I would like to allow a specific user or a group to manage ip interfaces with commands like
ip link set dev $DEV_NAME up
ip -4 addr add $DEV_ipv4_ADDR dev $DEV_NAMEWithout superuser privileges (sudo). What is the nature of the following error?
RTNETLINK answers: Operation not permittedFor the curious I want to set ip interfaces with a script run by a user and I don't want them to block every time it encounters a statement with "sudo". I also don't want to run the whole script with "sudo".
It crossed my mind to run sudo chmod +s $(which ip) but this sounds like a terrible idea!!
11 Answer
sudo is still the best way in my opinion. Make scripts that can only do what you want to allow the users to do, and then grant access with visudo to allow the specific users to run those specific scripts as root.
You say you don't want to run the whole script with sudo; the answer then will be to split out the parts that must be run as root into separate scripts, run those with sudo called from the user-facing script. Probably with NOPASSWD option of sudo if you don't want the user-facing script to present a sudo Password: prompt.
It will be a bad idea to give blanket root access to the ip command as someone could easily ruin the system's networking and very likely there is an arbitrary code execution method in there somewhere.
