1190214Srpaulo#! /bin/sh 2190214Srpaulo 3190214Srpaulo# 4190214Srpaulo# Unfortunately, Mac OS X's devfs is based on the old FreeBSD 5190214Srpaulo# one, not the current one, so there's no way to configure it 6190214Srpaulo# to create BPF devices with particular owners or groups. 7190214Srpaulo# This startup item will make it owned by the admin group, 8190214Srpaulo# with permissions rw-rw----, so that anybody in the admin 9190214Srpaulo# group can use programs that capture or send raw packets. 10190214Srpaulo# 11190214Srpaulo# Change this as appropriate for your site, e.g. to make 12190214Srpaulo# it owned by a particular user without changing the permissions, 13190214Srpaulo# so only that user and the super-user can capture or send raw 14190214Srpaulo# packets, or give it the permissions rw-r-----, so that 15190214Srpaulo# only the super-user can send raw packets but anybody in the 16190214Srpaulo# admin group can capture packets. 17190214Srpaulo# 18190214Srpaulochgrp admin /dev/bpf* 19190214Srpaulochmod g+rw /dev/bpf* 20