diff --git a/srcpkgs/wpa_supplicant/INSTALL.msg b/srcpkgs/wpa_supplicant/INSTALL.msg
deleted file mode 100644
index ca03234d01b..00000000000
--- a/srcpkgs/wpa_supplicant/INSTALL.msg
+++ /dev/null
@@ -1,4 +0,0 @@
-The runit service now uses Linux capabilities to run as non-root.
-If you edited `wpa_supplicant.conf` files, you must set
-	`control_interface_group=_wpas`
-there, so that the unprivileged daemon can function properly.
diff --git a/srcpkgs/wpa_supplicant/files/wpa_supplicant.conf b/srcpkgs/wpa_supplicant/files/wpa_supplicant.conf
index 3d213b67b8b..60141532035 100644
--- a/srcpkgs/wpa_supplicant/files/wpa_supplicant.conf
+++ b/srcpkgs/wpa_supplicant/files/wpa_supplicant.conf
@@ -1,7 +1,7 @@
 # Default configuration file for wpa_supplicant.conf(5).
 
 ctrl_interface=/run/wpa_supplicant
-ctrl_interface_group=_wpas
+ctrl_interface_group=wheel
 eapol_version=1
 ap_scan=1
 fast_reauth=1
diff --git a/srcpkgs/wpa_supplicant/files/wpa_supplicant/run b/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
index d2d90b72a23..0bb6ff43caf 100644
--- a/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
+++ b/srcpkgs/wpa_supplicant/files/wpa_supplicant/run
@@ -7,14 +7,10 @@ else
 	OPTS="${AUTO}"
 fi
 
-# automigrate
-chown -R _wpas:_wpas /etc/wpa_supplicant
-! [ -d /run/wpa_supplicant ] && install -m 700 -g _wpas -o _wpas -d /run/wpa_supplicant
-chown -R _wpas:_wpas /run/wpa_supplicant
+# revert automigrate
+chown -R root:root /etc/wpa_supplicant
+! [ -d /run/wpa_supplicant ] && install -m 700 -g root -o root -d /run/wpa_supplicant
+chown -R root:root /run/wpa_supplicant
 
 exec 2>&1
-exec setpriv --reuid _wpas --regid _wpas --clear-groups \
-  --ambient-caps -all,+net_admin,+net_raw \
-  --inh-caps -all,+net_admin,+net_raw \
-  --bounding-set -all,+net_admin,+net_raw \
-  --no-new-privs -- wpa_supplicant ${OPTS}
+exec wpa_supplicant ${OPTS}
diff --git a/srcpkgs/wpa_supplicant/template b/srcpkgs/wpa_supplicant/template
index e1cc953f3e5..cc6c8ab38bf 100644
--- a/srcpkgs/wpa_supplicant/template
+++ b/srcpkgs/wpa_supplicant/template
@@ -1,7 +1,7 @@
 # Template file for 'wpa_supplicant'
 pkgname=wpa_supplicant
 version=2.11
-revision=2
+revision=3
 build_wrksrc="${pkgname}"
 build_style=gnu-makefile
 make_build_args="V=1 BINDIR=/usr/bin"
@@ -20,7 +20,6 @@ make_check=no # has no test suite
 build_options="dbus readline"
 build_options_default="dbus readline"
 conf_files="/etc/${pkgname}/${pkgname}.conf"
-system_accounts="_wpas"
 
 pre_build() {
 	cp -f ${FILESDIR}/config .config