[CentOS] Ping as regular user not allowed (CentOS Stream 8)

Thu Jan 20 22:14:54 UTC 2022
Johnny Hughes <johnny at centos.org>

On 1/20/22 15:07, Johnny Hughes wrote:
> On 1/20/22 12:46, Johnny Hughes wrote:
>> On 1/19/22 08:44, Brian Stinson wrote:
>>> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund <toralf.lund at pgs.com> wrote:
>>>> Following some update or the other (I think) on my CentOS Stream 8
>>>> system, I'm no longer able to use ping as a regular user; I get
>>>> $ ping www.centos.org
>>>> ping: socket: Operation not permitted
>>>> Does anyone else see this? It it a bug, or were the system/default
>>>> permissions deliberately changed? Can anyone suggest a fix/workaround?
>>>> Actually, I can find several different ones via a simple web search, 
>>>> but
>>>> they are generally related to other distributions, I'm not quite sure
>>>> which would be the most appropriate for CentOS...
>>>> Thanks.
>>>> - Toralf
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos
>>> Folks interested in this issue can watch this bugzilla:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=2037807
>>> We're waiting for systemd-239-55.el8 sources to show up after which we
>>> will build this and publish to CentOS Stream. Right now this appears
>>> to be an infrastructure issue and the appropriate folks are working on
>>> that, but we also want this package to pass the proper checks before
>>> we build.
>> I am doing a compose with this version of systemd in it right now. 
>> Should be released later today.
>> _______________________________________________
> OK .. I am currently releasing an 8-stream compose with 
> systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
> I checked internally and it is also a problem on the rhel build for this 
> systemd version, so not an issue introduced by the CentOS Stream build.
> This  version of systemd should be available in a couple hours on 
> mirror.centos.org.

OK .. to fix this issue until we get a build that fixes it:

Edit /usr/lib/sysctl.d/50-default.conf

take out the minus sign (-) in this line:

-net.ipv4.ping_group_range = 0 2147483647

Johnny Hughes