Arch/Manjaro bash script with sudo command? Allow utility be ran by a non-root user without password?

Apparently, the /usr/bin/wondershaper (pamac build wondershaper-git) needs sudo prefix to work, “sudo -u nonrootusername wondershaper” does not work:

We have an error talking to the kernel
RTNETLINK answers: Operation not permitted

Please how can i make it so

a) user “nonrootuser” can run /usr/bin/wondershaper without sudo? or
b) no password is asked when the wondershaper command is executed by user “nonrootuser” inside a bash script please?

/usr/bin/wondershaper is Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)

Hi @postcd,

I can think of two ways:

  1. Look at the sudoers file in /etc/sudoers.

2.1. Find out to which group the file belongs. sudo stat /usr/bin/wondershaper.

2.2. Give the above created group execute permission on the file: sudo chmod g=x /usr/bin/wondershaper.

2.3. Add the user that is to execute the command to the group noted above: sudo usermod -Ga [username] [group].

2.4. Make sure the user logs out and in again.

2.5. Profit. (Theoretically anyway.)

Apologies if something doesn’t work as expected. On my tablet and not at my PC. So something’s gonna suffer with that.

Unless you completely - 100% - no questions asked - trust the developer of wondershaper to never scr3w you from behind - then it is OK - otherwise - absolutely not.

I am unable to make it working.
That permission change method seemed complicated to me and i have not understood why my primary user for which i use sudo is not part of the root group (as the wondershaper binary is) and if there won’t be any security issues adding it to root group.

$ groups myusername
wheel lp sys network power autologin tor myusername

so here is my failed attempt:
sudo visudo

found line:
root ALL=(ALL) ALL

added cursor to empty line after it, hit “i” key to get into inserting mode, then right mouse click to paste:
myusername ALL=(ALL) NOPASSWD:/usr/bin/wondershaper

then “Esc” key, then type :wq

then i think i have to logout user if there is no workaround.

Then i tried your command: $ sudo usermod -Ga myusername root
usermod: group ‘a’ does not exist
$ sudo usermod -aG myusername root
no error, but “groups” command not show i am part of “root”,

tried also different tty (Ctrl+Alt+F5 & Alt+F7) to login/logout and no change, still can not execute wondershaper without sudo and with sudo it asks password.

stat /usr/bin/wondershaper
binary: Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)

There is no option -Ga or -aG or anything like that. It took me some time to figure out as well. It has to be separate.

sudo usermod -a -G <myusername> <mygroupname>

(Or that’s how I have it anyway.)

Read the instructions:

To make sure wondershaper is reactivated on reboot a systemd service file is provided. First enable wondershaper as a systemd service using:

sudo systemctl enable --now wondershaper.service

This way wondershaper is activated with your setting upon reboot.

After executing it, $groups does not show me as a member of root, but:

$ less /etc/group|grep root

still no permission executing that binary (tried different non-gui tty with logout/login).

thank you, but that is not what i want, i want wondershaper execute as certain non-root user from within bash script, without need to enter password. Possibly i can run that bash script as root, but i just wanted to handle things from within single place, my user/non-root account.

Sincere apologies. As you can see at Restore default user groups - #2 by Aragorn, I was confused with that, and I am sill here.

However, there is no reason to panic. Just restore the default groups, as in that reply, and then use sudo usermod -aG instead of sudo usermod -a -G for adding the user to the Group.

1 Like

I am not sure how to restore it and what exactly. I doubt i have effectively modified anything that would need reverting and i think that i already ran “sudo usermod -aG me root” without it to modify $groups output as i have described. I think i have already posted groups contents (logout/login done in non-gui tty), but here again groups, id contents. I do not want to bother you, you already spent alot of time on this, so feel free to ignore my problem.

Well, it’s not like I’ve got anything better, or even just anything else to do. Trust me, I don’t have the attention capabilities to do two or more things at once. So if anything else comes up, I’ll jump away.

If it feels like I’m ignoring you, I promise it’s not on purpose. I probably got sidetracked…

Now, please copy and pate the output from the command groups:


Please wrap your pasted text in 3 backtics (```). The bactics just formats it better for display, which makes it easier to read. And it’s not as heavy on bandwidth as a screenshot.

@Mirdarthos please click the link in my previous comment for the $groups output

Missed that part in the output, sorry.

Please provide the output for

sudo stat /usr/bin/wondershaper


stat /usr/bin/wondershaper

part of that output that i thought to be relevant i have posted in my initial post. here again, but this time full output


sudo usermod -aG <groupname> <username>

Where <groupname> is the name of the group TO which you are adding the user specified with <username>.

From what I gather, you’ll want to add the user me to the root group:

sudo usermod -aG root me

Then I recommend logging out and back in, or alternatively rebooting.
After which, test the command again (without sudo)


Or maybe


(The last one had a dot (.) in front of it, which causes it to be excuted by the interpreteer configured with its hashbang (#!) line. But I suspect that’s only for scripts. Not excuteables. In which case the first option should, theoretically, work.)

Yes, that was good syntax, “-aG group user” not “-aG user group”
$groups now shows i am part of root (unsure if it is good idea security-wise, i would think better to grant permission just for single utility or a bash script)

apparently logout/login at non-gui tty (Ctrl+Alt+F5 and then Alt+F7) not sufficing to make the binary executable without sudo or not demand password when sudo is used. I will update this once i login/logout gui session / reboot. Thank you for the effort in the meantime @Mirdarthos .

$ sudo grep me /etc/sudoers
me ALL=(ALL) NOPASSWD:/usr/bin/wondershaper
me ALL=(ALL) NOPASSWD:/home/me/scripts/bwlimitmonitor

No problems. I’m thinking all that remains is an entry in /etc/sudoers then. But it’s not something I’m comfortable suggesting yet.

I really hope you manage!


Yes, it is indeed better. That’s where the entry in /etc/sudoers can come in. But at the same time it’s also better to have a group which can do it. Especially if there is a need for mulltiple users to be able to perform the action. And since the same person will be administering both the /etc/sudoers file as well as the user’s groups, that is usually not an issue.

Remember, the biggest security risk to a PC is its users. And if there is more than one, it gets exponentially more insecure.

Good luck, and godspeed there!

After next OS start (it was not restart, but reset unfortunately), it still ask sudo password. or when -u myusername used, it says Operation not permitted.
I am running the script as root until someone finds the solution.