Linux: Allow Normal Users To Take Down eth1:N But Not eth1 Itself

last updated in Categories

I‘m using sudo to grant permission to end users under Ububtu Linux. How do I allow users to take down eth1:N but not eth1 itself using sudo?

You can easily prevent users from running ifdown eth1 but allow them to run ifdown eth1:N with sudo as follows:
sudo visudo
Grant permission to admin group users to take down eth1:N
%admin ALL=NOPASSWD: /sbin/ifdown eth1\:*
OR allow user vivek to take down eth1:N:
vivek ALL=NOPASSWD: /sbin/ifdown eth1\:*
vivek ALL=NOPASSWD: /sbin/ifup eth1\:*

Save and close the file. Now user can run take down interface eth1:1 as follows:
sudo /sbin/ifdown eth1:1
OR bring it back:
sudo /sbin/ifup eth1:1
Remove NOPASSWD option if you want to user to supply password.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.