socket: Permission denied

After upgrading my Guruplug Display from Lenny to Squeeze I came along an odd error; every non-root user was unable to access anything related to the internet.

NTP:

Mar 26 20:31:50 localhost ntpd[1055]: ./../lib/isc/unix/ifiter_ioctl.c:348:
unexpected error:
Mar 26 20:31:50 localhost ntpd[1055]: making interface scan socket:
Permission denied
Mar 26 20:35:09 localhost ntpd[1055]: ntpd exiting on signal 15

Regular user:

yeri@gplugD ~ $ ping google.be
ping: unknown host google.be
yeri@gplugD ~ $ ping 85.12.6.171
socket: Permission denied
yeri@gplugD ~ $ ssh localhost
socket: Permission denied
ssh: connect to host localhost port 22: Permission denied

Root:

gplugD ~ # ping 85.12.6.171 -c 1
PING 85.12.6.171 (85.12.6.171) 56(84) bytes of data.
64 bytes from 85.12.6.171: icmp_req=1 ttl=58 time=37.1 ms
--- 85.12.6.171 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 37.145/37.145/37.145/0.000 ms

Solution? It’s an issue (well, not really an issue, more working like intended) of this kernel flag

CONFIG_ANDROID_PARANOID_NETWORK

And you can fix it by adding the aid_inet group — and adding your user(s) too it. Don’t forget to add NTP etc as well.

gplugD ~ # groupadd -g 3003 aid_inet
gplugD ~ # usermod -G -a aid_inet $YOUR-USER

Special thanks to Tim Besard!

(My Serverfault link)

Edit, from the Serverfault page:

On Android Jelly Bean (4.1) used on the Nexus 7, I had to use the group name inet instead of aid_inet, thus:

$ groupadd -g 3004 inet
# I used 3004 instead of 3003 because 3003 was already taken by aid_inet
$ usermod -G inet <username>

Some code snippets from the Android Kernel related to this go here: http://blog.appuarium.com/2011/06/23/how-android-enforces-android-permission-internet/


Posted by

in

, , ,

Comments

4 responses to “socket: Permission denied”

  1. sifourquier avatar
    sifourquier

    use usermod -G aid_inet -a yeri
    -a for append

  2. Bob Barry avatar
    Bob Barry

    Many thanks, that solved my problem.

  3. Yeri Tiete avatar

    I’ve edited the post and added “-a” flag.

  4. SuperFXMaster avatar
    SuperFXMaster

    Thanks! It solves Android Linux chroots not being able to resolve some hostnames.

Leave a Reply…