1a8e07101SRui Paulo#! /bin/sh 2a8e07101SRui Paulo 3a8e07101SRui Paulo# 4*b00ab754SHans Petter Selasky# Unfortunately, macOS's devfs is based on the old FreeBSD 5a8e07101SRui Paulo# one, not the current one, so there's no way to configure it 6a8e07101SRui Paulo# to create BPF devices with particular owners or groups. 7a8e07101SRui Paulo# This startup item will make it owned by the admin group, 8a8e07101SRui Paulo# with permissions rw-rw----, so that anybody in the admin 9a8e07101SRui Paulo# group can use programs that capture or send raw packets. 10a8e07101SRui Paulo# 11a8e07101SRui Paulo# Change this as appropriate for your site, e.g. to make 12a8e07101SRui Paulo# it owned by a particular user without changing the permissions, 13a8e07101SRui Paulo# so only that user and the super-user can capture or send raw 14a8e07101SRui Paulo# packets, or give it the permissions rw-r-----, so that 15a8e07101SRui Paulo# only the super-user can send raw packets but anybody in the 16a8e07101SRui Paulo# admin group can capture packets. 17a8e07101SRui Paulo# 18a8e07101SRui Paulochgrp admin /dev/bpf* 19a8e07101SRui Paulochmod g+rw /dev/bpf* 20