run ip commands without sudo

Question

I am currently writing something that utilizes a usb CAN interface to communicate with a CAN bus. If I switch users to root, the program runs just fine, however, I want to run the program as my local user (steven). The program is built on top of libsocketcan (https://github.com/lalten/libsocketcan) which is where the commands that I need permission for are called. specifically: can_set_bitrate, can_do_start

I have tried adding permissions to my sudoers file as it is shown here, however that did not change the outcome:

# Cmnd alias specification
Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/visudo, /usr/bin/link, /sbin/ip
# User privilege specification
root    ALL=(ALL:ALL) ALL
Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
steven ALL =(ALL) NOPASSWD:ALL
See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d

I have also tried aliasing the ip command with sudo ip but that also has not solved the problem. I keep running into this error specifically: RTNETLINK answers: Operation not permitted Any help is very much appreciated! Thank you!

score 1 · Answer 1 · answered May 10 '22 at 03:27

1

If your program runs /bin/ip, you can try setting the setuid sticky bit.

▶ sudo chmod u+s /bin/ip

Any user on the computer will be able to execute /bin/ip with root privileges.

answered May 10 '22 at 03:27

xpk

436

run ip commands without sudo

Members of the admin group may gain root privileges

Allow members of group sudo to execute any command

See sudoers(5) for more information on "#include" directives:

1 Answers1