1511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall#! /bin/sh 2511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall 3511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# 4511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# Unfortunately, Mac OS X's devfs is based on the old FreeBSD 5511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# one, not the current one, so there's no way to configure it 6511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# to create BPF devices with particular owners or groups. 7511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# This startup item will make it owned by the admin group, 8511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# with permissions rw-rw----, so that anybody in the admin 9511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# group can use programs that capture or send raw packets. 10511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# 11511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# Change this as appropriate for your site, e.g. to make 12511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# it owned by a particular user without changing the permissions, 13511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# so only that user and the super-user can capture or send raw 14511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# packets, or give it the permissions rw-r-----, so that 15511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# only the super-user can send raw packets but anybody in the 16511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# admin group can capture packets. 17511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrall# 18511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrallchgrp admin /dev/bpf* 19511eca30a483e912c274e1d8ba3a0f8f081e2227JP Abgrallchmod g+rw /dev/bpf* 20