Last night I installed a SSD on my openSUSE 13.1 system, copied my root filesystem to it, and made it the boot volume. Afterwards it booted up very quickly. I went to bed a happy person.
This morning, while checking some network issues I used ping and got the error in the title. What happened!?
Checking the permissions on both the old filesystem and the new one revealed no differences.
-rwxr-xr-x 1 root root 43480 Nov 16 09:47 /usr/bin/ping
Was it supposed to be setuid? Let's see whether the package manager thinks it's installed correctly.
$ rpm -qf /usr/bin/ping
iputils-s20101006-23.4.1.x86_64
$ rpm -V iputils
/usr/bin/ping should be root:root 0755 "= cap_net_raw+ep". (wrong missing capabilities)
Ah, something was lost in the copying. Searching for capabilities revealed that they allow finer grained privileges than setuid. To fix I was supposed to run setcap. But there was no such utility installed, so I repaired the situation by reinstalling iputils instead of installing the libcap-progs package.
$ sudo zypper install -f iputils
And ping was back to normal.
Incidentally some posts claim that rsync preserves capabilities. I did use rsync to copy and yet the capability did not come across. I can find nothing in the manual page of rsync about this.
Here's a good introduction to capabilities.
This morning, while checking some network issues I used ping and got the error in the title. What happened!?
Checking the permissions on both the old filesystem and the new one revealed no differences.
-rwxr-xr-x 1 root root 43480 Nov 16 09:47 /usr/bin/ping
Was it supposed to be setuid? Let's see whether the package manager thinks it's installed correctly.
$ rpm -qf /usr/bin/ping
iputils-s20101006-23.4.1.x86_64
$ rpm -V iputils
/usr/bin/ping should be root:root 0755 "= cap_net_raw+ep". (wrong missing capabilities)
Ah, something was lost in the copying. Searching for capabilities revealed that they allow finer grained privileges than setuid. To fix I was supposed to run setcap. But there was no such utility installed, so I repaired the situation by reinstalling iputils instead of installing the libcap-progs package.
$ sudo zypper install -f iputils
And ping was back to normal.
Incidentally some posts claim that rsync preserves capabilities. I did use rsync to copy and yet the capability did not come across. I can find nothing in the manual page of rsync about this.
Here's a good introduction to capabilities.
No comments:
Post a Comment