Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 44 lines (37 sloc) 2.292 kb
4b1ac36 @yuguy Add an OS X startup item to set the permissions and/or ownership of the
yuguy authored
1 As with other systems using BPF, Mac OS X allows users with read access
2 to the BPF devices to capture packets with libpcap and allows users with
3 write access to the BPF devices to send packets with libpcap.
4
5 On some systems that use BPF, the BPF devices live on the root file
6 system, and the permissions and/or ownership on those devices can be
7 changed to give users other than root permission to read or write those
8 devices.
9
10 On newer versions of FreeBSD, the BPF devices live on devfs, and devfs
11 can be configured to set the permissions and/or ownership of those
12 devices to give users other than root permission to read or write those
13 devices.
14
15 On Mac OS X, the BPF devices live on devfs, but the OS X version of
16 devfs is based on an older (non-default) FreeBSD devfs, and that version
17 of devfs cannot be configured to set the permissions and/or ownership of
18 those devices.
19
20 Therefore, we supply a "startup item" for OS X that will change the
21 ownership of the BPF devices so that the "admin" group owns them, and
22 will change the permission of the BPF devices to rw-rw----, so that all
23 users in the "admin" group - i.e., all users with "Allow user to
24 administer this computer" turned on - have both read and write access to
25 them.
26
27 The startup item is in the ChmodBPF directory in the source tree. A
28 /Library/StartupItems directory should be created if it doesn't already
29 exist, and the ChmodBPF directory should be copied to the
30 /Library/StartupItems directory (copy the entire directory, so that
31 there's a /Library/StartupItems/ChmodBPF directory, containing all the
32 files in the source tree's ChmodBPF directory; don't copy the individual
33 items in that directory to /Library/StartupItems).
34
35 If you want to give a particular user permission to access the BPF
36 devices, rather than giving all administrative users permission to
37 access them, you can have the ChmodBPF/ChmodBPF script change the
38 ownership of /dev/bpf* without changing the permissions. If you want to
39 give a particular user permission to read and write the BPF devices and
40 give the administrative users permission to read but not write the BPF
41 devices, you can have the script change the owner to that user, the
42 group to "admin", and the permissions to rw-r-----. Other possibilities
43 are left as an exercise for the reader.
Something went wrong with that request. Please try again.