rose@lynx:/home/rose(39)$ ping leopard ping: icmp open socket: Operation not permitted rose@lynx:/home/rose(40)$ ping wildcat ping: icmp open socket: Operation not permitted rose@lynx:/home/rose(41)$ su - Password: ... root@lynx:/root(1)# ping leopard PING leopard.ibmt.intern (192.168.2.90) 56(84) bytes of data. 64 bytes from leopard.ibmt.intern (192.168.2.90): icmp_seq=1 ttl=64 time=0.407 ms 64 bytes from leopard.ibmt.intern (192.168.2.90): icmp_seq=2 ttl=64 time=0.311 ms ^C Any idea? Some missing service? root@lynx:/root(5)# emerge --info Portage 2.2.4 (default/linux/amd64/13.0/desktop, gcc-4.7.3, glibc-2.17, 3.11.0-gentoo x86_64) ================================================================= System uname: Linux-3.11.0-gentoo-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T8300_@_2.40GHz-with-gentoo-2.2 KiB Mem: 3987304 total, 727900 free KiB Swap: 12582908 total, 12553416 free Timestamp of tree: Fri, 13 Sep 2013 11:00:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 distcc 3.1 x86_64-pc-linux-gnu [disabled] app-shells/bash: 4.2_p45 dev-java/java-config: 2.2.0 dev-lang/python: 2.7.5-r2, 3.2.5-r2, 3.3.2-r2 dev-util/cmake: 2.8.11.2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.13.4, 1.14 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.6.4, 4.7.3 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.11 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo x11 sage-on-gentoo science sunrise lordvan local g-cpan g-octave Installed sets: @system ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA PUEL Intel-SDP dlj-1.1 skype-eula skype-4.0.0.7-copyright googleearth AdobeFlash-11.x cadsoft Oracle-BCLA-JavaSE MakeMKV-EULA NVIDA-CUDA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=native -O2 -pipe" GENTOO_MIRRORS="http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.tu-clausthal.de/pub/linux/gentoo ftp://ftp.easynet.nl/mirror/gentoo/ " LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage_lynx" PORTDIR_OVERLAY="/var/lib/layman/x11 /var/lib/layman/sage-on-gentoo /var/lib/layman/science /var/lib/layman/sunrise /var/lib/layman/lordvan /usr/local/portage /var/lib/cpan /var/lib/g-octave" USE="64bit R X Xaw3d a52 aac acl acpi admin afs alsa amd64 ao apache2 apng applet archive armadillo arpack asf aspell atlas audacious audiofile automap automount bash-completion berkdb blas blast bluetooth bluray boost branding bzip2 cairo cdda cddb cdf cdio cdparanoia cdr cg cgi chm cli cmake consolekit cracklib crypt css cuda cups curl cxx daap db dbi dbm dbus declarative designer devhelp device-mapper dga dia dirac djvu doc dot dri ds2490 ds9097 ds9097u dts dv dvb dvd dvdr dvi dynamicplugin eds egl elf emacs emboss emf encode epiphany evo examples exif expat extensions extra extras faac faad fam ffmpeg fftw firefox fits flac fltk fontconfig foomaticdb fortran fortran95 fpm fpx fuse g3dvl garmin gcj gd gdal gdbm gdu gedit geoip geolocation geos gfortran gif gimp git glade glib glpk gml gmp gnome gnome-keyring gnome-print gnuplot gnutls gold gphoto2 gpm grammar graphics graphtft graphviz grass gsl gsm gstreamer gtk gtk3 gudev guile hddtemp hdf hdf5 hdri html http httpd hvm hwdb iconv icq icu id3 id3tag ide imagemagick imap inotify introspection ipod ipv6 irda ithreads jabber jadetex java java6 jbig john jpeg jpeg2k kate kdepim kdrive kerberos keymap kpathsea kvm ladspa lame lapack laptop latex lcms ldap lensfun libffi libkms libnotify libsamplerate lirc live lua lzma lzo mad mail maildir mapnik math matroska media-library mercurial mikmod mkl mmx mmxext mng mod modules mono motif mozilla mp3 mp4 mpeg mpi mplayer mtp mudflap multilib multimedia musepack musicbrainz mysql mysqli nautilus ncurses neXt netcdf netpbm network networking nfs nls nntp nptl nsplugin ntfs ntp numpy obex objc ocaml ocr octave odbc ofa ogdi ogg openexr opengl openmp openvg pam pango pcre pda pdf perl plasma plotutils plugins png podcast policykit portaudio posix postgres postscript ppds preview-latex proj projectm projectx pstricks pulseaudio python python-bindings q16 q32 qemu qhull qt3support qt4 quicktime