File /etc/hosts saved
khawar@mx:~
$ ping isv.remote-support.space
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?
khawar@mx:~
$ sudo setcap cap_net_raw+ep /bin/ping
[sudo] password for khawar:
khawar@mx:~
$ ping isv.remote-support.space
PING isv.remote-support.space (10.8.0.102) 56(84) bytes of data.
^C
— isv.remote-support.space ping statistics —
1 packets transmitted, 0 received, 100% packet loss, time 0ms
The error you’re seeing:
🔍 Why this happens
The ping utility requires the ability to send and receive ICMP packets, which involves using raw sockets (SOCK_RAW). On modern Linux systems, this capability is controlled by capabilities, specifically CAP_NET_RAW.
There are two common reasons for this error:
- The
pingbinary lacks theCAP_NET_RAWcapability. - The
pingbinary is not setuid root (and your user doesn’t have sufficient privileges).
✅ How to fix it
✔️ Option 1: Add the CAP_NET_RAW capability to ping
Run this command as root or with sudo:
This grants the
pingbinary the capability to create raw sockets without requiring full root privileges.
After running this, try ping again:
✔️ Option 2: Use sudo when pinging
If you don’t want to modify capabilities, run ping with elevated privileges:
This works because sudo gives you the necessary privileges to create raw sockets.
❌ Why not setuid?
In older systems, /bin/ping was often setuid root (owned by root with the setuid bit set). Modern systems prefer capabilities instead for better security.
You can check if ping currently has capabilities:
Expected output (if fixed):
If there’s no output, the capability is missing.
⚠️ Security Note
Giving CAP_NET_RAW to ping is safe and standard on most Linux distributions. Avoid setting unnecessary privileges on other binaries.
🛠 Check if ping is working properly
After applying the fix:
If it works, your issue is resolved.
Summary
Run:
Then test:
✅ This should resolve the “Operation not permitted” error.
Leave a Reply