From owner-freebsd-current Mon Apr 22 15:25:39 2002 Delivered-To: freebsd-current@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 7E93A37B4FA for ; Mon, 22 Apr 2002 15:16:40 -0700 (PDT) Received: (qmail 47695 invoked by uid 1001); 22 Apr 2002 20:37:39 +0000 (GMT) To: dwhite@resnet.uoregon.edu Cc: lyndon@orthanc.ab.ca, freebsd-current@FreeBSD.org Subject: Re: Adding a 'bpf' group for /dev/bpf* From: sthaug@nethelp.no In-Reply-To: Your message of "Mon, 22 Apr 2002 11:16:58 -0700 (PDT)" References: <20020422111600.G5217-100000@resnet.uoregon.edu> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 22 Apr 2002 22:37:38 +0200 Message-ID: <47693.1019507858@verdi.nethelp.no> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > For the benefit of packet sniffers and other things that only want > > read-only access to /dev/bpf*, what do people think of adding a 'bpf' > > group for those programs? This allows bpf devices to be read by > > programs running with an effective gid of 'bpf' instead of the current > > requirement for an effective user of root. I've been running this way > > on many of our servers for several months now, and things like snort, > > tcpdump, etc., are quite happy with it (under stable). > > There's the other small problem that you have to be root to set > promiscuous mode. Not on 4.x. Haven't tried -current. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message