Date: Thu, 18 Jul 1996 10:13:46 +0000 () From: James Raynard <fqueries@jraynard.demon.co.uk> To: Walter Peterson <walterp@cyberstreet.com> Cc: freebsd-questions@freebsd.org Subject: Re: Network Permissions (duplicate with correct return address) Message-ID: <199607181013.KAA00396@jraynard.demon.co.uk> In-Reply-To: <31EC4547.FDA@cyberstreet.com> from "Walter Peterson" at Jul 16, 96 09:43:35 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> I have a freebsd box that I allow Rlogin and telnet sessions on. I have > granted permission to use the program traceroute to the group these > people are in. When I try to use this command when not logged in as root > I egt an error, imcp socket: Permission denied. How do I grant > permission to use this command? Traceroute needs to create a "raw" socket, which can only be done if the program is running as root. For this reason, traceroute comes setuid in the distribution; it is also world readable and executable, so that these people already had permission to use it. What I suspect has happened here is that these users did not have /usr/sbin in their path, so their shell couldn't find it when they typed 'traceroute'. You helpfully copied traceroute into somewhere where they could see it, but at some point the setuid bit got lost. The simplest solution is probably to add the line alias traceroute /usr/sbin/traceroute to their .cshrc files. The reason why it's in /usr/sbin and not somewhere like /usr/bin is that it was originally intended to be run by system administrators debugging connection problems. Although it is a useful tool for people learning about networking, it can also be the source of a lot of very annoying support questions from people who don't understand how to use it (so I'm told - I've never had to share a network with people who didn't know how to use traceroute :-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607181013.KAA00396>