Apparently, the /usr/bin/wondershaper (pamac build wondershaper-git) needs sudo prefix to work, “sudo -u nonrootusername wondershaper” does not work:
We have an error talking to the kernel
RTNETLINK answers: Operation not permitted
Please how can i make it so
a) user “nonrootuser” can run /usr/bin/wondershaper without sudo? or
b) no password is asked when the wondershaper command is executed by user “nonrootuser” inside a bash script please?
Unless you completely - 100% - no questions asked - trust the developer of wondershaper to never scr3w you from behind - then it is OK - otherwise - absolutely not.
I am unable to make it working.
That permission change method seemed complicated to me and i have not understood why my primary user for which i use sudo is not part of the root group (as the wondershaper binary is) and if there won’t be any security issues adding it to root group.
$ groups myusername
wheel lp sys network power autologin tor myusername
so here is my failed attempt:
sudo visudo
found line:
root ALL=(ALL) ALL
added cursor to empty line after it, hit “i” key to get into inserting mode, then right mouse click to paste:
myusername ALL=(ALL) NOPASSWD:/usr/bin/wondershaper
then “Esc” key, then type :wq
then i think i have to logout user if there is no workaround.
Then i tried your command: $ sudo usermod -Ga myusername root
usermod: group ‘a’ does not exist
$ sudo usermod -aG myusername root
no error, but “groups” command not show i am part of “root”,
tried also different tty (Ctrl+Alt+F5 & Alt+F7) to login/logout and no change, still can not execute wondershaper without sudo and with sudo it asks password.
After executing it, $groups does not show me as a member of root, but:
$ less /etc/group|grep root
root:x:0:
myusername:x:1001:root
still no permission executing that binary (tried different non-gui tty with logout/login).
thank you, but that is not what i want, i want wondershaper execute as certain non-root user from within bash script, without need to enter password. Possibly i can run that bash script as root, but i just wanted to handle things from within single place, my user/non-root account.
However, there is no reason to panic. Just restore the default groups, as in that reply, and then use sudo usermod -aG instead of sudo usermod -a -G for adding the user to the Group.
I am not sure how to restore it and what exactly. I doubt i have effectively modified anything that would need reverting and i think that i already ran “sudo usermod -aG me root” without it to modify $groups output as i have described. I think i have already posted groups contents (logout/login done in non-gui tty), but here again groups, id contents. I do not want to bother you, you already spent alot of time on this, so feel free to ignore my problem.
Well, it’s not like I’ve got anything better, or even just anything else to do. Trust me, I don’t have the attention capabilities to do two or more things at once. So if anything else comes up, I’ll jump away.
If it feels like I’m ignoring you, I promise it’s not on purpose. I probably got sidetracked…
Now, please copy and pate the output from the command groups:
groups
Please wrap your pasted text in 3 backtics (```). The bactics just formats it better for display, which makes it easier to read. And it’s not as heavy on bandwidth as a screenshot.
Where <groupname> is the name of the group TO which you are adding the user specified with <username>.
From what I gather, you’ll want to add the user me to the root group:
sudo usermod -aG root me
Then I recommend logging out and back in, or alternatively rebooting.
After which, test the command again (without sudo)
/usr/bin/wondershaper
Or maybe
./usr/bin/wondershaper
(The last one had a dot (.) in front of it, which causes it to be excuted by the interpreteer configured with its hashbang (#!) line. But I suspect that’s only for scripts. Not excuteables. In which case the first option should, theoretically, work.)
Yes, that was good syntax, “-aG group user” not “-aG user group”
$groups now shows i am part of root (unsure if it is good idea security-wise, i would think better to grant permission just for single utility or a bash script)
apparently logout/login at non-gui tty (Ctrl+Alt+F5 and then Alt+F7) not sufficing to make the binary executable without sudo or not demand password when sudo is used. I will update this once i login/logout gui session / reboot. Thank you for the effort in the meantime @Mirdarthos .
btw.
$ sudo grep me /etc/sudoers
me ALL=(ALL) NOPASSWD:/usr/bin/wondershaper
me ALL=(ALL) NOPASSWD:/home/me/scripts/bwlimitmonitor
Yes, it is indeed better. That’s where the entry in /etc/sudoers can come in. But at the same time it’s also better to have a group which can do it. Especially if there is a need for mulltiple users to be able to perform the action. And since the same person will be administering both the /etc/sudoers file as well as the user’s groups, that is usually not an issue.
Remember, the biggest security risk to a PC is its users. And if there is more than one, it gets exponentially more insecure.
After next OS start (it was not restart, but reset unfortunately), it still ask sudo password. or when -u myusername used, it says Operation not permitted.
I am running the script as root until someone finds the solution.