icmp ping requires root privilege only?

raybies has asked for the wisdom of the Perl Monks concerning the following question:

I've a simple ping script using Net::Ping. I was surprised to see it was already on my system, so I didn't install it, nor the version of Perl I'm running on this machine (RHEL v. 4).

However when I run my script I get the following message: icmp ping requires root privilege at ./multitemp.pl line 15

I have root priv on my machine, and the script runs fine as root, but I'm curious if there's a way to open the privilege up such that I can run it as regular user on the machine. I didn't realize one could set the privileges such that a perl module would work for root only. I located the Net/Ping.pm module, but it's priveleges are set 444, meaning root and the world both have read privileges.I can run the regular "ping" command from the commandline, and don't have to be root. Is this an internal setting to Perl that gets set when you install a module?

Is there a quick way to undo root-only modules? Or does it require a seperate install of some sort? Or something more obtuse?

--Ray

Comment on icmp ping requires root privilege only? Download Code

Replies are listed 'Best First'.
Re: icmp ping requires root privilege only? by ikegami (Patriarch) on May 13, 2011 at 19:48 UTC
Creating an ICMP packet requires a raw socket, and creating raw sockets requires root privileges. The check is not being made by the module. Since privileges are process-based in unix, you need to elevate the privileges of your entire process (using setuid , `sudo` or whatever), or delegate the pinging to a program that runs with elevated privileges (such as the preexisting `ping` command, which uses setuid to run as root).	[reply] [d/l] [select]
Re: icmp ping requires root privilege only? by Corion (Patriarch) on May 13, 2011 at 19:39 UTC
This is a limitation (or feature, depending on how you look at it) of your operating system, not of Perl. I believe that Net::Ping offers alternatives to the icmp ping, because of that reason. Also consider just shelling out to `ping`, which likely is setuid root for that reason (if it is available to normal users).	[reply] [d/l]