raw readline real reiserfs reports rhythmbox rle romio rpc rrdcgi rrdtool sage samba sasl schroedinger science sdk sdl secure-delete semantic-desktop server session shout sip slang slp smart smbclient smp sms sndfile snmp soap sockets sound soup sox speex spell sql sqlite sse sse2 sse4 ssl ssse3 startup-notification stlport subtitles subversion sudo suexec svg svm swig systemd szip t1lib tcl tcpd tex tex4ht texmacs tgif theora thesaurus thinkpad threads thunderbird tidy tiff tk tools truetype udev udisks unicode upower usb userlocales utempter v4l vaapi vala valgrind vdpau video virt-network virtualbox visio vorbis vpx wav webdav webdav-serf webkit wifi wmf wxwidgets x264 xa xattr xcb xemacs xetex xext xft xine xml xmlreader xmlrpc xpm xv xvid xvmc yaml youtube zlib zvbi" ABI_X86="64" ALSA_CARDS="intel8x0" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_core authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgid dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info lbmethod_byrequests log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif slotmem_shm so socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="canon fuji ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CURL_SSL="nss" DRACUT_MODULES="caps lvm syslog" DVB_CARDS="usb-wt220u" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev synaptics void" KERNEL="linux" LCD_DEVICES="cfontz hd44780 mtxorb ncurses X lcd2usb lcdlinux png usblcd" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de fr ru" NETBEANS_MODULES="apisupport cnd dlight enterprise ergonomics groovy gsf harness ide identity j2ee java mobility nb php profiler ruby websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="arm i386 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau displaylink" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC, USE_PYTHON
I think the problem could be in latest iputils revision changes: *iputils-20121221-r1 (27 Jan 2013) 27 Jan 2013; Mike Frysinger <vapier@gentoo.org> +iputils-20121221-r1.ebuild, iputils-99999999.ebuild: Move traceroute6 to the traceroute package. Move arping/clockdiff to bin. Use new file capabilities to allow people to execute arping/clockdiff/ping/ping6. Can you try with 20121221 Also ensure ping is being provided by it: # whereis ping ping: /bin/ping /usr/share/man/man8/ping.8.bz2 # equery b /bin/ping * Searching for /bin/ping ... net-misc/iputils-20121221 (/bin/ping) # ls -l /bin/ping -rws--x--x 1 root root 42296 ago 13 12:33 /bin/ping
I had: lynx ~ # type ping ping is /bin/ping lynx ~ # whereis ping ping: /bin/ping /usr/share/man/man8/ping.8.bz2 lynx ~ # qfile -v /bin/ping net-misc/iputils-20121221-r1 (/bin/ping) If I try to downgrade iputils to iputils-20121221, 'emerge -v1 =iputils-20121221' complains: [ebuild UD ] net-misc/iputils-20121221 [20121221-r1] USE="doc gnutls ipv6 ssl -SECURITY_HAZARD -caps -idn -static (-filecaps%*)" 175 kB [blocks B ] <net-misc/iputils-20121221-r1 ("<net-misc/iputils-20121221-r1" is blocking net-analyzer/traceroute-2.0.19-r1) 'emerge -v1 =iputils-20121221 =traceroute-2.0.19' worked. Now ping works also for ordinary users: rose@lynx:/home/rose(1)$ ping leopard PING leopard.ibmt.intern (192.168.2.90) 56(84) bytes of data. 64 bytes from leopard.ibmt.intern (192.168.2.90): icmp_seq=1 ttl=64 time=0.414 ms 64 bytes from leopard.ibmt.intern (192.168.2.90): icmp_seq=2 ttl=64 time=0.493 ms 64 bytes from leopard.ibmt.intern (192.168.2.90): icmp_seq=3 ttl=64 time=0.476 ms ^C --- leopard.ibmt.intern ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.414/0.461/0.493/0.033 ms rose@lynx:/home/rose(2)$ id uid=1203(rose) gid=1000(rose) groups=1000(rose),4(adm),6(disk),7(lp),10(wheel),14(uucp),18(audio),19(cdrom),27(video),35(games),60(mysql),85(usb),100(users),102(davfs2),245(locate),250(portage),1004(plugdev),1010(vboxusers),1013(wireshark),1016(qemu),1020(kvm),1212(nwaccess),1217(tuntap) rose@lynx:/home/rose(3)$ rose@lynx:/home/rose(17)$ qfile -v /bin/ping net-misc/iputils-20121221 (/bin/ping)
There is no evidence that this has anything to do with systemd. Reassigning.
If you want ping to work as a normal user, you should ensure that you do not disable USE=filecaps.
(In reply to Mike Gilbert from comment #4) > If you want ping to work as a normal user, you should ensure that you do not > disable USE=filecaps. I have enabled filecaps, but nevertheless I can not ping as ordinary user: rose@leopard:/home_leopard/rose(3)$ ping lynx ping: icmp open socket: Operation not permitted rose@leopard:/home_leopard/rose(4)$ su - Passwort: ... root@leopard:/root(1)# ping lynx PING lynx.ibmt.intern (192.168.2.11) 56(84) bytes of data. 64 bytes from lynx.ibmt.intern (192.168.2.11): icmp_seq=1 ttl=64 time=0.503 ms 64 bytes from lynx.ibmt.intern (192.168.2.11): icmp_seq=2 ttl=64 time=0.477 ms 64 bytes from lynx.ibmt.intern (192.168.2.11): icmp_seq=3 ttl=64 time=0.481 ms 64 bytes from lynx.ibmt.intern (192.168.2.11): icmp_seq=4 ttl=64 time=0.471 ms 64 bytes from lynx.ibmt.intern (192.168.2.11): icmp_seq=5 ttl=64 time=0.496 ms ^C root@leopard:/root(2)# emerge -pvD iputils These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-misc/iputils-20121221-r1 USE="doc filecaps gnutls ipv6 ssl -SECURITY_HAZARD -caps -idn -static" 0 kB
Please attach a build log with the filecaps use flag enabled.
Hmm... I think I misread the fcaps function; it is supposed to make the binary suid (4711) if filecaps is disabled. It would still be helpful to see a build log, however.
(In reply to Mike Gilbert from comment #7) > Hmm... I think I misread the fcaps function; it is supposed to make the > binary suid (4711) if filecaps is disabled. > > It would still be helpful to see a build log, however. After reemerging iptutils for providing a build.log now ping works again for a ordinary use. Sorry!
No problem, thanks for feedback
Now I have the next systems, where ping does not work for ordinary users. Reemergeing with the same USE flags solved the issue: rose@thinkpadedge:/home/rose/Txt/projects/IVD_soeren/Cameras/Tucsen/Examples_from_Developers_Guide_without_QT(35)$ ping -c3 lightserver ping: icmp open socket: Operation not permitted rose@thinkpadedge:/home/rose/Txt/projects/IVD_soeren/Cameras/Tucsen/Examples_from_Developers_Guide_without_QT(36)$ genlop -t iputils | tail Mon Jan 28 04:38:21 2013 >>> net-misc/iputils-20121221-r1 merge time: 13 seconds. Mon Mar 4 15:57:04 2013 >>> net-misc/iputils-20121221-r1 merge time: 11 seconds. Tue Mar 5 12:49:07 2013 >>> net-misc/iputils-20121221-r1 merge time: 10 seconds. rose@thinkpadedge:/home/rose/Txt/projects/IVD_soeren/Cameras/Tucsen/Examples_from_Developers_Guide_without_QT(37)$ date Do 21. Nov 18:11:22 CET 2013 rose@thinkpadedge:/home/rose/Txt/projects/IVD_soeren/Cameras/Tucsen/Examples_from_Developers_Guide_without_QT(38)$ genlop -t iputils | tail Mon Mar 4 15:57:04 2013 >>> net-misc/iputils-20121221-r1 merge time: 11 seconds. Tue Mar 5 12:49:07 2013 >>> net-misc/iputils-20121221-r1 merge time: 10 seconds. Thu Nov 21 18:11:09 2013 >>> net-misc/iputils-20121221-r1 merge time: 15 seconds. rose@thinkpadedge:/home/rose/Txt/projects/IVD_soeren/Cameras/Tucsen/Examples_from_Developers_Guide_without_QT(39)$ ping -c3 lightserver PING raspberry3.ibmt.intern (192.168.2.113) 56(84) bytes of data. 64 bytes from raspberry3.ibmt.intern (192.168.2.113): icmp_seq=1 ttl=64 time=1.00 ms 64 bytes from raspberry3.ibmt.intern (192.168.2.113): icmp_seq=2 ttl=64 time=0.486 ms 64 bytes from raspberry3.ibmt.intern (192.168.2.113): icmp_seq=3 ttl=64 time=0.538 ms --- raspberry3.ibmt.intern ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.486/0.676/1.005/0.234 ms
If you can figure out the cause, feel free to reopen; otherwise, I don't think we are going to spend any time guessing at what the problem might be.
