From owner-freebsd-current Mon Apr 22 13: 5:55 2002 Delivered-To: freebsd-current@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47]) by hub.freebsd.org (Postfix) with ESMTP id BD0DD37B404 for ; Mon, 22 Apr 2002 13:05:43 -0700 (PDT) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.11.3/8.10.1) with ESMTP id g3MIGxO06709; Mon, 22 Apr 2002 11:16:59 -0700 (PDT) Date: Mon, 22 Apr 2002 11:16:58 -0700 (PDT) From: Doug White To: Lyndon Nerenberg Cc: freebsd-current@FreeBSD.org Subject: Re: Adding a 'bpf' group for /dev/bpf* In-Reply-To: <200204202139.g3KLdEJ80591@orthanc.ab.ca> Message-ID: <20020422111600.G5217-100000@resnet.uoregon.edu> X-All-Your-Base: are belong to us MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, 20 Apr 2002, Lyndon Nerenberg wrote: > For the benefit of packet sniffers and other things that only want > read-only access to /dev/bpf*, what do people think of adding a 'bpf' > group for those programs? This allows bpf devices to be read by > programs running with an effective gid of 'bpf' instead of the current > requirement for an effective user of root. I've been running this way > on many of our servers for several months now, and things like snort, > tcpdump, etc., are quite happy with it (under stable). There's the other small problem that you have to be root to set promiscuous mode. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message