traceroute: icmp socket: Permission denied?

traceroute: icmp socket: Permission denied?

Post by Tom Jenkin » Sat, 22 Aug 1998 04:00:00



Help!

I'm trying to get /etc/traceroute to work for a 'regular' (non-root) user.

I keep getting this error: "traceroute: icmp socket: Permission denied"

My permissions under SCO 3.2.4.2 is:

-rws--x--x   1 bin      bin        50186 Apr 13  1993 /etc/traceroute

Is there something that I need to turn on?

--Tom

 
 
 

traceroute: icmp socket: Permission denied?

Post by Tom Jenkin » Sun, 23 Aug 1998 04:00:00


@cts.com
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Newsgroups: comp.unix.sco.misc

Help!

I'm trying to get /etc/traceroute to work for a 'regular' (non-root) user.

I keep getting this error: "traceroute: icmp socket: Permission denied"

My permissions under SCO 3.2.4.2 is:

-rws--x--x   1 bin      bin        50186 Apr 13  1993 /etc/traceroute

Is there something that I need to turn on?

--Tom

 
 
 

traceroute: icmp socket: Permission denied?

Post by Tom Jenkin » Sun, 23 Aug 1998 04:00:00


@cts.com
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Organization: CTS Network Services
Newsgroups: comp.unix.sco.misc

Gary,

I understand the first method, but would like to go with the second, since
it *seems* more secure.

However, under SCO Unix sys V 3.2.4.2, I can't follow the procedure.
Specifically:

Quote:>Add traceroute to end of the the root line in /etc/auth/system/authorize
>separating it from the entries already there with a comma BEFORE starting
the
>Account manager. Then, select the user, then Users Authorizations. Unclick
Use
>system default.
>Add traceroute.

1 - Note my /etc/auth/system/authorize file (no comma's!):
audit:audittrail
auth:su,passwd
backup:queryspace
cron:
lp:printqueue,printerstat
mem:
sysadmin:
terminal:
uucp:
root:shutdown

2 - where do I select 'user'?

3 - 'unclick'?  Under the textual 3.2.4.2?  Note that I don't have a GUI
here... :)

4 - 'Add traceroute'?  Hmmm

5 - From the command line, could I just add the entry 'traceroute' to the
authorization file and do a "traceroute:user" where user /= root?

--Tom


>On Sat, 22 Aug 1998 17:12:33 GMT, in article


>>On Sat, 22 Aug 1998 06:36:32 -1000, in article

>>>Help!

>>>I'm trying to get /etc/traceroute to work for a 'regular' (non-root)
user.

>>>I keep getting this error: "traceroute: icmp socket: Permission denied"

>>>My permissions under SCO 3.2.4.2 is:

>>>-rws--x--x   1 bin      bin        50186 Apr 13  1993 /etc/traceroute

>>>Is there something that I need to turn on?

>>Chown root /etc/traceroute.

>>You'd better have complete trust in your users to do this.

>>Another thing to do that'd be better is remove the setuid bit and make a
>>tracert command that runs it with asroot.

>Tom asked for an example:

>Make a command /usr/local/bin/tracert

>#!/bin/sh
>/tcb/bin/asroot traceroute $1

>cp /etc/traceroute /tcb/files/rootcmds/traceroute
>chmod 555 /tcb/files/rootcmds/traceroute

>Any user who needs to run this command must have the execsuid kernel
privilege
>and one of:

>root primary subsystem (in the account manager, select the user, then Users
>Authorizations.

>Unclick Use system default
>Add root

>-or-

>Add traceroute to end of the the root line in /etc/auth/system/authorize
>separating it from the entries already there with a comma BEFORE starting
the
>Account manager. Then, select the user, then Users Authorizations. Unclick
Use
>system default.
>Add traceroute.

>The second method is obviously safer but you'll have to add an entry for
>everything you put in /tcb/files/rootcmds into /etc/auth/system/authorize.

>If you have more questions, post them here so all can see rather than
emailing
>me.

>Thanks

>--

>---------------------------------------------------------------------------
>                  How you look depends on where you go.
>---------------------------------------------------------------------------
>Gary L. Burnore                       |  Y?3oY3T3oY33Y?oY3T3oY3Y3T3oY3YY?3
>                                      |  Y?3oY3T3oY33Y?oY3T3oY3Y3T3oY3YY?3
>DOH!                                  |  Y?3oY3T3oY33Y?oY3T3oY3Y3T3oY3YY?3
>                                      |  Y?3 3 4 1 4 2  Y3T3 6 9 0 6 9 Y?3
>spamgard(tm):  zamboni                |     Official Proof of Purchase
>===========================================================================

 
 
 

traceroute: icmp socket: Permission denied?

Post by Jean-Pierre Radle » Wed, 26 Aug 1998 04:00:00


Tom Jenkins typed (on 21Aug):
| Help!
|
| I'm trying to get /etc/traceroute to work for a 'regular' (non-root) user.
|
| I keep getting this error: "traceroute: icmp socket: Permission denied"
|
| My permissions under SCO 3.2.4.2 is:
|
| -rws--x--x   1 bin      bin        50186 Apr 13  1993 /etc/traceroute
|
| Is there something that I need to turn on?

Try suid root, rather than suid bin.

--