1As with other systems using BPF, Mac OS X allows users with read access 2to the BPF devices to capture packets with libpcap and allows users with 3write access to the BPF devices to send packets with libpcap. 4 5On some systems that use BPF, the BPF devices live on the root file 6system, and the permissions and/or ownership on those devices can be 7changed to give users other than root permission to read or write those 8devices. 9 10On newer versions of FreeBSD, the BPF devices live on devfs, and devfs 11can be configured to set the permissions and/or ownership of those 12devices to give users other than root permission to read or write those 13devices. 14 15On Mac OS X, the BPF devices live on devfs, but the OS X version of 16devfs is based on an older (non-default) FreeBSD devfs, and that version 17of devfs cannot be configured to set the permissions and/or ownership of 18those devices. 19 20Therefore, we supply: 21 22 a "startup item" for older versions of Mac OS X; 23 24 a launchd daemon for Tiger and later versions of Mac OS X; 25 26Both of them will change the ownership of the BPF devices so that the 27"admin" group owns them, and will change the permission of the BPF 28devices to rw-rw----, so that all users in the "admin" group - i.e., all 29users with "Allow user to administer this computer" turned on - have 30both read and write access to them. 31 32The startup item is in the ChmodBPF directory in the source tree. A 33/Library/StartupItems directory should be created if it doesn't already 34exist, and the ChmodBPF directory should be copied to the 35/Library/StartupItems directory (copy the entire directory, so that 36there's a /Library/StartupItems/ChmodBPF directory, containing all the 37files in the source tree's ChmodBPF directory; don't copy the individual 38items in that directory to /Library/StartupItems). The ChmodBPF 39directory, and all files under it, must be owned by root. Installing 40the files won't immediately cause the startup item to be executed; it 41will be executed on the next reboot. To change the permissions before 42the reboot, run 43 44 sudo SystemStarter start ChmodBPF 45 46The launchd daemon is the chmod_bpf script, plus the 47org.tcpdump.chmod_bpf.plist launchd plist file. chmod_bpf should be 48installed in /usr/local/bin/chmod_bpf, and org.tcpdump.chmod_bpf.plist 49should be installed in /Library/LaunchDaemons. chmod_bpf, and 50org.tcpdump.chmod_bpf.plist, must be owned by root. Installing the 51script and plist file won't immediately cause the script to be executed; 52it will be executed on the next reboot. To change the permissions 53before the reboot, run 54 55 sudo /usr/local/bin/chmod_bpf 56 57or 58 59 sudo launchctl load /Library/LaunchDaemons/org.tcpdump.chmod_bpf.plist 60 61If you want to give a particular user permission to access the BPF 62devices, rather than giving all administrative users permission to 63access them, you can have the ChmodBPF/ChmodBPF script change the 64ownership of /dev/bpf* without changing the permissions. If you want to 65give a particular user permission to read and write the BPF devices and 66give the administrative users permission to read but not write the BPF 67devices, you can have the script change the owner to that user, the 68group to "admin", and the permissions to rw-r-----. Other possibilities 69are left as an exercise for the reader. 70 71(NOTE: due to a bug in Snow Leopard, if you change the permissions not 72to grant write permission to everybody who should be allowed to capture 73traffic, non-root users who cannot open the BPF devices for writing will 74not be able to capture outgoing packets.) 75