Intel PRO/Wireless 3945ABG Network Connection
Copyright (C) 2006 Intel Corporation. All rights reserved.
Regulatory Daemon README.ipw3945d
INDEX
1. ABOUT
2. INSTALLATION
3. RUNNING BEFORE DRIVER FULLY LOADED
4. RUNNING AS NON-ROOT
4.1. User id of the regulatory daemon process
4.2. Read/Write access to appropriate sysfs entries
4.3. Ability to manage the pid file for the process
4.4. Automating the process
5. LICENSE
1. ABOUT
The regulatory daemon is responsible for controlling and configuring
aspects of the hardware required to operate the device within
compliance of various regulatory agencies. This includes controlling
which channels are allowed to do active/passive scanning, transmit
power levels, which channels are allowed to be transmitted on, and
support for IEEE 802.11h (DFS and TPC).
2. INSTALLATION
Within this archive are two directories, x86 and x86_64. Depending on
the architecture you are using, chose the appropriate ipw3945d
regulatory daemon and install it into your system, typically in /sbin.
For example:
If you are running on a 32-bit system, you would perform the following:
% cp x86/ipw3495d /sbin
If you are running on an EM64T enabled system, you would perform the
following:
% cp x86_64/ipw3945d /sbin
You may need to be root to copy the file to that location. You will
need to be root to run the file.
The scripts provided with the Intel PRO/Wireless 3945ABG Network
Connection driver for Linux requires the regulatory daemon to be in the
current execution path, or to use the -ipw3945d parameter (see the
README.ipw3945 provided with the driver package.)
3. RUNNING BEFORE DRIVER FULLY LOADED
The typical method for lauching the daemon is to spawn it from within
the modprobe.conf or udev scripts as soon as the ipw3945 module is
loaded. This can cause problems on systems where the module is loaded
earlier in the boot process than the device is probed, or where the
module load is delayed.
To support this model, the daemon supports the '--timeout' parameter
which can be used to specify how long the daemon should look for the
driver before giving up. The default value is 0, which will exit
immediately if the driver is not found.
A value of -1 will result in the daemon waiting forever. Any other
value specifies the number of seconds to wait. The daemon will poll
the system once per second looking for the driver's sysfs entries.
Example usage:
% ipw3945d --timeout=-1
The above will fork the daemon into the background and then wait
forever for the module to load.
4. RUNNING AS NON-ROOT
Some users have expressed concern over having to run the regulatory daemon
with root privileges. It is always recommended that only those services
and daemons on your system that truly require root access be run with root
privileges.
In order to run as non-root, three areas must be covered:
1. User id of the regulatory daemon process
2. Read/Write access to appropriate sysfs entries
3. Ability to manage the pid file for the process
Each of these areas are covered in the following text. The final section
'4. Automating the process ' provides a quick shell script that can be run
either via udev scripts or via the modprobe.conf configuration when the
module ipw3945 module is loaded.
4.1. User id of the regulatory daemon process
The first item is to remove root privileges from the regulatory daemon
itself. This can be accomplished with the regulatory daemon by creating
a user specifically for this daemon:
% useradd ipw3945d -s /bin/false
The above will create the user named 'ipw3945d' and set the shell
for that user to /bin/false. This will prevent anyone from using that
user name to log into the system.
You can now set the effective run permission for the daemon to run as
the user provided above:
% chown ipw3945d:root /sbin/ipw3945d
% chmod a-rwx,u+rs,g+rx /sbin/ipw3945d
The above will set the ownership of the regulatory daemon to be user
ipw3945d and group root. The second command changes the mode of the file
to restrict read, write, and execute from all users (a-rwx) and to then
add back in read, execute for group members (so 'user ipw3945d' does not
have to launch the daemon), and then set-user-id to that of the ipw3945d
(u+rs).
Once you have performed the above, only the user ipw3945d or members
of group root can launch the regulatory daemon. Once launched, the
system will run the program with the system privileges set to the
user 'ipw3945d'.
4.2. Read/Write access to appropriate sysfs entries
In order to actually communicate with the driver interface you must ensure
that the driver's sysfs entries are able to be written to from the user
ipw3945d.
Sysfs entries default to being owned and writable only by the user 'root'.
The entry required for access is the attribute 'cmd' which is created
once the driver is loaded.
Each time the driver is loaded, but before the daemon is launched, you can
achieve what is needed by running the following:
% chown ipw3945d: /sys/bus/pci/drivers/ipw3945/*/cmd
% chmod a-w,u+rw /sys/bus/pci/drivers/ipw3945/*/cmd
The above will set user ownership to ipw3945d and set the file mode such that
the user 'ipw3945d' can read and write to the file (u+rw), and no one else
can write to it (a-w).
4.3. Ability to manage the pid file for the process
The regulatory daemon keeps track of running instances via a pid file
written to during daemon load. This file simply contains the process id
of the daemon so that future launches of the daemon can detect prior
launches, and take appropriate action to unload them if requested.
The default location for the daemon's pid file is /var/run/ipw3945d.pid.
This directory (/var/run) defaults on most systems to being readable by
all but writable only by user root and users that are a part of the group
root.
You can get around the above root restriction by either changing your system
configuration to allow the user ipw3945d to create files in your /var/run
directory, or specify a pid file to be used someplace not requiring root
privileges.
As of ipw3945d v1.7.19 and newer, you can specify the --pid-file=PATH to
indicate to the daemon which file to use to store the pid information. The
daemon needs to have write access to the directory where that file resides.
An example of using this approach follows:
% mkdir -m 0775 /var/run/ipw3945d
% chown ipw3945d /var/run/ipw3945d
The first command creates the directory /var/run/ipw3945d. The parameter
'-m 0775' sets the file permissions to allow user and group to read, write,
and execute, while all other users are allowed only to read and execute.
The second command sets the ownership of the new directory to the user
ipw3945d.
You can now launch the regulatory daemon and specify the pid location:
% ipw3945d --pid-path=/var/run/ipw3945d/ipw3945d.pid
4.4. Automating the process
The two scripts provided in this package (ipw3945d-start and ipw3945d-stop)
can be placed in /sbin with permission set to execute:
% cp ipw3945d-{start,stop} /sbin
% chmod u+x /sbin/ipw3945d-{start,stop}
These scripts will automate the settting of sysfs permissions and launching
of the regulatory daemon after loading the module ipw3945.ko.
For information on how to have these scripts executed automatically when
you modprobe and modprobe -r the module ipw3945.ko, see the driver's
INSTALL and README.ipw3945 documentation.
5.LICENSE
Please view the file LICENSE.ipw3945d for information on redistribution
and use of the regulatory daemon 'ipw3945d'.
------------------------------
Copyright (C) 2005 - 2006, Intel Corporation
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS,
INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR
IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING
LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE,
MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER
INTELLECTUAL PROPERTY RIGHT.
This document is subject to change without notice.
* Other names and brands may be claimed as the property of others.