On Sat, Apr 20, 2002 at 03:39:14PM -0600, Lyndon Nerenberg wrote: > For the benefit of packet sniffers and other things that only want > read-only access to /dev/bpf*, what do people think of adding a 'bpf' > group for those programs? This allows bpf devices to be read by > programs running with an effective gid of 'bpf' instead of the current > requirement for an effective user of root. I've been running this way > on many of our servers for several months now, and things like snort, > tcpdump, etc., are quite happy with it (under stable).
I do this a lot too on systems where it makes sense. But I'm not sure I understand what you are asking to be done. Is it asking too much of an administrator to do, # echo 'sniff:*:80:<list of users>' >> /etc/group # chown root:sniff /dev/bpf* # chmod 640 /dev/bpf* To do the appropriate customizations? -- Crist J. Clark | [EMAIL PROTECTED] | [EMAIL PROTECTED] http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message