XScreenSaver sonar must be setuid to ping

4.5
(2)

When I invoke the XScreenSaver Sonar or lock the screen, the Sonar XScreenSaver displays “sonar must be setuid to ping”

XScreenSaver sonar must be setuid to ping

Last weekend was a rainy Sunday, so I thought it would be a good time to upgrade the Linux Mint. My Thinkpad is running Linux Mint they I would upgarde from Linux Mint 21 (Vanessa) to Linux Mint 22 (Wilma). For those who are not familiar with the beautiful Linux Mint desktop. Linux Mint is based on the Ubuntu distribution, so Debian is the underlying system. Debian is the exemplary open source operating system what I prefer and mainly use for the servers.

One of the features I like on the Linux desktop is the Sonar XScreenSaver. Sonar shows the active hosts in the local network which are recognized by using ping as a screen saver. When I try to enable the XScreenSaver Sonar in the control center, it appers “sonar must be setuid to ping”.

cause

The Sonar program executed out from XScreenSaver must be installed as setuid root in order to ping hosts. This is because root privileges are needed to create an ICMP RAW socket.

Solution

First we find Sonar, which is not located under the same path on all distributions. You can easily find the location of Sonar with using the locate command.

$ locate sonar | head -n 1
/usr/libexec/xscreensaver/sonar

With head we see the first line with path where sonar is.

Now run the command as follows in the terminal shell to set permission.

$ sudo chmod +s /usr/libexec/xscreensaver/sonar

The s permissions instead of x in the owner permissions means that the sticky bit (suid) is enabled. So this file will be executed with root permissions by all users.

XScreenSaver setuid sonar ping

Note. some distributions Sonar is be under a different path.

$ sudo chmod +s /usr/lib/xscreensaver/sonar

Finaly check whether the permission has been set.

$ ls -ld /usr/libexec/xscreensaver/sonar
-rwsr-sr-x 1 root root 127448 Mar 31 19:32 /usr/libexec/xscreensaver/sonar

Conclusion

On most Unix systems, the Sonar program must be installed as setuid root in order to ping hosts. This is because root privileges are needed to create an ICMP RAW socket. Privileges are disavowed shortly after startup (just after connecting to the X server) so this is believed to be safe:

$ sudo chown root:root sonar
$ sudo chmod u+s sonar

It is not necessary to make it setuid on MacOS systems. Because on MacOS, unprivileged programs can ping by using ICMP DGRAM sockets instead of ICMP RAW.

In ping-mode, the display is a logarithmic scale, calibrated so that the three rings represent ping times of approximately 2.5, 70 and 2,000 milliseconds respectively.

This means that if any the hosts you are pinging take longer than 2 seconds to respond. They won’t show up; and if you are pinging several hosts with very fast response times. They will all appear close to the center of the screen (making their names hard to read.)

How useful was this post?

Click on a star to rate it!

Average rating 4.5 / 5. Vote count: 2

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *