Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Hello, On 4 June 2013 18:06, Stefan Lippers-Hollmann s@gmx.de wrote: According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708222#10 you should have received it, at least it was sent. Probably lost somewhere. I don't have or use wpa_supplicant.conf, I use wpa_supplicant together with ifupdown, and the hooks the package provides don't do that, while they obviously should. O.k., I'll look into it - although all non-trivial[1] configuration options require the additional syntax of wpa_supplicant.conf anyways… [1] I don't see us adding hooks for pairwise/ group or wpa enterprise options like key_mgmt, eap, phase2 or identity/ password/ ca_cert, Not true. All of those options you mentioned actually are supported. at some point the additional options of using dedicated configuration files for wpa_supplicant simply becomes required. That'd be horrible, as wpa_supplicant.conf is absolutely unusable compared to /e/n/i. Also, in that case I'll have to fork the scripts and take them over from your package. Personally I consider the user/ group setting to be in that general domain, but I can be convinced either way (changing the defaults and/or adding an ifupdown hook), given convincing arguments for it. This setting is *not* a general domain. Being able to manage wpa supplicant as the non-root netdev user is an important thing, and it should be enabled by default unless explicitly disabled. Referring to your follow-up mail, yes, now that wheezy has been released, we can use /run/ instead of /var/run/ directly (without Breaks on initscripts ( 2.88dsf-13.3~), etc.). I'm personally for declaring Breaks so the package can't break older not-fully-updated systems by accident. -- WBR, Andrew -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Hello, Also, please stop using /var/run, please use /run directly. -- WBR, Andrew signature.asc Description: PGP signature
Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Control: reopen -1 Hello, On Tue, 04 Jun 2013 02:48:06 + ow...@bugs.debian.org (Debian Bug Tracking System) wrote: You can configure this through your wpa_supplicant.conf. Closing, as this behaviour can be configured and because I haven't received any arguments to toggle the default setting so far. What? I haven't received this email. wpa_supplicant.conf(5): I don't have or use wpa_supplicant.conf, I use wpa_supplicant together with ifupdown, and the hooks the package provides don't do that, while they obviously should. -- WBR, Andrew signature.asc Description: PGP signature
Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Hi On Tuesday 04 June 2013, Andrew Shadura wrote: Control: reopen -1 Hello, On Tue, 04 Jun 2013 02:48:06 + ow...@bugs.debian.org (Debian Bug Tracking System) wrote: You can configure this through your wpa_supplicant.conf. Closing, as this behaviour can be configured and because I haven't received any arguments to toggle the default setting so far. What? I haven't received this email. According to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708222#10 you should have received it, at least it was sent. wpa_supplicant.conf(5): I don't have or use wpa_supplicant.conf, I use wpa_supplicant together with ifupdown, and the hooks the package provides don't do that, while they obviously should. O.k., I'll look into it - although all non-trivial[1] configuration options require the additional syntax of wpa_supplicant.conf anyways… Referring to your follow-up mail, yes, now that wheezy has been released, we can use /run/ instead of /var/run/ directly (without Breaks on initscripts ( 2.88dsf-13.3~), etc.). Regards Stefan Lippers-Hollmann [1] I don't see us adding hooks for pairwise/ group or wpa enterprise options like key_mgmt, eap, phase2 or identity/ password/ ca_cert, at some point the additional options of using dedicated configuration files for wpa_supplicant simply becomes required. Personally I consider the user/ group setting to be in that general domain, but I can be convinced either way (changing the defaults and/or adding an ifupdown hook), given convincing arguments for it. signature.asc Description: This is a digitally signed message part.
Bug#708222: [pkg-wpa-devel] Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Hi On Tuesday 14 May 2013, Andrew Shadura wrote: […] Please create the control sockets and the directory holding them owned by netdev group, and group-accessible. Otherwise it's impossible to use wpa_cli as a non-root user. […] You can configure this through your wpa_supplicant.conf. wpa_supplicant.conf(5): […] QUICK EXAMPLES 1. WPA-Personal (PSK) as home network and WPA-Enterprise with EAP-TLS as work network. # allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=wheel […] /usr/share/doc/wpasupplicant/README.gz: […] # allow frontend (e.g., wpa_cli) to be used by all users in 'wheel' group ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel […] e.g.: /etc/network/interfaces: allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface home inet dhcp iface work inet dhcp iface default inet dhcp /etc/wpa_supplicant/wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=netdev network={ priority=30 ssid=my-essid id_str=home proto=WPA2 pairwise=CCMP group=CCMP psk=home-secret } network={ priority=25 ssid=work-essid id_str=work key_mgmt=IEEE8021X eap=TTLS phase2=auth=PAP identity=u...@work.example.com password=work-secret ca_cert=/etc/wpa_supplicant/work.pem } network={ priority=1 ssid= key_mgmt=NONE } With ctrl_interface_group=netdev, all members of netdev can use wpa_gui or wpa_cli. Does that meet your needs? Regards Stefan Lippers-Hollmann signature.asc Description: This is a digitally signed message part.
Bug#708222: /run/wpa_supplicant and friends are root:root, should be root:netdev
Package: wpasupplicant Version: 1.0-3+b1 Severity: normal Please create the control sockets and the directory holding them owned by netdev group, and group-accessible. Otherwise it's impossible to use wpa_cli as a non-root user. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.6-trunk-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wpasupplicant depends on: ii adduser 3.112+nmu1 ii initscripts 2.88dsf-27 ii libc6 2.17-0experimental2 ii libdbus-1-3 1.4.16-1 ii libnl-3-200 3.2.7-4 ii libnl-genl-3-200 3.2.7-4 ii libpcsclite1 1.8.3-3 ii libreadline6 6.2-8 ii libssl1.0.0 1.0.1c-3 ii lsb-base 4.1+Debian9 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org