非root用户想使用ping来监测网站,但是却报错,查了下文档安装包部署需要配置java虚拟机root权限启动从而使用ICMP,若未启用root权限则是判断telnet对端7号端口是否开通
Best effort is made by the implementation to try to reach the host, but firewalls and server configuration may block requests resulting in a unreachable status while some specific ports may be accessible.
A typical implementation will use ICMP ECHO REQUESTs if the privilege can be obtained, otherwise it will try to establish a TCP connection on port 7 (Echo) of the destination host.
上网查了下是因为创建raw icmp socket 需要root权限。
# 找到java的文件路径,为其设置权限
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/lib/jvm/java-11-openjdk-11.0.15.0.10-3.el8.x86_64/bin/java
#设置完后报错。
[xxx@xxx]$ java -version
java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory
#在/etc/ld.so.conf.d 下创建java.conf 将libjli.so所在路径加入其中后以root用户执行命令
ldconfig
[hbz@VM-20-2-centos jli]$ java -version
openjdk version "11.0.15" 2022-04-19 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.15+10-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.15+10-LTS, mixed mode, sharing)
经测试重新启动后java程序可以在非root用户执行icmp ping