Ubuntu – ping as root doesn’t work with hostname, but with ip, normal user works

I have a strange ping problem, after an upgrade from ubuntu 12.04. to 14.04.
I can't ping with the hostname but with the ip it works. I don't have any other dns problems with other services or programs.
I works as normal user, but not as root.
As root user host and dig can resolve the dnsname to an ip.
busybox ping also works with the hostname.

This is the error:

root@myhost:~# ping ubuntu.com
ping: unknown host ubuntu.com

This works:

root@myhost:~# host ubuntu.com
ubuntu.com has address 91.189.94.40
ubuntu.com mail is handled by 10 mx.canonical.com.


root@myhost:~# ping 91.189.94.40 -c 1
PING 91.189.94.40 (91.189.94.40) 56(84) bytes of data.
64 bytes from 91.189.94.40: icmp_seq=1 ttl=53 time=16.1 ms


root@myhost:~# busybox ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40): 56 data bytes
64 bytes from 91.189.94.40: seq=0 ttl=53 time=16.189 ms


user@myhost:~$ ping ubuntu.com -c 1
PING ubuntu.com (91.189.94.40) 56(84) bytes of data.
64 bytes from ovinnik.canonical.com (91.189.94.40): icmp_seq=1 ttl=53 time=16.1 ms

file /etc/nsswitch.conf

root@myhost:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.


passwd:         compat
group:          compat
shadow:         compat


hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files


protocols:      db files
services:       db files
ethers:         db files
rpc:            db files


netgroup:       nis

some additional informations. thanks for the strace tip. appamor is not active.

strace: seems to be problem to open /etc/resolv.conf, but less as root works

root@myhost:~# strace -e open ping -c 1 ubuntu.com
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libcap.so.2", O_RDONLY|O_CLOEXEC) = 3
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/tls/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/x86_64/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
open("/usr/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
ping: unknown host ubuntu.com
+++ exited with 2 +++

getent:

root@myhost:~# getent hosts ubuntu.com
91.189.94.40 ubuntu.com

getcap:

root@myhost:~# getcap -rv /bin/ping
/bin/ping

permissions:

root@myhost:/etc# ls -lha /etc/resolv.conf
lrwxrwxrwx 1 root root 29 Jan  9 11:11 /etc/resolv.conf -> ../run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /run/resolvconf/resolv.conf
-rw-r--r-- 1 root root 237 Jan 10 08:52 /run/resolvconf/resolv.conf
root@myhost:/etc# ls -lha /etc/hosts
-rw-r--r-- 1 root root 485 Jan  8 09:15 /etc/hosts
root@myhost:/etc# ls -lha /etc/nsswitch.conf
-rw-r--r-- 1 root root 513 Jan  8 09:08 /etc/nsswitch.conf

resolv.conf: (same as on another host, were it works)

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 213.133.98.98
nameserver 213.133.99.99
nameserver 213.133.100.100

Best Answer

The strace output reveals that right at the spot where ping drops privileges it starts getting EACCES errors on every single open call. That suggests a permission problem is the root cause.

Since paths across /etc, /lib, and /usr are all affected by the problem, the most obvious thing to check for is permissions on /. Here is what they look like on a healthy Ubuntu 14.04 system:

$ ls -ld /
drwxr-xr-x 23 root root 4096 Jan  7 16:55 /

In your case the x privilege was missing for owner

drw-r-xr-x 26 root root 4096 Dec 30 23:09 /

This specific case will cause problems in the specific case where a process has dropped the capability to access any file in the file system but retains user id 0.

Best Answer

Related Solutions

Unable to ping hostname, but \\hostname\c$ works

Ubuntu 10.04.4 LTS – cURL SSL certificate permission denied

Related Topic