1*d56f51eaSDavid van Moolenbroek#! /bin/sh 2*d56f51eaSDavid van Moolenbroek 3*d56f51eaSDavid van Moolenbroek# 4*d56f51eaSDavid van Moolenbroek# Unfortunately, Mac OS X's devfs is based on the old FreeBSD 5*d56f51eaSDavid van Moolenbroek# one, not the current one, so there's no way to configure it 6*d56f51eaSDavid van Moolenbroek# to create BPF devices with particular owners or groups. 7*d56f51eaSDavid van Moolenbroek# This startup item will make it owned by the admin group, 8*d56f51eaSDavid van Moolenbroek# with permissions rw-rw----, so that anybody in the admin 9*d56f51eaSDavid van Moolenbroek# group can use programs that capture or send raw packets. 10*d56f51eaSDavid van Moolenbroek# 11*d56f51eaSDavid van Moolenbroek# Change this as appropriate for your site, e.g. to make 12*d56f51eaSDavid van Moolenbroek# it owned by a particular user without changing the permissions, 13*d56f51eaSDavid van Moolenbroek# so only that user and the super-user can capture or send raw 14*d56f51eaSDavid van Moolenbroek# packets, or give it the permissions rw-r-----, so that 15*d56f51eaSDavid van Moolenbroek# only the super-user can send raw packets but anybody in the 16*d56f51eaSDavid van Moolenbroek# admin group can capture packets. 17*d56f51eaSDavid van Moolenbroek# 18*d56f51eaSDavid van Moolenbroekchgrp admin /dev/bpf* 19*d56f51eaSDavid van Moolenbroekchmod g+rw /dev/bpf* 20