Date:Mon, 14 Jan 2019 11:59:51 +1100
From:matthew green
Message-ID: <10889.1547427...@splode.eterna.com.au>
| i don't agree with this.
|
| if we were going to make things easy for naive users
I didn't say "easy" for naive users, I said "most useful". That
> | i don't want to allow [...]
>
> People, once again, a big meaningless discussion on what the
> default configuration should be.We should work out what will
> be most useful to most naive users, and make that be the default,
> regardless of what any of us want.
i don't agree with this.
On Mon, Jan 14, 2019 at 09:42:54AM +1100, matthew green wrote:
> it would be OK if this was _read-only_ access to network
> configuration, but one should never be allowed to change the
> it unless root.
In the long run, it's quite helpful for laptops to be able to adjust
the network
matthew green writes:
> (i wouldn't pick 'wheel' as this group -- i would invent a
> new group either called 'net' or 'wpa', with no underscore
> since they're designed to be assigned, unlike the groups
> for specific programs security models.)
Are you saying that you are ok with the following:
On Jan 14, 9:29am, m...@eterna.com.au (matthew green) wrote:
-- Subject: re: CVS commit: src/tests/kernel
| "Christos Zoulas" writes:
| > Module Name:src
| > Committed By: christos
| > Date: Sun Jan 13 15:36:57 UTC 2019
| >
| > Modified Files:
| >
Date:Mon, 14 Jan 2019 09:42:54 +1100
From:matthew green
Message-ID: <11338.1547419...@splode.eterna.com.au>
| > I suppose the real question is do we want to allow group access to
| > [...]
| i don't want to allow [...]
People, once again, a big meaningless
> Modified Files:
> src/tests/kernel: t_timeleft.c
>
> Log Message:
> add call error checks, requested by mrg@
thanks!
In my previous message, I forgot to also note that if
modifying (if required) wpa_supplicant to create the
socket with the ownership & permissions set in the
rc.conf file is too hard (would create issues with importing
new versions easily) then the same can be accomplished
by putting the socket in
> On Jan 13, 2019, at 5:08 PM, David Holland
> wrote:
>
> Is there a way we could, for example, leverage the current hacks for
> chowning console devices to grant access to wpa_supplicant?
Some of this could be achieved with ttyaction(5), certainly.
-- thorpej
Not really, it just sets the group explicitly rather than implicitly. Without
it the socket group is derived from the directory it's created in, which is
group wheel to start with.
Now it could be argued that creating the socket in the first place allows
members of the wheel group to configure
Roy Marples writes:
> On 13/01/2019 10:20, matthew green wrote:
>> shouldn't one need to be root to modify network configuration?
>> i shouldn't be able to tell wpa_supplicant to do something as
>> non-root, in a default install.
>
> In a default install the only member of wheel is root and
>
shouldn't one need to be root to modify network configuration?
i shouldn't be able to tell wpa_supplicant to do something as
non-root, in a default install.
.mrg.
> On Jan 13, 2019, at 5:21 AM, Greg Troxel wrote:
>
> Even if you have to be root, these changes are still hugely useful.
> "sudo wpa_cli" is not that hard, even if it seems like it should not be
> necessary.
...but made slightly more annoying seeing as how sudo is not part of the base
OS.
Jason Thorpe writes:
>> On Jan 13, 2019, at 5:21 AM, Greg Troxel wrote:
>>
>> Even if you have to be root, these changes are still hugely useful.
>> "sudo wpa_cli" is not that hard, even if it seems like it should not be
>> necessary.
>
> ...but made slightly more annoying seeing as how sudo
"Christos Zoulas" writes:
> Module Name: src
> Committed By: christos
> Date: Sun Jan 13 15:36:57 UTC 2019
>
> Modified Files:
> src/tests/kernel: t_timeleft.c
>
> Log Message:
> Increase the timeout a bit, and make sure we join so that there is no
> race.
i notice both
Roy Marples writes:
> On 13/01/2019 10:20, matthew green wrote:
> > shouldn't one need to be root to modify network configuration?
> > i shouldn't be able to tell wpa_supplicant to do something as
> > non-root, in a default install.
>
> In a default install the only member of wheel is root and
16 matches
Mail list logo
