From owner-freebsd-questions Thu Jul 18 12:14:17 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA10238 for questions-outgoing; Thu, 18 Jul 1996 12:14:17 -0700 (PDT) Received: from relay-5.mail.demon.net (relay-5.mail.demon.net [158.152.1.48]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA10232 for ; Thu, 18 Jul 1996 12:14:15 -0700 (PDT) Received: from post.demon.co.uk by relay-5.mail.demon.net id ag03609; 18 Jul 96 18:27 +0100 Received: from jraynard.demon.co.uk ([158.152.42.77]) by relay-3.mail.demon.net id aa01143; 18 Jul 96 18:19 +0100 Received: (from fqueries@localhost) by jraynard.demon.co.uk (8.6.12/8.6.12) id KAA00396; Thu, 18 Jul 1996 10:13:47 GMT From: James Raynard Message-Id: <199607181013.KAA00396@jraynard.demon.co.uk> Subject: Re: Network Permissions (duplicate with correct return address) To: Walter Peterson Date: Thu, 18 Jul 1996 10:13:46 +0000 () Cc: freebsd-questions@freebsd.org In-Reply-To: <31EC4547.FDA@cyberstreet.com> from "Walter Peterson" at Jul 16, 96 09:43:35 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I have a freebsd box that I allow Rlogin and telnet sessions on. I have > granted permission to use the program traceroute to the group these > people are in. When I try to use this command when not logged in as root > I egt an error, imcp socket: Permission denied. How do I grant > permission to use this command? Traceroute needs to create a "raw" socket, which can only be done if the program is running as root. For this reason, traceroute comes setuid in the distribution; it is also world readable and executable, so that these people already had permission to use it. What I suspect has happened here is that these users did not have /usr/sbin in their path, so their shell couldn't find it when they typed 'traceroute'. You helpfully copied traceroute into somewhere where they could see it, but at some point the setuid bit got lost. The simplest solution is probably to add the line alias traceroute /usr/sbin/traceroute to their .cshrc files. The reason why it's in /usr/sbin and not somewhere like /usr/bin is that it was originally intended to be run by system administrators debugging connection problems. Although it is a useful tool for people learning about networking, it can also be the source of a lot of very annoying support questions from people who don't understand how to use it (so I'm told - I've never had to share a network with people who didn't know how to use traceroute :-)