My server is running CentOS 6. I have a Sprint Broadband device connected as ppp0. This connection has a tendency to need restarted, so I'm trying to monitor it with Nagios (this is used for other monitoring of my network already). I have a nagios script written that tries to ping out over this interface using this command:
enter ping -c 1 -I ppp0 google.com | grep ttl
Running this as the root user works fine, and give me the the response of a single ping reply, or nothing if the connection is dead. However, if I run this same command as the user "nagios", I get the following error:
Warning: cannot bind to specified iface, falling back: Operation not permitted
The ping falls back to my eth0 interface for the ping.
It seems that the interface's permissions won't allow the nagios user to use it. I'm not sure what to change to allow this user to ping over this interface. Any suggestions? Thanks
Since ping needs to write raw packets, it needs root access. Normally ping would have the setuid bit set in order to accomplish this. If you check the permission of ping with, for example:
stat -c %a $(which ping). Most systems would return4775. The leading 4 is the setuid bit, which says that when running this program it runs under the uid of the user owning the file. If this is instead returning755. You could add the setuid bit by runningchmod u+s $(which ping)On Linux, the preferred way is to give
ping(or other such things) special capabilities. This avoids the pitfalls of executing with root permissions via a setuid bit (read below).From the Archlinux Wiki: