[pkg-wpa-devel] Bug#708222: Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev

Sat May 18 12:39:06 UTC 2013

Hi

On Tuesday 14 May 2013, Andrew Shadura wrote:
[…]
> Please create the control sockets and the directory holding them owned
> by netdev group, and group-accessible. Otherwise it's impossible to use
> wpa_cli as a non-root user.
[…]

You can configure this through your wpa_supplicant.conf.

wpa_supplicant.conf(5):
[…]
QUICK EXAMPLES
       1. WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work network.

          # allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
          ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
[…]

/usr/share/doc/wpasupplicant/README.gz:
[…]
# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
[…]

e.g.:

/etc/network/interfaces:

allow-hotplug wlan0
iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface home inet dhcp
iface work inet dhcp
iface default inet dhcp

/etc/wpa_supplicant/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev

network={
	priority=30
	ssid="my-essid"
	id_str="home"
	proto=WPA2
	pairwise=CCMP
	group=CCMP
	psk="home-secret"
}

network={
	priority=25
	ssid="work-essid"
	id_str="work"
	key_mgmt=IEEE8021X
	eap=TTLS
	phase2="auth=PAP"
	identity="user at work.example.com"
	password="work-secret"
	ca_cert="/etc/wpa_supplicant/work.pem"
}

network={
	priority=1
	ssid=""
	key_mgmt=NONE
}

With ctrl_interface_group=netdev, all members of netdev can use wpa_gui
or wpa_cli. Does that meet your needs?

Regards
	Stefan Lippers-Hollmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20130518/8a11c328/attachment.pgp>