[prev in list] [next in list] [prev in thread] [next in thread]
List: opennms-buglist
Subject: [Buglist] [JIRA] (NMS-3154) OpenNMS doesn't set "net_icmpaccess" privilege for opennms user
From: "Mandeep Mann (JIRA)" <jira () opennms ! org>
Date: 2013-07-26 7:04:58
Message-ID: JIRA.14347.1239299444000.985.1374822298795 () jira ! opennms ! org
[Download RAW message or body]
[ http://issues.opennms.org/browse/NMS-3154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=32614#comment-32614 \
]
Mandeep Mann commented on NMS-3154:
-----------------------------------
Any alternative command for Linux?
> OpenNMS doesn't set "net_icmpaccess" privilege for opennms user
> ---------------------------------------------------------------
>
> Key: NMS-3154
> URL: http://issues.opennms.org/browse/NMS-3154
> Project: OpenNMS
> Issue Type: Bug
> Security Level: Default(Default Security Scheme)
> Components: Installation
> Affects Versions: 1.7.2
> Environment: Operating System: Solaris
> Platform: Sun
> Reporter: John Center
> Assignee: OpenNMS Bug Mailing List
> Fix For: 1.7.2
>
>
> Running jicmp as root works, but not as opennms user:
> # java -Dopennms.library.jicmp=/opt/NMSjicmp/lib/libjicmp.so -classpath
> /opt/opennms/lib/opennms-icmp-api-1.7.2.jar:/opt/opennms/lib/log4j-1.2.15.jar:/opt/opennms/lib/jicmp-api-1.0.10.jar \
> org.opennms.netmgt.ping.Ping www.google.com
> [DEBUG] System property 'opennms.library.jicmp' set to
> '/opt/NMSjicmp/lib/libjicmp.so. Attempting to load jicmp library from
> this location.
> [INFO] Successfully loaded jicmp library.
> IOException while creating an IcmpSocket.
> java.net.SocketException: System error creating ICMP socket (13,
> Permission denied)
> at org.opennms.protocols.icmp.IcmpSocket.initSocket(Native Method)
> at
> org.opennms.protocols.icmp.IcmpSocket.<init>(IcmpSocket.java:108)
> at org.opennms.netmgt.ping.Ping.main(Ping.java:111)
> I did some research on determining the permission problem & came across
> this article:
> http://www.sun.com/bigadmin/features/articles/least_privilege.jsp. I
> ran the command above with ppriv debugging & received this message:
> ...
> java[22346]: missing privilege "net_icmpaccess" (euid = 106, syscall =
> 230) for "devpolicy" needed at so_socket+0xc8
> ...
> I added "net_icmpaccess" to the opennms user:
> # usermod -K defaultpriv=basic,net_icmpaccess opennms
> And, now it works.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Buglist mailing list
Buglist@lists.opennms.com
http://lists.opennms.com/mailman/listinfo/buglist
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic