is there a way to run hostapd as non -root user ?
Jouni Malinen
j at w1.fi
Thu Oct 6 03:35:48 PDT 2022
On Mon, Oct 03, 2022 at 04:54:28AM +0000, Branko wrote:
> Running hostapd as a root seems risky.
> I tried tweaking udev so that my WiFI NIC shows up as owned by
> hostapd:hostapd ( and thus be accessiblle to hostapd daemon), but daemon
> refuses to read even its config file as non-root. It keeps falsely
> reporting that it has no permission to read the config file.
>
> Is there a good way to run hostapd as non-root ?
It should be possible to do this by providing the needed set of Linux
capabilities for the hostapd file, i.e., CAP_NET_ADMIN and CAP_NET_RAW
in most cases. I've mostly tested this with wpa_supplicant (see
wpa_supplicant/README and the "Linux capabilities instead of privileged
process" section), but based on a quick test, this seemed to work with
hostapd as well:
sudo setcap cap_net_raw,cap_net_admin+ep hostapd
./hostapd test.conf
PS.
That comment about not having permission to read the conf file sounds a
bit strange. I don't see that when trying to run hostapd without
sufficient privileges. Instead, I get this:
$ ./hostapd test.conf
Could not set interface wlan0 flags (UP): Operation not permitted
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0 wasn't started
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list