问题:
我使用Alpine (使用busybox ),试图让ping工作,/ # ping www.google.com
PING www.google.com (172.217.5.100): 56 data bytes
ping: permission denied (are you root?)
/ # which ping
/bin/ping
/ # ls -al /bin/ping
lrwxrwxrwx 1 root root 12 Jan 16 2020 /bin/ping -> /bin/busybox
/ # whoami
root
/ # apk add iputils
fetch https://alpine.global.ssl.fastly.net/alpine/v3.11/main/x86_64/APKINDEX.tar.gz
fetch https://alpine.global.ssl.fastly.net/alpine/v3.11/community/x86_64/APKINDEX.tar.gz
fetch https://alpine.global.ssl.fastly.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
(1/2) Installing libcap (2.27-r0)
(2/2) Installing iputils (20190709-r0)
Executing busybox-1.31.1-r9.trigger
Executing glibc-bin-2.28-r0.trigger
OK: 49 MiB in 32 packages
/ # ping www.google.com
ping: socket: Operation not permitted
/ # which ping
/bin/ping
/ # ls -al /bin/ping
-rwsr-xr-x 1 root root 60232 Oct 22 2019 /bin/ping
/ # chmod u+s /bin/ping
/ # ping www.google.com
ping: socket: Operation not permitted
/ # cat etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.11.3
PRETTY_NAME="Alpine Linux v3.11"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
答案1:
这是一个sysctl设置,用于限制允许在Alpine上ping的用户ID范围。让所有用户可以ping,echo "0 2147483647" > /proc/sys/net/ipv4/ping_group_range
永久化,echo "net.ipv4.ping_group_range = 0 2147483647" >> /etc/sysctl.conf
相关文章