pi user can't assign ip address

ranjithrahman · 03-07-2020, 12:54 AM

Hi,

When tried to set ip address in raspberry-ip though ssh connection from FC25 to raspberry-pi. Observed below issue:

[root@roam3end1 ~]#ssh pi@172.16.0.88 ifconfig eth0 192.168.1.10
SIOCSIFADDR: operation not permitted
SIOCSIFFLAGS: operation not permitted

eth0 interface is available in raspberry-pi machine

[root@roam3end1 ~]# ssh pi@172.16.0.81 ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e8c9:f88c:ca4d:ebd2 prefixlen 64 scopeid 0x20<link>
ether dc:a6:32:1b:7f:c1 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 768 (768.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 1116 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

raspberry-pi sudoers file:

pi@raspberrypi:~ $ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL:ALL) ALL
pi ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
%pi ALL=(ALL:ALL) NOPASSWD: ALL
#pi ALL=(ALL) NOPASSWD: ALL
# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

how to give super user permission to pi user.

So, please tell how I can fix the issue. and

Thanks in advance.
-ranj.

agillator · 03-07-2020, 07:29 AM

The sudo configuration file controls sudo, not general permissions. Your configuration file allows the pi user to use sudo to run any file, not to run any file in general.

berndbausch · 03-07-2020, 08:12 AM

To fix the problem, try

Code:

ssh pi@172.16.0.88 sudo ifconfig eth0 192.168.1.10

or better

Code:

ssh pi@172.16.0.88 sudo ip a add 192.168.1.10/24 dev eth0

assuming that 24 is the correct prefix size.

ranjithrahman · 03-09-2020, 01:00 AM

Quote:

Originally Posted by berndbausch

To fix the problem, try

Code:

ssh pi@172.16.0.88 sudo ifconfig eth0 192.168.1.10

or better

Code:

ssh pi@172.16.0.88 sudo ip a add 192.168.1.10/24 dev eth0

assuming that 24 is the correct prefix size.

hi berndbausch,

I have been using Fedora for a long time, in which this error is not seen. Many of my automation scripts are written without sudo. To make my scripts compatible for both Fedora and pi, I need this configuration. Please help in getting some work around.

Thanks,
-Ranj

Gad · 03-09-2020, 02:30 AM

Are you able to run a normal ssh login into the pi box without any additional commands?

ranjithrahman · 03-09-2020, 02:47 AM

Quote:

Originally Posted by Gad

Are you able to run a normal ssh login into the pi box without any additional commands?

yes, i can,

log message :

Code:

[root@roam3end1 ~]# ssh pi@172.16.0.81
Linux raspberrypi 4.19.75-v7l+ #1270 SMP Tue Sep 24 18:51:41 BST 2019 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Mar  9 07:34:15 2020 from 172.16.0.7


pi@raspberrypi:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::e8c9:f88c:ca4d:ebd2  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:1b:7f:c1  txqueuelen 1000  (Ethernet)
        RX packets 1271  bytes 96949 (94.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 256  bytes 28676 (28.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.0.81  netmask 255.255.0.0  broadcast 172.16.255.255
        inet6 fe80::8fcc:a4d0:88d3:4a03  prefixlen 64  scopeid 0x20<link>
        ether 34:29:8f:70:02:1b  txqueuelen 1000  (Ethernet)
        RX packets 1193  bytes 74527 (72.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 183  bytes 33357 (32.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 9  bytes 524 (524.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 524 (524.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether dc:a6:32:1b:7f:c2  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

berndbausch · 03-09-2020, 04:13 AM

Quote:

Originally Posted by ranjithrahman

hi berndbausch,

I have been using Fedora for a long time, in which this error is not seen. Many of my automation scripts are written without sudo. To make my scripts compatible for both Fedora and pi, I need this configuration. Please help in getting some work around.

The error occurs because an unprivileged user can't set IP addresses.

If your Fedora system allows a non-root user to set an ip address, the user might have received the privilege to manage networking via the CAP_NET_ADMIN capability.

Or the ipconfig command has the setuid flag. Which would be a horrible security breach.

Other than that, I don't know how this is possible for a non-root user.

berndbausch · 03-09-2020, 04:15 AM

Quote:

Originally Posted by ranjithrahman

yes, i can,

But I am sure that the pi user can't set an ip address, correct?

Gad · 03-09-2020, 11:35 AM

Looks like a permissions issue. You clearly able to login to the system so the authentication is defiantly not the issue.

The user pi most likely requires the necessary permissions

ranjithrahman · 03-10-2020, 02:48 AM

Quote:

Originally Posted by Gad

Looks like a permissions issue. You clearly able to login to the system so the authentication is defiantly not the issue.

The user pi most likely requires the necessary permissions

There is no issue on ssh, I need to give root user privilege to a pi user, please help me

Thanks,
-Ranj

berndbausch · 03-10-2020, 03:41 AM

Quote:

Originally Posted by ranjithrahman

There is no issue on ssh, I need to give root user privilege to a pi user, please help me

How did you give a non-root user root privileges on Fedora? It should work the same on Raspbian.

Gad · 03-11-2020, 08:20 AM

Paste the output of your /etc/passwd file or at least the line that contains the pi user.

You will probably need to set the UID and GID to 0 which should assign the pi user root privileges

It should be a quick fix for you but bare in mind this is not best practice. You should rather fine grain the privileges for the user