On Mon, Oct 03, 2022 at 04:54:28AM +0000, Branko wrote: > Running hostapd as a root seems risky. > I tried tweaking udev so that my WiFI NIC shows up as owned by > hostapd:hostapd ( and thus be accessiblle to hostapd daemon), but daemon > refuses to read even its config file as non-root. It keeps falsely > reporting that it has no permission to read the config file. > > Is there a good way to run hostapd as non-root ? It should be possible to do this by providing the needed set of Linux capabilities for the hostapd file, i.e., CAP_NET_ADMIN and CAP_NET_RAW in most cases. I've mostly tested this with wpa_supplicant (see wpa_supplicant/README and the "Linux capabilities instead of privileged process" section), but based on a quick test, this seemed to work with hostapd as well: sudo setcap cap_net_raw,cap_net_admin+ep hostapd ./hostapd test.conf PS. That comment about not having permission to read the conf file sounds a bit strange. I don't see that when trying to run hostapd without sufficient privileges. Instead, I get this: $ ./hostapd test.conf Could not set interface wlan0 flags (UP): Operation not permitted nl80211: Could not configure driver mode nl80211: deinit ifname=wlan0 disabled_11b_rates=0 nl80211 driver initialization failed. wlan0: interface state UNINITIALIZED->DISABLED wlan0: AP-DISABLED wlan0: CTRL-EVENT-TERMINATING hostapd_free_hapd_data: Interface wlan0 wasn't started -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
