≡ Menu

Linux: Allow Normal Users To Take Down eth1:N But Not eth1 Itself

I'm using sudo to grant permission to end users under Ububtu Linux. How do I allow users to take down eth1:N but not eth1 itself using sudo?

You can easily prevent users from running ifdown eth1 but allow them to run ifdown eth1:N with sudo as follows:
sudo visudo
Grant permission to admin group users to take down eth1:N
%admin ALL=NOPASSWD: /sbin/ifdown eth1\:*
OR allow user vivek to take down eth1:N:
vivek ALL=NOPASSWD: /sbin/ifdown eth1\:*
vivek ALL=NOPASSWD: /sbin/ifup eth1\:*

Save and close the file. Now user can run take down interface eth1:1 as follows:
sudo /sbin/ifdown eth1:1
OR bring it back:
sudo /sbin/ifup eth1:1
Remove NOPASSWD option if you want to user to supply password.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 0 comments… add one }

Leave a Comment