To allow normal users to take down a specific network interface (e.g. eth1:N) but not the entire interface (e.g. eth1), you can use the ip command and set the appropriate permissions on the relevant ip command files.
First, you will need to create a group for the users who should be allowed to bring down specific network interfaces. For example, you could create a group called ifdown:
sudo groupadd ifdownSource:www.lautturi.com
Next, add the users who should be allowed to bring down specific network interfaces to the ifdown group:
sudo usermod -a -G ifdown user1 sudo usermod -a -G ifdown user2
Then, use the chgrp and chmod commands to set the group and permissions on the relevant ip command files:
sudo chgrp ifdown /sbin/ip sudo chmod g+s /sbin/ip sudo chgrp ifdown /sbin/ifdown sudo chmod g+s /sbin/ifdown
This will allow members of the ifdown group to execute the ip and ifdown commands with root privileges, but only for specific network interfaces (e.g. eth1:N). They will not be able to bring down the entire interface (e.g. eth1) or any other interfaces.
It's worth noting that this method may not work on all Linux distributions, as the location and permissions of the ip and ifdown command files may vary. You may need to adjust the commands above accordingly.
As an alternative, you could also consider using a tool like sudo to allow specific users to execute the ip and ifdown commands with root privileges, but only for specific network interfaces. This would allow you to have fine-grained control over which users can bring down specific network interfaces and which interfaces they are allowed to bring down.