some unique circumstances, the permissions mode of /usr/bin/ping may need to be increased to allow execution by non-root users. * In order to use getcap and setcap commands, the libcap-progs package must be installed, which can be done with the command:ģ. More information about file capabilities could be found at these links: However, most SLES 12 and 15 installations have defaulted to "cap_net_raw+ep" so if any problems are seen with +p, it may be worth testing +ep as well. Testing and research confirm that "cap_net_raw+p" on /usr/bin/ping should be enough to allow non-root users to ping. Rtt min/avg/max/mdev = 3.620/3.620/3.620/0.000 above capability method allows more fine grained privileges to be given to non-root users rather than the full power of root. Node1:~ # setcap cap_net_raw+p /usr/bin/ping Rtt min/avg/max/mdev = 3.620/3.620/3.620/0.000 Alternatively, non-root users can use the ping command if certain capabilities are present on the /usr/bin/ping binary: Users whose UIDs are covered by _group_range are allowed to use the ping command: Or temporarily set on the fly with the sysctl command, for example: The ping_group_range can be set within /etc/nf: On those previous distributions, leave this setting at the default of "1 0" and see option #2 or #3 instead, below. Additionally, this will not solve the issue on SLES 12, even though the parameter exists there also. However, due to potential problems in the usage of this parameter, SUSE is recommending this ONLY for 15 SP3 and above. This parameter will allow non-root users to execute ping on SLES 15. The following methods are all independent. On most SLES systems, one or more of these are already present after a standard install, so most systems do not run into this issue. There are various methods to allow non-root users to execute ping.
0 Comments
Leave a Reply. |