Re: CVS commit: src/etc

[Greg Troxel <gdt%lexort.com@localhost>]

Roy Marples <roy%marples.name@localhost> writes:

> On 13/01/2019 10:20, matthew green wrote:
>> shouldn't one need to be root to modify network configuration?
>> i shouldn't be able to tell wpa_supplicant to do something as
>> non-root, in a default install.
>
> In a default install the only member of wheel is root and
> wpa_supplicant is not started.
>
> I suppose the real question is do we want to allow group access to
> wpa_supplicant and if so which group if not wheel?

That is indeed the real question.  As I see it wheel has historically
been a group for users that are system administrators, given how "su"
only allows users in wheel to su.  So it seems reasonable to allow
various configuration changes by users in wheel.

It seems the only point in putting somebody in wheel now is if you tell
them the root pw, to let them su.  Are there other reasons?

Another approach is to create a wpa_supplicant group, and allow wpa
changes by those in that group.  I can't see any reasonable objection to
this, other than group bloat.

> If we don't want to allow group access I may as well revert my changes
> and setup is then as before - the user is expected to configure
> everything themselves and wpa_cli won't work by default. This would be
> a shame as I've had a lot of positive feedback on this change already.

Even if you have to be root, these changes are still hugely useful.
"sudo wpa_cli" is not that hard, even if it seems like it should not be
necessary.