When executing a program (check_icmp) as part of the Check_MK software, the following error was displayed:
check_icmp: Failed to obtain ICMP socket: Operation not permitted
The “check_icmp” program had the following “ls -l” listing:
-rwsr-x---. 1 root omd 4874 Aug 7 2018 check_icmp
Note the 4750 octal value for the file’s permissions above.
The check_icmp program was executed by the central user which was part of the omd group. With suid permissions, the user (central) should have been able to assume the root user’s privileges and execute without issue. In fact, executing the check_icmp program as the root user encountered no issue.
The root cause of the error above was the fact that the partition (/app) containing the check_icmp program was mounted with the nosuid directive as shown by the entry in /etc/fstab below:
/dev/mapper/vg01-app /app xfs defaults,nodev,nosuid 0 0
The nosuid directive in /etc/fstab was added to application partitions as part of our Linux hardening procedure. So, for applications that use suid, this directive must be modified.
After removing the nosuid directive from /etc/fstab and remounting /app, the check_icmp program executed by the non-root user (central) without any problem.
