Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

wpa_priv(8) [suse man page]

WPA_PRIV(8)															       WPA_PRIV(8)

NAME

       wpa_priv - wpa_supplicant privilege separation helper

SYNOPSIS

       wpa_priv [ -c ctrl path ] [ -Bdd ] [ -P pid file ] [ driver:ifname [driver:ifname ...] ]

OVERVIEW

       wpa_priv is a privilege separation helper that minimizes the size of wpa_supplicant code that needs to be run with root privileges.

       If  enabled,  privileged operations are done in the wpa_priv process while leaving rest of the code (e.g., EAP authentication and WPA hand-
       shakes) to operate in an unprivileged process (wpa_supplicant) that can be run as non-root user. Privilege separation restricts the effects
       of  potential  software	errors by containing the majority of the code in an unprivileged process to avoid the possibility of a full system
       compromise.

       wpa_priv needs to be run with network admin privileges (usually, root user). It opens a UNIX domain  socket  for  each  interface  that	is
       included on the command line; any other interface will be off limits for wpa_supplicant in this kind of configuration. After this, wpa_sup-
       plicant can be run as a non-root user (e.g., all standard users on a laptop or as a special non-privileged user account	created  just  for
       this purpose to limit access to user files even further).

EXAMPLE CONFIGURATION

       The following steps are an example of how to configure wpa_priv to allow users in the wpapriv group to communicate with wpa_supplicant with
       privilege separation:

       Create user group (e.g., wpapriv) and assign users that should be able to use wpa_supplicant into that group.

       Create /var/run/wpa_priv directory for UNIX domain sockets and control user access by setting it accessible only for the wpapriv group:

	      mkdir /var/run/wpa_priv
	      chown root:wpapriv /var/run/wpa_priv
	      chmod 0750 /var/run/wpa_priv

       Start wpa_priv as root (e.g., from system startup scripts) with the enabled interfaces configured on the command line:

	      wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0

       Run wpa_supplicant as non-root with a user that is in the wpapriv group:

	      wpa_supplicant -i ath0 -c wpa_supplicant.conf

COMMAND ARGUMENTS

       -c ctrl path
	      Specify the path to wpa_priv control directory (Default: /var/run/wpa_priv/).

       -B     Run as a daemon in the background.

       -P file
	      Set the location of the PID file.

       driver:ifname [driver:ifname ...]
	      The <driver> string dictates which of the supported wpa_supplicant driver backends is to be used. To get a list of supported  driver
	      types see wpa_supplicant help (e.g, wpa_supplicant -h). The driver backend supported by most good drivers is wext.

	      The <ifname> string specifies which network interface is to be managed by wpa_supplicant (e.g., wlan0 or ath0).

	      wpa_priv	does  not use the network interface before wpa_supplicant is started, so it is fine to include network interfaces that are
	      not available at the time wpa_priv is started. wpa_priv can control multiple interfaces with one process, but it is also possible to
	      run multiple wpa_priv processes at the same time, if desired.

SEE ALSO

       wpa_supplicant(8)

LEGAL

       wpa_supplicant is copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors.  All Rights Reserved.

       This program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option.

								  16 January 2010						       WPA_PRIV(8)

Check Out this Related Man Page

WPA_SUPPLICANT(8)					    BSD System Manager's Manual 					 WPA_SUPPLICANT(8)

NAME

     wpa_supplicant -- WPA/802.11i Supplicant for wireless network devices

SYNOPSIS

     wpa_supplicant [-BdhKLqstuvW] [-b br_ifname] -c config-file [-C ctrl] [-D driver] [-f debug file] [-g global ctrl] -i ifname
		    [-o override driver] [-O override ctrl] [-P pid file] [-N -i ifname -c config-file [-C ctrl] [-D -driver] [-p driver_param]
		    [-b br_ifname] ...]

DESCRIPTION

     The wpa_supplicant utility is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations.	It imple-
     ments WPA key negotiation with a WPA Authenticator and EAP authentication with an Authentication Server.  In addition, wpa_supplicant con-
     trols the roaming and IEEE 802.11 authentication/association support of the wlan(4) module and can be used to configure static WEP keys based
     on identified networks.

     The wpa_supplicant utility is designed to be a ``daemon'' program that runs in the background and acts as the backend component controlling
     the wireless connection.  It supports separate frontend programs such as the text-based wpa_cli(8) program.

     The following arguments must be specified on the command line:

     -i ifname
	     Use the specified wireless interface.

     -c config-file
	     Use the settings in the specified configuration file when managing the wireless interface.  See wpa_supplicant.conf(5) for a descrip-
	     tion of the configuration file syntax and contents.

	     Changes to the configuration file can be reloaded by sending a SIGHUP to the wpa_supplicant process or with the wpa_cli(8) utility,
	     using ``wpa_cli reconfigure''.

OPTIONS

     The following options are available:

     -b      Optional bridge interface name.

     -B      Detach from the controlling terminal and run as a daemon process in the background.

     -d      Enable debugging messages.  If this option is supplied twice, more verbose messages are displayed.

     -D      Driver name (can be multiple drivers: nl80211,wext).

     -f      Log output to debug file instead of stdout.

     -g      Global ctrl_interface.

     -h      Show help text.

     -K      Include key information in debugging output.

     -L      Display the license for this program on the terminal and exit.

     -N      Start describing a new interface.

     -o      Overrides driver parameter for new interfaces.

     -O      Override ctrl_interface parameter for new interfaces.

     -p      Specify driver parameters.

     -P      File in which to save the process PID.

     -q      Decrease debugging verbosity (i.e., counteract the use of the -d flag).

     -s      Send log messages through syslog(3) instead of to the terminal.

     -t      Include timestamp in debug messages.

     -u      Enable DBus control interface.

     -v      Display version information on the terminal and exit.

     -W      Wait for a control interface monitor before starting.

SEE ALSO

     an(4), ath(4), ipw(4), iwi(4), ral(4), rum(4), ural(4), wi(4), wlan(4), wpi(4), zyd(4), wpa_supplicant.conf(5), devd(8), ifconfig(8),
     wpa_cli(8)

HISTORY

     The wpa_supplicant utility first appeared in FreeBSD 6.0.

AUTHORS

     The wpa_supplicant utility was written by Jouni Malinen <j@w1.fi>.  This manual page is derived from the README file included in the
     wpa_supplicant distribution.

BSD
								 November 7, 2012							       BSD
Man Page