[pkg-wpa-devel] Bug#708222: Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Stefan Lippers-Hollmann
s.L-H at gmx.de
Sat May 18 12:39:06 UTC 2013
Hi
On Tuesday 14 May 2013, Andrew Shadura wrote:
[…]
> Please create the control sockets and the directory holding them owned
> by netdev group, and group-accessible. Otherwise it's impossible to use
> wpa_cli as a non-root user.
[…]
You can configure this through your wpa_supplicant.conf.
wpa_supplicant.conf(5):
[…]
QUICK EXAMPLES
1. WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work network.
# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel
[…]
/usr/share/doc/wpasupplicant/README.gz:
[…]
# allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
[…]
e.g.:
/etc/network/interfaces:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface home inet dhcp
iface work inet dhcp
iface default inet dhcp
/etc/wpa_supplicant/wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=netdev
network={
priority=30
ssid="my-essid"
id_str="home"
proto=WPA2
pairwise=CCMP
group=CCMP
psk="home-secret"
}
network={
priority=25
ssid="work-essid"
id_str="work"
key_mgmt=IEEE8021X
eap=TTLS
phase2="auth=PAP"
identity="user at work.example.com"
password="work-secret"
ca_cert="/etc/wpa_supplicant/work.pem"
}
network={
priority=1
ssid=""
key_mgmt=NONE
}
With ctrl_interface_group=netdev, all members of netdev can use wpa_gui
or wpa_cli. Does that meet your needs?
Regards
Stefan Lippers-Hollmann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20130518/8a11c328/attachment.pgp>
More information about the Pkg-wpa-devel
mailing list