On Sat, Apr 20, 2002 at 03:39:14PM -0600, Lyndon Nerenberg wrote:
> For the benefit of packet sniffers and other things that only want
> read-only access to /dev/bpf*, what do people think of adding a 'bpf'
> group for those programs?  This allows bpf devices to be read by
> programs running with an effective gid of 'bpf' instead of the current
> requirement for an effective user of root.  I've been running this way
> on many of our servers for several months now, and things like snort,
> tcpdump, etc., are quite happy with it (under stable).

I do this a lot too on systems where it makes sense. But I'm not sure
I understand what you are asking to be done. Is it asking too much of
an administrator to do,

  # echo 'sniff:*:80:<list of users>' >> /etc/group
  # chown root:sniff /dev/bpf*
  # chmod 640 /dev/bpf*

To do the appropriate customizations?
Crist J. Clark                     |     [EMAIL PROTECTED]
                                   |     [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/    |     [EMAIL PROTECTED]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to