# Perl: icmp ping requires root privilege

## dussel

Hi,

i've to change a perl script from a WIN32 machine to a gentoo system. If I start this script in the console it works perfect. Unfortunatly I get this message, if I execute the script inside of the apache2 webserver (user and group apache):

```
icmp ping requires root privilege
```

I read now some pages and the solution should be setting the setuid for command ping. My problem is that I dont know how to do this. Could anyone help me to solve the problem?

Kind regards

Jochen

----------

## Jonty

Hi,

I might be wrong   :Very Happy:  but:

chown root.root /bin/ping

chmod u+s /bin/ping

I'm sure someone will tell you this is a bad idea for reason's as yet unknown!   :Cool: 

Hope that helps,

Jonty

----------

## dussel

Hi Jonty,

unfortunatly I get the same error like before....

Another ideas? I googled a little bit and found that suExec could help. But I dont have a clou to use that.

Greetings Jochen

----------

## Jonty

Ok,

I'm guessing now - but is the PERL script using the /bin/ping program or is it calling some internally library?  Because if it is - well, it's probably nothing to do with the ping prog.

If you 'su - apache' can you use ping then?  (You may have to change the shell for the apache user from /bin/false to /bin/bash temporarily)

Jonty

----------

## dussel

 *Jonty wrote:*   

> I'm guessing now - but is the PERL script using the /bin/ping program or is it calling some internally library?  Because if it is - well, it's probably nothing to do with the ping prog.
> 
> If you 'su - apache' can you use ping then?  (You may have to change the shell for the apache user from /bin/false to /bin/bash temporarily)
> 
> 

 

The apache user can ping adresses. The perl script is using an internally libary, but it seems to that at the end the "normal" ping command from the shell is used.

[edit] If I try to run the script as apache user. it is also not running.  [edit] Maybe this hint helps?

Kind regards 

Jochen

----------

## ponch

Try to search CPAN for another ping module realization. For sure, its already done by someone.

----------

## dussel

 *ponch wrote:*   

> Try to search CPAN for another ping module realization. For sure, its already done by someone.

 

Maybe this could be a solution. But I can't believe that such a module could not be used. Has someone experience with the Net::Ping module??

Best regards Jochen

----------

## ponch

This is what im using with apache for pinging:

use Net::Ping::External qw(ping);

my $online = ping(host => "192.168.0.1");

if ( $online ) { wahtever... }

----------

## dussel

 *ponch wrote:*   

> This is what im using with apache for pinging:
> 
> use Net::Ping::External qw(ping);
> 
> my $online = ping(host => "192.168.0.1");
> ...

 

Yeah! Thanks, that solved my problem. Now I have problems with SFTP   :Rolling Eyes: 

I try to establish a sftp connection with the Net-SFTP-0.10 module. For this

purpose I try this here:

.....

use Net::SFTP;

.....

sub check_sftp($$$)

{

my $host = shift;

my $user = shift;

my $pw = shift;

my $ret = "NOK";

$@ = '';

eval {

my $sftp = Net::SFTP->new(

$host,

user=>$user,

password=>$pw,

debug=>"1"

);

$ret = "OK" if (defined $sftp);

};

if ($@ ne '') {

$ret = "NOK";

}

  return($ret);

}

..........

The output looks like this:

new_intranet: Reading configuration data /root/.ssh/config

new_intranet: Reading configuration data /etc/ssh_config

new_intranet: Allocated local port 1023.

new_intranet: Connecting to XXX.XXX.XXX.XXX, port 22.

new_intranet: Remote protocol version 2.0, remote software version

OpenSSH_3.5p1

new_intranet: Net::SSH::Perl Version 1.25, protocol version 2.0.

new_intranet: No compat match: OpenSSH_3.5p1.

new_intranet: Connection established.

new_intranet: Sent key-exchange init (KEXINIT), wait response.

new_intranet: Algorithms, c->s: 3des-cbc hmac-sha1 none

new_intranet: Algorithms, s->c: 3des-cbc hmac-sha1 none

new_intranet: Entering Diffie-Hellman Group 1 key exchange.

new_intranet: Sent DH public key, waiting for reply.

new_intranet: Received host key, type 'ssh-dss'.

new_intranet: Host 'XXX.XXX.XXX.XXX' is known and matches the host key.

new_intranet: Computing shared secret key.

new_intranet: Verifying server signature.

new_intranet: Waiting for NEWKEYS message.

new_intranet: Enabling incoming encryption/MAC/compression.

new_intranet: Send NEWKEYS, enable outgoing encryption/MAC/compression.

new_intranet: Sending request for user-authentication service.

new_intranet: Service accepted: ssh-userauth.

new_intranet: Trying empty user-authentication request.

new_intranet: Authentication methods that can continue: publickey,password.

new_intranet: Next method to try is publickey.

new_intranet: Next method to try is password.

new_intranet: Trying password authentication.

new_intranet: Login completed, opening dummy shell channel.

new_intranet: channel 0: new [client-session]

new_intranet: Requesting channel_open for channel 0.

new_intranet: channel 0: open confirm rwindow 0 rmax 32768

new_intranet: Got channel open confirmation, requesting shell.

new_intranet: Requesting service shell on channel 0.

And stops here..

On the server side I get this message:

Dec  7 12:52:13 www005 sshd[25835]: Accepted password for master from

::ffff:XXX.XXX.XXX.XXX port 24891 ssh2 Dec  7 12:52:13 www005 sshd[25835]:

subsystem request for sftp

Is anyone out there, to help me out of my problem?

Kind regards

Jochen

----------

