just an observation, but the /dev/pf is user root, group wheel, with no explicit permissions set on the group there, only rw for the user, root.
I use sudo for pfctl -s*, and havn't ran into any problems, however this is on FreeBSD, but I don't imagine there being a big difference otherwise.. You showed yourself su -'ing to 'hatchet', instead of using sudo, sudo grants you root access, whereas that su only gives you access to whatever the user has, which in this case isn't high enough access to use pfctl. Can you paste your sudoers file and show what you do with sudo that gives the error? I use this: username ALL=NOPASSWD: /sbin/pfctl -s * -Ian On Apr 11, 2005 3:21 AM, Jason Dixon <[EMAIL PROTECTED]> wrote: > On Apr 11, 2005, at 5:13 AM, Peter N. M. Hansteen wrote: > > > Jason Dixon <[EMAIL PROTECTED]> writes: > > > >> Is the ability to run pfctl (via sudo) as a non-root user still > >> broken? I've tested this on a 3.6 -release system, and /dev/pf is > >> still unavailable for non-root users. > > > > [EMAIL PROTECTED]:~$ ls -l /dev/pf > > crw------- 1 root wheel 73, 0 Oct 19 00:02 /dev/pf > > > > It certainly looks like being a member of wheel is a distinct > > advantage, > > at least. > > > > What kinds of operations did you have in mind? > > # su - hatchet > $ pfctl -vsr > pfctl: /dev/pf: Permission denied > $ whoami > hatchet > $ groups > hatchet wheel > > > Would eg a sensible authpf setup help achieve what you want to do? > > It has nothing to do with my question. > > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net > >
