How to set access permissions on a network interface?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to set access permissions on a network interface?
Suppose a command:
Code:
$ ethtool eth5
Settings for eth5:
Cannot get device settings: Operation not permitted
Cannot get wake-on-lan settings: Operation not permitted
Current message level: 0x000000ff (255)
Cannot get link status: Operation not permitted
which means eth5 is not accessible by normal user. How can i give an ordinary user access to this interface? If eth5 were a file in /dev, i would just change devnode file permissions. But it's not. So, what's the way?
P.S. sudo is not a good solution since it would make the program executed as root while i may not want this.
You misunderstood me. eth? is not a file in /dev - it's not a file at all, so usual file permissions trick will not help here, which is the very problem i'm trying to solve.
Udev governs all devices including network devices and anything that is/isn't in /dev. Take dr_agon's advice and start looking at udev rules. I'm sure you'll find what you're looking for. (and no I don't know how to do what you're asking specifically)
ethtool needs to be run as root.
Why do you want to give an ordinary user access to ethtool ? Perhaps there is an easier way of achieving what you want.
ethtool needs to be run as root.
Why do you want to give an ordinary user access to ethtool ?
Suppose, a use wants to r/w his disk drive (e.g. using dd). But disk drives are only accessible by root. Then you can chmod disk's /dev entry, and the user wouldn't have to use sudo. Additionally, the user would be able to do anything with the disk given away to him, including writing his own program to operate the disk.
That's the same i want to do with the NIC - just give it away to some user(s), so not only ethtool here, but any ioctl which controls the given network interface.
If you don't want to use sudo, or give the user full root access, maybe let them run in a virtual machine (where they can have root access, without harming the host machine) and give eth5 to the virtual machine.
Otherwise, maybe socat can help you:
Quote:
Socat is a relay for bidirectional data transfer between two independent data channels. Each of these data channels may be a file, pipe, device (terminal or modem, etc.), socket (Unix, IP4, IP6 - raw, UDP, TCP), SSL, a client for SOCKS4, or proxy CONNECT. It supports broadcasts and multicasts, abstract Unix sockets, Linux tun/tap, GNU readline, and PTYs. It provides forking, logging, and dumping and different modes for interprocess communication. Many options are available for tuning socat and its channels. Socat can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, or for redirecting TCP-oriented programs to a serial line.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.