[pkg-wpa-devel] Questions - was re: Bug#498923: wpagui needs a menu entry

[Kel Modderman]

On Thursday 25 September 2008 03:05:53 Sheridan Hutchinson wrote:
> On Monday 15 September 2008 02:16:19 Sheridan Hutchinson wrote:
> >> wpagui is a great tool for us wpa_supplicant users, however I've
> >> often wondered if it could have an entry in the menu system?
> 
> Kel Modderman wrote:
> > I agree, and have done some work to make this reality, though it is
> > not totally complete yet:
> 
> It's great news to hear this is coming along, I think it would help with
> the visibility of the tool and increase usage.
> 
> > No it is not, wpa_gui should not be run as root if possible. When a
> > user is part of the 'netdev' group, and wpa_supplicant is configured
> > to grant netdev group members access to the control interface socket,
> > you may run wpa_gui as user. This setup is documented for the
> > `wpa-roam' use case of wpasupplicant package, see "Interacting with
> > wpa_supplicant with wpa_cli and wpa_gui" section of: 
> > /usr/share/doc/wpasupplicant/README.Debian.gz
> 
> I have a couple of thoughts about this.
> 
> I have added my users to the netdev group and followed the readme to set
> up the correct ctrl_interface line.
> 
> 1.) Even even after a reboot the wpa_gui command is only available for
> the root user.  Do I need to manually extend the permissions on the
> wpa_gui binary itself to the relevant users?

You must adjust PATH or provide full path to /usr/sbin/wpa_gui.

> 
> 2.) Previous I had restricted the wpa_supplicant.conf to just the root
> user and root group.  With the netdev functionality and the wpa_gui
> tool, could such a normal user retrieve password information for these
> networks?  Theoretically?
> 

If they are in the netdev group, and whoever set up the supplicant allowed
the control socket to be readable by members of netdev group, they can access
information via the wpa_supplicant control socket.

Thanks, Kel.