1bf1df6d1Schristos#! /bin/sh 2bf1df6d1Schristos 3bf1df6d1Schristos# 4*9185e895Schristos# Unfortunately, macOS's devfs is based on the old FreeBSD 5bf1df6d1Schristos# one, not the current one, so there's no way to configure it 6bf1df6d1Schristos# to create BPF devices with particular owners or groups. 7bf1df6d1Schristos# This startup item will make it owned by the admin group, 8bf1df6d1Schristos# with permissions rw-rw----, so that anybody in the admin 9bf1df6d1Schristos# group can use programs that capture or send raw packets. 10bf1df6d1Schristos# 11bf1df6d1Schristos# Change this as appropriate for your site, e.g. to make 12bf1df6d1Schristos# it owned by a particular user without changing the permissions, 13bf1df6d1Schristos# so only that user and the super-user can capture or send raw 14bf1df6d1Schristos# packets, or give it the permissions rw-r-----, so that 15bf1df6d1Schristos# only the super-user can send raw packets but anybody in the 16bf1df6d1Schristos# admin group can capture packets. 17bf1df6d1Schristos# 18bf1df6d1Schristoschgrp admin /dev/bpf* 19bf1df6d1Schristoschmod g+rw /dev/bpf* 20