Re: is there a way to run hostapd as non -root user ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 03, 2022 at 04:54:28AM +0000, Branko wrote:
> Running hostapd as a root seems risky.
> I tried tweaking udev so that my WiFI NIC shows up as owned by
> hostapd:hostapd ( and thus be accessiblle to hostapd daemon), but daemon
> refuses to read even its config file as non-root. It keeps falsely
> reporting that it has no permission to read the config file.
> 
> Is there a good way to run hostapd as non-root ?

It should be possible to do this by providing the needed set of Linux
capabilities for the hostapd file, i.e., CAP_NET_ADMIN and CAP_NET_RAW
in most cases. I've mostly tested this with wpa_supplicant (see
wpa_supplicant/README and the "Linux capabilities instead of privileged
process" section), but based on a quick test, this seemed to work with
hostapd as well:

sudo setcap cap_net_raw,cap_net_admin+ep hostapd
./hostapd test.conf


PS.

That comment about not having permission to read the conf file sounds a
bit strange. I don't see that when trying to run hostapd without
sufficient privileges. Instead, I get this:

$ ./hostapd test.conf 
Could not set interface wlan0 flags (UP): Operation not permitted
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED 
wlan0: CTRL-EVENT-TERMINATING 
hostapd_free_hapd_data: Interface wlan0 wasn't started


-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux