On Fri 13.12.2024 16:59:52, Noah Meyerhans wrote: > On Fri, Dec 13, 2024 at 08:53:09PM +0100, Andre Klärner wrote: > > it would be nice if the change from this bug would be mentioned in > > NEWS.Debian. > > Agreed, this should happen. It also needs to be mentioned in release > notes for Debian 13.
Thanks! > Here's an initial proposal for NEWS text, let me know if it makes sense: > > iputils-ping is no longer installed with built-in privilege escalation > via Linux capabilities(7). Instead, it relies on kernel runtime > configuration supplied by the linux-sysctl-defaults package, which is > installed by default. I would change "which is installed by default" to "which is recommended by iputils-ping", since this default only holds on systems where recommended packages are selected automatically - which e.g. mine do not do to keep the servers lean. > If you are not installing linux-sysctl-defaults package, you may wish to > consider setting the net.ipv4.ping_group_range sysctl variable to grant > the ability to run ping to non-root users based on group membership. > Executing /sbin/sysctl -w net.ipv4.ping_group_range="0 2147483647" or > adding the following line to a new file /etc/sysctl.d/ping.conf file > will grant the ability to all unprivileged groups: > net.ipv4.ping_group_range="0 2147483647" I would not suggest setting the value temporarily to users. My suggestion would be: Run echo net.ipv4.ping_group_range=0 2147483647 >/etc/sysctl.d/ping.conf followed by sysctl --system to grant the ability to all unprivileged groups. Best regards, Andre
signature.asc
Description: PGP signature
