The only special I know about ping is that without the sticky bit a normal (non-root) user can't open a socket to use it. -rwsr-xr-x 1 root root 29680 Sep 20 2001 /bin/ping Use "chmod a-s /bin/ping" and "chmod a+s /bin/ping" as root to change the sticky bit. When the sticky bit is removed a normal user gets the error "ping: icmp open socket: Operation not permitted". The error-message "ping: unknown host..." sounds more like an error in name-resolving in that very moment. Could you try the ping not with a DNS-name but with an IP (e.g. 193.99.144.71 for www.heise.de) or maybe you could try to ping 127.0.0.1 which should work as long the loopback-interface (lo) is up. My user and the user nobody are both not members of group dialout but can both use ping when the sticky bit is set. I think harden_suse removes some (or all?) sticky bits from binaries. Which owner-group belongs the ping-binary to user nobody calls on your system (ls -l `which ping`)? Does it look like my example above or is there something with dialout? -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216 On Wed, 16 Oct 2002, Michael Seewald wrote:
It *does* have to do with the dialout group, at least on my system (maybe due to harden_suse and the "secure" permission stuff)?
Please try a ping as user nobody and look if it works. For me, it does *only* if nobody is part of the dialout group. The second I delete nobody from dialout (/etc/group), it doesn't any longer.