Date: Tue, 18 Aug 2015 11:50:34 -0700 From: Tom Samplonius <tom@samplonius.org> To: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: ping from web application Message-ID: <4FD40952-8DE5-4800-9BC3-C099E09C36AE@samplonius.org> In-Reply-To: <444mjwisy1.fsf@lowell-desk.lan> References: <20150818150924.5e9bef04@efreet> <444mjwisy1.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Aug 18, 2015, at 7:15 AM, Lowell Gilbert = <freebsd-stable-local@be-well.ilk.org> wrote: >=20 > Marko Cupa=C4=87 <marko.cupac@mimar.rs> writes: >=20 >> I use web applicaton (net-mgmt/phpipam) which should have the ability >> to check hosts' availability via ping. I can even specify path to = ping >> executable. >>=20 >> This functionality does not work on FreeBSD by default, and suggested >> workaround is to set setuid bit on /sbin/ping. >>=20 >> I don't like to modify permissions of base files. Is there an >> alternative solution? e.g. a port? >=20 > In what way does ping(8) not work? A look at its error output should > tell you what the problem is. >=20 > Additionally, the standard permissions on /sbin/ping *are* suid root. > It certainly won't work if you've changed that, so just change it = back. >=20 > And yes, there are other ping programs present, including some with > pretty graphical web page UIs. But there's no reason that PHP should > have trouble calling /sbin/ping. It is a pretty standard issue: only apps running as root can send = ICMP directly, as ping does. PHP runs in Apache, and to prevent = security issues with privilege escalation setuid programs are forced to = run as an unprivileged user. I would check to see how =E2=80=9Cfping=E2=80=9D in Nagios solved this = issue. Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FD40952-8DE5-4800-9BC3-C099E09C36AE>