When installing a Debian 10 container in a Proxmox VE 6.1 (with the nested option needed), I have no ping from any non root user in the container:
This problem was indirectly addressed in this forum thread (which is tagged as solved, and that's why I'm opening a new one). However, AMHO, it was quite misinterpreted (I think it is an OS problem, not an Apache one, as it happens for any non-pribilegied user, not only www-data) and can have better solutions.
Consulting several sources, particularly this forum post, to solve that recent linux distribution do no longer use the setuid bit (which provoques ping to be executed as the program's owner, root, an not the user who runs the command), but kernel capabilities. In a Debian or an Ubuntu installed from official ISOs, when I run
It's easy to solve. You just have to run as root:
Or, more elegant, re-install
Ping is clearly a basic network tool that should be available for all linux users, which is the case in usual linux distros.
This forum post just to contribute for other users, and to insist that PVE Staff Member take it into account in templates' configuration.
Bash:
ulvida@anacahuita:~$ ping che
ping: socket: Operación no permitida
Consulting several sources, particularly this forum post, to solve that recent linux distribution do no longer use the setuid bit (which provoques ping to be executed as the program's owner, root, an not the user who runs the command), but kernel capabilities. In a Debian or an Ubuntu installed from official ISOs, when I run
getcap /bin/ping
, it returns: /bin/ping = cap_net_raw+ep
. Which is not the case with PVE LXC Debian Buster templates.It's easy to solve. You just have to run as root:
Bash:
setcap cap_net_raw+ep /bin/ping
iputils-ping
package.Ping is clearly a basic network tool that should be available for all linux users, which is the case in usual linux distros.
This forum post just to contribute for other users, and to insist that PVE Staff Member take it into account in templates' configuration.
Last edited: