From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 27 19:47:05 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A6706106564A
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 19:47:05 +0000 (UTC)
	(envelope-from vince@unsane.co.uk)
Received: from unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net
	[IPv6:2001:470:1f08:110::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 5E8B08FC0C
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 19:47:05 +0000 (UTC)
Received: from vhoffman-macbook.local ([10.0.0.173]) (authenticated bits=0)
	by unsane.co.uk (8.14.4/8.14.3) with ESMTP id o3RJkfO7051452
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO)
	for <freebsd-questions@freebsd.org>;
	Tue, 27 Apr 2010 20:46:42 +0100 (BST)
	(envelope-from vince@unsane.co.uk)
Message-ID: <4BD73F21.1030504@unsane.co.uk>
Date: Tue, 27 Apr 2010 20:46:41 +0100
From: Vincent Hoffman <vince@unsane.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
	rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <20100427193106.GA91570@elwood.starfire.mn.org>
In-Reply-To: <20100427193106.GA91570@elwood.starfire.mn.org>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: Really simple spam trap - /dev/pf permissions?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 19:47:05 -0000

On 27/04/2010 20:31, John wrote:
> This seems to be working pretty well, and I'll eventually take the
> print statement out, but I'm not sure why I had to make /dev/pf
> public read/write in order to get the pfctl command to work.
>
> What is the best solution to be able to add to my spammers table
> in pf without making it public read/write?
>   
It would probably make more security sense to add the user that the
script is running as to a group (say pfctl)
then make the /dev/pf device group owned by the pfctl group and group
writable.
Other options include sudo access for your scripts user to run a
specific pfctl command.

Vince