PermissionError when Pingtop is executed without sudo

[ivanhercaz]

Hi,
Beautiful and useful tool! However I am having a similar problem to #5, but it is already fixed and seems a bit different to this one I am reporting.

I installed it with pip install pingtop. Then I ping baidu.com with pingtop baidu.com but it doesn't work, I get this error:

ERROR:root:[Errno13]: Permiso denegado
[...]
PermissionError: [Errno13]  Permiso denegado

I can't copy the error, so I am going to attach a screenshot.

I achieve to run it thanks to the comment of @laixintao in the mentioned issue, I mean making a which pingtop to get the path in which it is installed and then using sudo PATH baidu.com.

Is there some reason to run it as super user? Or, could it be fixed?

Regards

[laixintao]

hi @ivanhercaz cloud you plz print your uname -a iptables -L and python -V here?

Also cat /proc/sys/net/ipv4/ping_group_range and id command would provide some helpful information.

Please take a look @gzxultra

[ivanhercaz]

Hi @laixintao!

Here you have the information you requested me. If you need something more, just tell me!

uname -a

Linux workspace 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-ISOLATION  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

python -v

import _frozen_importlib # frozen
import _imp # builtin
import '_thread' # <class '_frozen_importlib.BuiltinImporter'>
import '_warnings' # <class '_frozen_importlib.BuiltinImporter'>
import '_weakref' # <class '_frozen_importlib.BuiltinImporter'>
# installing zipimport hook
import 'zipimport' # <class '_frozen_importlib.BuiltinImporter'>
# installed zipimport hook
import '_frozen_importlib_external' # <class '_frozen_importlib.FrozenImporter'>
import '_io' # <class '_frozen_importlib.BuiltinImporter'>
import 'marshal' # <class '_frozen_importlib.BuiltinImporter'>
import 'posix' # <class '_frozen_importlib.BuiltinImporter'>
import _thread # previously loaded ('_thread')
import '_thread' # <class '_frozen_importlib.BuiltinImporter'>
import _weakref # previously loaded ('_weakref')
import '_weakref' # <class '_frozen_importlib.BuiltinImporter'>
# /home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/__init__.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/encodings/__init__.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/__init__.cpython-37.pyc'
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/codecs.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/codecs.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/codecs.cpython-37.pyc'
import '_codecs' # <class '_frozen_importlib.BuiltinImporter'>
import 'codecs' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b259e8>
# /home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/aliases.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/encodings/aliases.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/aliases.cpython-37.pyc'
import 'encodings.aliases' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b3e400>
import 'encodings' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b25470>
# /home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/utf_8.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/encodings/utf_8.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/utf_8.cpython-37.pyc'
import 'encodings.utf_8' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b49128>
import '_signal' # <class '_frozen_importlib.BuiltinImporter'>
# /home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/latin_1.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/encodings/latin_1.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/encodings/__pycache__/latin_1.cpython-37.pyc'
import 'encodings.latin_1' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b49be0>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/io.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/io.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/io.cpython-37.pyc'
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/abc.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/abc.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/abc.cpython-37.pyc'
import '_abc' # <class '_frozen_importlib.BuiltinImporter'>
import 'abc' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b4d208>
import 'io' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b49e10>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/site.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/site.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/site.cpython-37.pyc'
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/os.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/os.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/os.cpython-37.pyc'
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/stat.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/stat.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/stat.cpython-37.pyc'
import '_stat' # <class '_frozen_importlib.BuiltinImporter'>
import 'stat' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82ae6438>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/posixpath.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/posixpath.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/posixpath.cpython-37.pyc'
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/genericpath.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/genericpath.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/genericpath.cpython-37.pyc'
import 'genericpath' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82aebef0>
import 'posixpath' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82ae6b70>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_collections_abc.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/_collections_abc.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_collections_abc.cpython-37.pyc'
import '_collections_abc' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82af3550>
import 'os' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b5b0f0>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_sitebuiltins.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/_sitebuiltins.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_sitebuiltins.cpython-37.pyc'
import '_sitebuiltins' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b5b4a8>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_bootlocale.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/_bootlocale.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/_bootlocale.cpython-37.pyc'
import '_locale' # <class '_frozen_importlib.BuiltinImporter'>
import '_bootlocale' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b135f8>
import 'site' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82b4dda0>
Python 3.7.2 (default, Dec 29 2018, 06:19:36) 
[GCC 7.3.0] :: Anaconda, Inc. on linux
Type "help", "copyright", "credits" or "license" for more information.
# extension module 'readline' loaded from '/home/ivanhercaz/miniconda3/lib/python3.7/lib-dynload/readline.cpython-37m-x86_64-linux-gnu.so'
# extension module 'readline' executed from '/home/ivanhercaz/miniconda3/lib/python3.7/lib-dynload/readline.cpython-37m-x86_64-linux-gnu.so'
import 'readline' # <_frozen_importlib_external.ExtensionFileLoader object at 0x7f2f82ab97b8>
import 'atexit' # <class '_frozen_importlib.BuiltinImporter'>
# /home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/rlcompleter.cpython-37.pyc matches /home/ivanhercaz/miniconda3/lib/python3.7/rlcompleter.py
# code object from '/home/ivanhercaz/miniconda3/lib/python3.7/__pycache__/rlcompleter.cpython-37.pyc'
import 'rlcompleter' # <_frozen_importlib_external.SourceFileLoader object at 0x7f2f82ab98d0>

cat /proc/sys/net/ipv4/ping_group_range

1 0

[gzxultra]

I just replicated this issue, one second, looking now.

[gzxultra]

Apologize for the delay, I just realize my PR only granted non-root support for OS X, Linux is a bit tricky.
One way to work around here is, like @laixintao indicated, set the ping_group_range.
Also, there's a bug in receive_one_ping func, will submit a PR to fix this.

root@host:~# sysctl -w net.ipv4.ping_group_range="<min-uid> <max-uid>"

For example, if your uid is 1234,

root@host:~# sysctl -w net.ipv4.ping_group_range="0 1234"

Not sure if it is the best practice here.

[laixintao]

@ivanhercaz Hi can you try to set ping_group_range="0 1234" like @gzxultra said? Also run id command on you machine and paste the result here?

[laixintao]

Hi @ivanhercaz , we use ICMP socket to send ICMP packet without root.

However, there is a option control who can use this feature.

cat /proc/sys/net/ipv4/ping_group_range

1	0

This means group number from 1 to 0 can use this feature, which means nobody can use this, so you get a Permission denied .

[vagrant@centos7 pingtop]$ python ping.py
Traceback (most recent call last):
  File "ping.py", line 281, in <module>
    print(do_one("google.com", 1, 64))
  File "ping.py", line 204, in do_one
    my_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, icmp)
  File "/usr/lib64/python2.7/socket.py", line 187, in __init__
    _sock = _realsocket(family, type, proto)
socket.error: [Errno 13] Permission denied

Solution

Change this variable to a proper range include your group id, like this:

[vagrant@centos7 pingtop]$ id
uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[vagrant@centos7 pingtop]$ sudo sysctl -w net.ipv4.ping_group_range='0 1001'
net.ipv4.ping_group_range = 0 1001

Then you can use this without sudo.

[laixintao]

About the detail:

https://lkml.org/lkml/2011/5/10/389

[laixintao]

I am going to close this issue, feel free to reopen it if you have further questions.

[ivanhercaz]

Hi @laixintao and @gzxultra,

Excuse me for the delay replying to you! That's very nice to know the solutions is something like that. The best of all is that this has been useful to explain this situation in the README and make easier to solve it in the future for new users.

Thank you very much for your work and your help with this issue!