Code:
[bull:~]$ ls -l /usr/bin/ping
-rwxr-xr-x. 1 root root 40912 Jan 25 2012 /usr/bin/ping
[bull:~]$ sudo rpm --setugids iputils
[sudo] password for bull:
[bull:~]$ ping -c 2 google.com
ping: icmp open socket: Operation not permitted
[bull:~]$ sudo chmod u+s /usr/bin/ping
[bull:~]$ ping -c 2 google.com
PING google.com (74.125.227.97) 56(84) bytes of data.
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_req=1 ttl=50 time=37.9 ms
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_req=2 ttl=50 time=34.9 ms
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 34.959/36.462/37.966/1.515 ms
[bull:~]$
rpm -a --setugids; rpm -a --setperms;
These commands seem safe, right? rpm will look at each individual package and set permissions according to the rpm package says they should be. I ran these as advised for post upgrade of fedora (for me, 16 to 17). Then why after using this, 'su -' will fail to login as user as root because it is missing SUID, ping fails as unprivileged user, etc?
My friend did a fresh installation of Fedora 17, not an upgrade. By default, his /usr/bin/ping did not have SUID and worked, but after he ran:
Code:
rpm --setperms iputils
rpm --setugids iputils
His ping no longer worked, and SUID was not enabled as before.
- Please give me an explanation
- Why did his (my friend) ping work without SUID the first time?
- I ran this for the entire system. Now how am I going to fix it? If I knew the explanation why this is happening, but ping works on a fresh f17 install without SUID, I could probably find the solution. (Note: Even su -, missing the SUID will not and did not work with the correct root password, as well as many other files and permissions)
This issue is not related to SELinux. I have it set to Permissive, so it is not causing the problems.