how to allow non root user to create tun devices I am developing a program which requires opening `/dev/net/tun` and issuing `ioctl()` on it but without root user I get permission denied. I think proper udev rules can...--prophetes.ai

how to allow non root user to create tun devices I am developing a program which requires opening `/dev/net/tun` and issuing `ioctl()` on it but without root user I get permission denied. I think proper udev rules can help solve this issue. I tried creating a new udev rule in the file `/etc/udev/rules.d/my_net_tun.rules` with the rule `KERNEL=="tun", MODE="0666", SYMLINK+="static_node=net/tun"` and then reloaded the udev rules but still I get permission denied. I think something might be wrong with my rule. How can I fix this?

That's not enough. Even if a process is able to open `/dev/net/tun`, it should also have the `CAP_NET_ADMIN` capability in order to create new tun/tap devices, or assign an owner to them.

This is explained in the `tuntap.rst` file from the kernel documentation.