Cannot Reproduce
Details
Assignee
OpenNMS Bug Mailing ListOpenNMS Bug Mailing ListReporter
John CenterJohn CenterComponents
Fix versions
Affects versions
Priority
Major
Details
Details
Assignee
OpenNMS Bug Mailing List
OpenNMS Bug Mailing ListReporter
John Center
John CenterComponents
Fix versions
Affects versions
Priority
MajorPagerDuty
PagerDuty
PagerDuty
Created April 9, 2009 at 1:50 PM
Updated July 26, 2013 at 3:03 AM
Resolved August 8, 2009 at 2:03 AM
Running jicmp as root works, but not as opennms user:
java -Dopennms.library.jicmp=/opt/NMSjicmp/lib/libjicmp.so -classpath
/opt/opennms/lib/opennms-icmp-api-1.7.2.jar:/opt/opennms/lib/log4j-1.2.15.jar:/opt/opennms/lib/jicmp-api-1.0.10.jar
org.opennms.netmgt.ping.Ping www.google.com
[DEBUG] System property 'opennms.library.jicmp' set to
'/opt/NMSjicmp/lib/libjicmp.so. Attempting to load jicmp library from
this location.
[INFO] Successfully loaded jicmp library.
IOException while creating an IcmpSocket.
java.net.SocketException: System error creating ICMP socket (13,
Permission denied)
at org.opennms.protocols.icmp.IcmpSocket.initSocket(Native Method)
at
org.opennms.protocols.icmp.IcmpSocket.<init>(IcmpSocket.java:108)
at org.opennms.netmgt.ping.Ping.main(Ping.java:111)
I did some research on determining the permission problem & came across
this article:
http://www.sun.com/bigadmin/features/articles/least_privilege.jsp. I
ran the command above with ppriv debugging & received this message:
...
java[22346]: missing privilege "net_icmpaccess" (euid = 106, syscall =
230) for "devpolicy" needed at so_socket+0xc8
...
I added "net_icmpaccess" to the opennms user:
usermod -K defaultpriv=basic,net_icmpaccess opennms
And, now it works.