Intel PRO/Wireless 3945ABG Network Connection Copyright (C) 2006 Intel Corporation. All rights reserved. Regulatory Daemon README.ipw3945d INDEX 1. ABOUT 2. INSTALLATION 3. RUNNING BEFORE DRIVER FULLY LOADED 4. RUNNING AS NON-ROOT 4.1. User id of the regulatory daemon process 4.2. Read/Write access to appropriate sysfs entries 4.3. Ability to manage the pid file for the process 4.4. Automating the process 5. LICENSE 1. ABOUT The regulatory daemon is responsible for controlling and configuring aspects of the hardware required to operate the device within compliance of various regulatory agencies. This includes controlling which channels are allowed to do active/passive scanning, transmit power levels, which channels are allowed to be transmitted on, and support for IEEE 802.11h (DFS and TPC). 2. INSTALLATION Within this archive are two directories, x86 and x86_64. Depending on the architecture you are using, chose the appropriate ipw3945d regulatory daemon and install it into your system, typically in /sbin. For example: If you are running on a 32-bit system, you would perform the following: % cp x86/ipw3495d /sbin If you are running on an EM64T enabled system, you would perform the following: % cp x86_64/ipw3945d /sbin You may need to be root to copy the file to that location. You will need to be root to run the file. The scripts provided with the Intel PRO/Wireless 3945ABG Network Connection driver for Linux requires the regulatory daemon to be in the current execution path, or to use the -ipw3945d parameter (see the README.ipw3945 provided with the driver package.) 3. RUNNING BEFORE DRIVER FULLY LOADED The typical method for lauching the daemon is to spawn it from within the modprobe.conf or udev scripts as soon as the ipw3945 module is loaded. This can cause problems on systems where the module is loaded earlier in the boot process than the device is probed, or where the module load is delayed. To support this model, the daemon supports the '--timeout' parameter which can be used to specify how long the daemon should look for the driver before giving up. The default value is 0, which will exit immediately if the driver is not found. A value of -1 will result in the daemon waiting forever. Any other value specifies the number of seconds to wait. The daemon will poll the system once per second looking for the driver's sysfs entries. Example usage: % ipw3945d --timeout=-1 The above will fork the daemon into the background and then wait forever for the module to load. 4. RUNNING AS NON-ROOT Some users have expressed concern over having to run the regulatory daemon with root privileges. It is always recommended that only those services and daemons on your system that truly require root access be run with root privileges. In order to run as non-root, three areas must be covered: 1. User id of the regulatory daemon process 2. Read/Write access to appropriate sysfs entries 3. Ability to manage the pid file for the process Each of these areas are covered in the following text. The final section '4. Automating the process ' provides a quick shell script that can be run either via udev scripts or via the modprobe.conf configuration when the module ipw3945 module is loaded. 4.1. User id of the regulatory daemon process The first item is to remove root privileges from the regulatory daemon itself. This can be accomplished with the regulatory daemon by creating a user specifically for this daemon: % useradd ipw3945d -s /bin/false The above will create the user named 'ipw3945d' and set the shell for that user to /bin/false. This will prevent anyone from using that user name to log into the system. You can now set the effective run permission for the daemon to run as the user provided above: % chown ipw3945d:root /sbin/ipw3945d % chmod a-rwx,u+rs,g+rx /sbin/ipw3945d The above will set the ownership of the regulatory daemon to be user ipw3945d and group root. The second command changes the mode of the file to restrict read, write, and execute from all users (a-rwx) and to then add back in read, execute for group members (so 'user ipw3945d' does not have to launch the daemon), and then set-user-id to that of the ipw3945d (u+rs). Once you have performed the above, only the user ipw3945d or members of group root can launch the regulatory daemon. Once launched, the system will run the program with the system privileges set to the user 'ipw3945d'. 4.2. Read/Write access to appropriate sysfs entries In order to actually communicate with the driver interface you must ensure that the driver's sysfs entries are able to be written to from the user ipw3945d. Sysfs entries default to being owned and writable only by the user 'root'. The entry required for access is the attribute 'cmd' which is created once the driver is loaded. Each time the driver is loaded, but before the daemon is launched, you can achieve what is needed by running the following: % chown ipw3945d: /sys/bus/pci/drivers/ipw3945/*/cmd % chmod a-w,u+rw /sys/bus/pci/drivers/ipw3945/*/cmd The above will set user ownership to ipw3945d and set the file mode such that the user 'ipw3945d' can read and write to the file (u+rw), and no one else can write to it (a-w). 4.3. Ability to manage the pid file for the process The regulatory daemon keeps track of running instances via a pid file written to during daemon load. This file simply contains the process id of the daemon so that future launches of the daemon can detect prior launches, and take appropriate action to unload them if requested. The default location for the daemon's pid file is /var/run/ipw3945d.pid. This directory (/var/run) defaults on most systems to being readable by all but writable only by user root and users that are a part of the group root. You can get around the above root restriction by either changing your system configuration to allow the user ipw3945d to create files in your /var/run directory, or specify a pid file to be used someplace not requiring root privileges. As of ipw3945d v1.7.19 and newer, you can specify the --pid-file=PATH to indicate to the daemon which file to use to store the pid information. The daemon needs to have write access to the directory where that file resides. An example of using this approach follows: % mkdir -m 0775 /var/run/ipw3945d % chown ipw3945d /var/run/ipw3945d The first command creates the directory /var/run/ipw3945d. The parameter '-m 0775' sets the file permissions to allow user and group to read, write, and execute, while all other users are allowed only to read and execute. The second command sets the ownership of the new directory to the user ipw3945d. You can now launch the regulatory daemon and specify the pid location: % ipw3945d --pid-path=/var/run/ipw3945d/ipw3945d.pid 4.4. Automating the process The two scripts provided in this package (ipw3945d-start and ipw3945d-stop) can be placed in /sbin with permission set to execute: % cp ipw3945d-{start,stop} /sbin % chmod u+x /sbin/ipw3945d-{start,stop} These scripts will automate the settting of sysfs permissions and launching of the regulatory daemon after loading the module ipw3945.ko. For information on how to have these scripts executed automatically when you modprobe and modprobe -r the module ipw3945.ko, see the driver's INSTALL and README.ipw3945 documentation. 5.LICENSE Please view the file LICENSE.ipw3945d for information on redistribution and use of the regulatory daemon 'ipw3945d'. ------------------------------ Copyright (C) 2005 - 2006, Intel Corporation INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT. This document is subject to change without notice. * Other names and brands may be claimed as the property of others.