5

I'm running Ubuntu 13.10 on a late 2013 Macbook Pro Retina (booted via Refind).

My issue is that running iwconfig doesn't output Link Quality or Signal Level unless run as sudo.

me:~$ sudo iwconfig
eth0      IEEE 802.11abg  ESSID:"redacted_essid"  
          Mode:Managed  Frequency:2.447 GHz  Access Point: RE:DA:CT:ED:XX:XX   
          Bit Rate=144 Mb/s   Tx-Power=200 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=70/70  Signal level=-35 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

lo        no wireless extensions.

Not as sudo:

me:~$ iwconfig  
eth0      IEEE 802.11abg  ESSID:"redacted_essid"  
          Mode:Managed  Frequency:2.447 GHz  Access Point: RE:DA:CT:ED:XX:XX   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

Is this normal, and is there something I can do to make it work without super user permissions?

My reason is that the Vicious Wifi Widget for Awesome Window Manager expects to be able to query iwconfig for this information not as root: http://git.sysphere.org/vicious/tree/widgets/wifi.lua

Thanks so much.

doctororange
  • 123
  • 8
  • Have a look: [permissions - How to suid iwconfig on Debian wheezy? - Unix & Linux Stack Exchange](http://unix.stackexchange.com/questions/67671/how-to-suid-iwconfig-on-debian-wheezy) – suqed Feb 01 '14 at 20:20
  • Running a 14.04 alpha system the output from sudo iwconfig and iwconfig is different, but Link Quality and Signal level are in either output. It would be interesting to boot a live-CD for 14.04 to see if this works there, as it may be card specific. Cirtainly this information does not seem particularly sensitive and is exposed for me on iwlwifi. – Andy Feb 04 '14 at 14:00

2 Answers2

6

The command iwconfig is a system administration commands (usually only for root). See man iwconfig. It is documented under section 8 of manpages. To know more about manpages see this post.

If you try in terminal,

$ type iwconfig 
iwconfig is hashed (/sbin/iwconfig)

and /sbin contains privileged executables. This is the reason why you are not able to have its full features when using as non-root user. There is nothing abnormal.

How to use sudo iwconfig without password [source]

You can use the NOPASSWD directive in your /etc/sudoers file.

If your user is called user and your host is called host you could add these lines to /etc/sudoers:

user host = (root) NOPASSWD: /sbin/iwconfig

This will allow the user user to run the command sudo iwconfig on host without entering a password. All other sudoed commands will still require a password.

It is recommended to use sudo visudo to edit the file. Read this nice post before you proceed. There you can find an alternative too if you do not wish to modify your /etc/sudoers

The other bad way [not recommended] is to ask sudo to read your password from a file where  your password is already stored. But this may be severe security concerns. -S switch enables sudo to read a password from standard input.

If you store your password in a file mypsd.txt that contains only your password followed by a new line character. Then the following command will run reading your password from that file,

cat /path/to/mypsd.txt | sudo -S iwconfig
Community
  • 1
sourav c.
  • 44,037
  • 20
  • 101
  • 128
  • Excellent answer - thank you. I have added `myusername myhostname = (root) NOPASSWD: /sbin/iwconfig` to `/etc/sudoers.d/iwconfig`, but that doesn't seem to have worked. Some more info: `-r--r----- 1 root root 46 Jan 31 11:52 /etc/sudoers.d/iwconfig`. Any clues? – doctororange Jan 31 '14 at 01:04
  • Ah, I didn't realise that the `NOPASSWD` tag still requires you to prepend `sudo` to the command. – doctororange Jan 31 '14 at 02:27
  • Hope everything is ok now. Feel free to discuss if you have any query. – sourav c. Jan 31 '14 at 03:14
  • I suspect I may need to use `(ALL)` instead of `(root)`, or something similar. Essentially I need to be able to get the full `iwconfig` output without prepending `sudo` to the command, since that's what the wifi.lua script linked in the OP executes. – doctororange Jan 31 '14 at 04:03
  • can't say at this moment (I am not near a ubuntu system), I need to check it. But there is no harm to use `sudo` inside a script. use `sudo iwconfig` it will be executed without any problem, I think. – sourav c. Jan 31 '14 at 04:42
  • Well, there's plenty of commands under `/sbin` normal users can run. See for example lsmod, arp, route, ifconfig. Just having something under `/sbin` or `/usr/sbin` doesn't mean non-root users can't/shouldn't run it. Of course, not all actions are not available, but similarly non-root users can't remove arbitrary files, even though `rm` is under `/bin`. – Olli Feb 04 '14 at 20:22
  • @Olli you are correct, a non-root user can run many `/sbin` or `/usr/sbin` executables under restriction. I never said a non-root user can't/shouldn't run them. Execution of such command itself need access to restricted part of system to give you complete result. On the other hand a non-root user can use `rm` with its all features. Restrictions come only when the user tries to access something beyond user's permission. – sourav c. Feb 05 '14 at 02:07
  • I ended up modifying the script to call `sudo iwconfig`, and in conjunction with the `sodoers` rules in your answer it's now working. It looks like `Link Quality` is usually output for non-sudo users, so either my wireless card or driver must be in the minority case here. Further suggestions are welcome, but today the bounty is going to @souravc. Thanks for the help dude. – doctororange Feb 05 '14 at 04:17
0

Yet Another Simple Solution

The default file permissions of iwconfig in Xubuntu 13.10 are:

$ ls -l /sbin/iwconfig
-rwxr-xr-x 1 root root 26152 Feb  03  2014 /sbin/iwconfig

Following commands might fix it in other Ubuntu versions:

$ sudo useradd -G sudo <your user name>
$ sudo chmod 755 /sbin/iwconfig

-- Regards.

suqed
  • 111
  • 1
  • 1
  • 6