概述
由于网络测试需要,配置普通用户进行网络连通性检查。
在普通用户使用ping命令是,报错如下内容:
[root@localhost ~]# ping baidu.com
PING baidu.com (220.181.38.251) 56(84) bytes of data.
64 bytes from 220.181.38.251: icmp_seq=1 ttl=49 time=51.2 ms
--- baidu.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 51.255/51.255/51.255/0.000 ms
[root@localhost ~]# su - pingtest
[pingtest@localhost ~]$ ping baidu.com
ping: icmp open socket: 不允许的操作
[pingtest@localhost ~]$ which ping
/bin/ping
解决办法
ping命令在运行中采用了ICMP协议,需要发送ICMP报文。但是只有root用户才能建立ICMP报文。而正常情况下,ping命令的权限应为-rwsr-xr-x,即带有suid的文件,一旦该权限被修改,则普通用户无法正常使用该命令。
[root@localhost ~]# chmod u+s /bin/ping
验证
[root@localhost ~]# su - pingtest
[pingtest@localhost ~]$ ping baidu.com
PING baidu.com (220.181.38.148) 56(84) bytes of data.
64 bytes from 220.181.38.148: icmp_seq=1 ttl=50 time=47.8 ms
64 bytes from 220.181.38.148: icmp_seq=2 ttl=50 time=47.8 ms
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 47.807/47.821/47.836/0.219 ms