[pkg-wpa-devel] Bug#428620: Bug#428620: Conflicting advice regarding security
Kel Modderman
kel at otaku42.de
Tue Jul 3 22:14:29 UTC 2007
Hi Loye,
On Wed, 13 Jun 2007 10:18:06 am Loye Young wrote:
> Package: wpasupplicant
> Version: 0.5.7
> /usr/share/doc/wpasupplicant/README.modes.gz advises (waaayyyyy down at the
> bottom) to set permissions to 0600 for both /etc/network/interfaces and
> /etc/wpa_supplicant/wpa_supplicant.conf.
Does the emphasis on "waaayyyyy" indicate you want it moved somewhere else?
>
> /usr/share/doc/wpasupplicant/examples/README.wpa_supplicant.conf.gz advises
> that by setting GROUP=wheel, non-root users can use the control interface,
> but wpa_supplicant can run as root. However, if wpa_supplicant.conf is
> 0600, only root can read the file and client apps fail because they cannot
> read configuration file.
>
> Would it make sense to:
> chmod root:wheel wpa_supplicant.conf
> chmod 0660 wpa_supplicant.conf
> by default?
We'd have to provide the generic group "wheel" too. I think that is not going
to happen.
README.modes suggests perms of 0600 because it describes use cases where
wpa_supplicant is started as system daemon (by root) only.
Thanks, Kel.
More information about the Pkg-wpa-devel
mailing list