We need read documentation for tunung of multiuser OS or hire me for this work!
Problem
1 2 3 | [~] $ ping -c 3 8.8.8.8 ping: socket: Operation not permitted |
Solution
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | [/etc/sysctl.d] # cat /proc/sys/net/ipv4/ping_group_range 1 0 [/etc/sysctl.d] # cat /etc/sysctl.d/100-ipv4.conf net.ipv4.ip_forward = 1 net.ipv4.ping_group_range = 0 2147483647 systemctl restart systemd-sysctl [/etc/sysctl.d] # cat /proc/sys/net/ipv4/ping_group_range 0 2147483647 [~] $ ping -c 3 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=3.45 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=116 time=3.57 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=116 time=3.70 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 3.456/3.580/3.708/0.102 ms |
NOTICE 1:
ping_group_range – 2 INTEGERS
Restrict ICMP_PROTO datagram sockets to users in the group range.
The default is “1 0”, meaning, that nobody (not even root) may
create ping sockets. Setting it to “100 100” would grant permissions
to the single group. “0 4294967295” would enable it for the world, “100
4294967295” would enable it for the users, but not daemons.
NOTICE 2:
GID_T_MAX is the max you can set, and it is defined as:
#define GID_T_MAX (((gid_t)~0U) >> 1)
that is 2147483647, 4294967295 is larger than it, therefore you got
EINVAL.