PermissionError: Operation not permitted
Imolai opened this issue · comments
Hello Alessandro,
I get "PermissionError: [Errno 1] Operation not permitted" during call of ping().
I run it as normal user and OS side ping works well.
$ cat /etc/SuSE-release
SUSE Linux Enterprise Server 12 (x86_64)
VERSION = 12
PATCHLEVEL = 2
# This file is deprecated and will be removed in a future service pack or release.
# Please check /etc/os-release for details about this release.
$ export hst=__.__.___.__
$ ping -c1 $hst
PING __.__.___.__ (__.__.___.__) 56(84) bytes of data.
64 bytes from __.__.___.__: icmp_seq=1 ttl=53 time=4.76 ms
--- __.__.___.__ ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 4.768/4.768/4.768/0.000 ms
$ pip freeze | grep ping
pythonping==1.0.5
$ python
Python 3.6.6 (default, Aug 24 2018, 09:10:04)
[GCC 4.8.5] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from pythonping import ping
>>> import os
>>> ping(os.environ["hst"], verbose=True)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "dependencies/virtualenv/general/lib/python3.6/site-packages/pythonping/__init__.py", line 52, in ping
comm = executor.Communicator(target, provider, timeout, socket_options=options, verbose=verbose, output=out)
File "dependencies/virtualenv/general/lib/python3.6/site-packages/pythonping/executor.py", line 224, in __init__
self.socket = network.Socket(target, 'icmp', source=None, options=socket_options)
File "dependencies/virtualenv/general/lib/python3.6/site-packages/pythonping/network.py", line 25, in __init__
self.socket = socket.socket(socket.AF_INET, socket.SOCK_RAW, self.protocol)
File "/app/vbuild/SLED12-x86_64/python/3.6.6/lib/python3.6/socket.py", line 144, in __init__
_socket.socket.__init__(self, family, type, proto, fileno)
PermissionError: [Errno 1] Operation not permitted
>>>
Exception ignored in: <bound method Socket.__del__ of <pythonping.network.Socket object at 0x7f65e6edbf28>>
Traceback (most recent call last):
File "dependencies/virtualenv/general/lib/python3.6/site-packages/pythonping/network.py", line 56, in __del__
if self.socket:
AttributeError: 'Socket' object has no attribute 'socket'
Exception ignored in: <bound method Communicator.__del__ of <pythonping.executor.Communicator object at 0x7f65e6edbac8>>
Traceback (most recent call last):
File "dependencies/virtualenv/general/lib/python3.6/site-packages/pythonping/executor.py", line 233, in __del__
if self.socket:
AttributeError: 'Communicator' object has no attribute 'socket'
>>>
$ What can be wrong?
Thank you
You need root/administrative privilege to run pythonping.
We already have an issue open to make this error more clear and this will be part of the next release.
You don't have to run as root if you use the capabilities framework. You can give Python the same capabilities as /bin/ping, by doing:
sudo setcap cap_net_raw+ep $(which python)
This will allow Python to capture raw packets, without having to give it full root permission.
It wouldn't do the setcap on a sym-link:
sudo setcap cap_net_raw+ep $(which python3)
Failed to set capabilities on file `/usr/bin/python3' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
But your solution worked when done like this (for me):
$ ls -lh /usr/bin/python3
lrwxrwxrwx 1 root root 9 Mar 26 2019 /usr/bin/python3 -> python3.7
$ sudo setcap cap_net_raw+ep $(which python3.7)
try this
sudo setcap cap_net_raw+ep $(readlink -f $(which python))
@JorisE This will give python permission to run any file as sudo without being sudo.
@vlad-iancu Are you sure? According to the documentation this should only give python permission to:
• Use RAW and PACKET sockets;
• bind to any address for transparent proxying.