I want to run ifup eth0 and ifdown eth0 without sudo by using Linux capabilitiesFor the same issue I have written code for the same main.c
int main{
FILE ,*fp;
fp = popen("ifdown eth0","r");
if(fp==NULL)
{
printf("popen falied\n")
}
pclose(fp);
}
If I have set capabilities to binary like following :
sudo setcap -v cap_chown,cap_dac_override,cap_fowner,cap_dac_read_search,cap_net_admin+epi main
all the capabilities are set it is verified by using getcap command
getcap main
main = cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_net_admin+eip
If run above code I get following reply :
./main ifdown: failed to open lockfile /run/network/ifstate.eth0: Permission denied
Can somebody help me on this?
Capabilities don't work the way you think they do. They are attached to an executable file, and are reset when you execute a new file.
Your executable might have the permissions it need to change interface status, but not to run an external program that does so, which is what popen does.
I don't like it either, but that's the way it is.
If you've already written a program for doing what you want, you might as well go ahead and set uid on it. That will work as expected.