To allow normal users to take down a specific network interface, such as eth1:N but not the parent interface eth1, you can use the sudo command in combination with the ip command.
Here are the steps to allow normal users to take down eth1:N but not eth1:
- Create a new group: Create a new group with a name of your choice, for example
network_admin.
sudo groupadd network_admin
- Add users to the new group: Add the users who should have permission to take down
eth1:Nto the new group.
sudo usermod -a -G network_admin username
- Create a new sudo rule: Create a new sudo rule in the
/etc/sudoersfile to allow members of thenetwork_admingroup to run theipcommand with thelink setoption on theeth1:Ninterface, but not on theeth1interface.
network_admin ALL=(ALL) NOPASSWD: /sbin/ip link set eth1:* down
- Verify the new sudo rule: Verify that the new sudo rule is working by logging in as a user who is a member of the
network_admingroup, and attempting to take down theeth1:Ninterface.
sudo ip link set eth1:N down
If the new sudo rule is working correctly, the eth1:N interface should be taken down, but attempting to take down the eth1 interface should fail with a Permission denied error.
Note that these steps may vary depending on the specific Linux distribution and version that you are using. If you encounter any issues or have questions about allowing normal users to take down a specific network interface, you may want to consult the documentation for your Linux distribution or consult with a knowledgeable Linux user for assistance.