tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: wpa_supplicant(8) control socket enabled by default



On Mon, Feb 04, 2019 at 03:28:14PM +0000, Roy Marples wrote:
> Here are the options as I see them:
> 1) Keep things as they are now
> 2) Change the default group
> 3) Turn off the socket
> 4) Add config option to explicity set socket mode
> 6) Change the socket mode to revoke group access and use ttyaction

None of the above fit all cases. In general a "console user" should not
gain extra privileges automatically and ttyaction does not cut it either.

On the other hand we want typical notebook setups (with single, non-root
user) to work as automatically as possible. Here a console user should
be able to access (some) USB devices, connect to wifi, ....

So we may need a broader solution than just for this socket and add some
rc.conf knob to select classic host vs. extended-console-user-admin-privs
notebook kind of thing.

Martin


Home | Main Index | Thread Index | Old Index