On Sat, 20 Apr 2002, Lyndon Nerenberg wrote: > For the benefit of packet sniffers and other things that only want > read-only access to /dev/bpf*, what do people think of adding a 'bpf' > group for those programs? This allows bpf devices to be read by > programs running with an effective gid of 'bpf' instead of the current > requirement for an effective user of root. I've been running this way > on many of our servers for several months now, and things like snort, > tcpdump, etc., are quite happy with it (under stable).
There's the other small problem that you have to be root to set promiscuous mode. Doug White | FreeBSD: The Power to Serve [EMAIL PROTECTED] | www.FreeBSD.org To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
