When I invoke the XScreenSaver Sonar or lock the screen, the Sonar XScreenSaver displays “sonar must be setuid to ping”
Last weekend was a rainy Sunday, so I thought it would be a good time to upgrade the Linux Mint. My Thinkpad is running Linux Mint they I would upgarde from Linux Mint 21 (Vanessa) to Linux Mint 22 (Wilma). For those who are not familiar with the beautiful Linux Mint desktop. Linux Mint is based on the Ubuntu distribution, so Debian is the underlying system. Debian is the exemplary open source operating system what I prefer and mainly use for the servers.
One of the features I like on the Linux desktop is the Sonar XScreenSaver. Sonar shows the active hosts in the local network which are recognized by using ping as a screen saver. When I try to enable the XScreenSaver Sonar in the control center, it appers “sonar must be setuid to ping”.
cause
The Sonar program executed out from XScreenSaver must be installed as setuid root in order to ping hosts. This is because root privileges are needed to create an ICMP RAW socket.
Solution
First we find Sonar, which is not located under the same path on all distributions. You can easily find the location of Sonar with using the locate command.
$ locate sonar | head -n 1
/usr/libexec/xscreensaver/sonarWith head we see the first line with path where sonar is.
Now run the command as follows in the terminal shell to set permission.
$ sudo chmod +s /usr/libexec/xscreensaver/sonarThe s permissions instead of x in the owner permissions means that the sticky bit (suid) is enabled. So this file will be executed with root permissions by all users.
Note. some distributions Sonar is be under a different path.
$ sudo chmod +s /usr/lib/xscreensaver/sonarFinaly check whether the permission has been set.
$ ls -ld /usr/libexec/xscreensaver/sonar
-rwsr-sr-x 1 root root 127448 Mar 31 19:32 /usr/libexec/xscreensaver/sonarConclusion
On most Unix systems, the Sonar program must be installed as setuid root in order to ping hosts. This is because root privileges are needed to create an ICMP RAW socket. Privileges are disavowed shortly after startup (just after connecting to the X server) so this is believed to be safe:
$ sudo chown root:root sonar
$ sudo chmod u+s sonarIt is not necessary to make it setuid on MacOS systems. Because on MacOS, unprivileged programs can ping by using ICMP DGRAM sockets instead of ICMP RAW.
In ping-mode, the display is a logarithmic scale, calibrated so that the three rings represent ping times of approximately 2.5, 70 and 2,000 milliseconds respectively.
This means that if any the hosts you are pinging take longer than 2 seconds to respond. They won’t show up; and if you are pinging several hosts with very fast response times. They will all appear close to the center of the screen (making their names hard to read.)
