# Permanently grant read access to /dev/bpf*



## guitarmy (Sep 3, 2004)

Hi, I'm trying to use a packet capture library that uses the berkley packet filters in Darwin.  In order to capture the packets, I must have read acess to the /dev/bpf* files.  I can chmod these, but as soon as I reboot their privledges are reset!  Any ideas?
Thanks,
Eric


----------



## Captain Code (Sep 4, 2004)

Assuming this is a command line packet sniffer, use sudo to run it instead.

Changing system directory permissions isn't a good idea.


----------



## davidbrit2 (Sep 4, 2004)

To avoid using sudo every time, you can just enable the setuid bit on the application. Do this carefully though, because it means anybody who runs the program is running it with root permissions.

Okay, here's what you do: (most of it from the Terminal)

1. First, set the owner of the program to root. With the setuid bit enabled, the program is run with the permissions of the owner.
2. Set the group to admin (assuming you're an admin user). This way we can set it so only admin users have access to the program.
3. chmod 4750 _programfilename_

The chmod command alters the permission bits. In this case, here's what they represent.
4 - setuid bit enabled
7 - read, write, execute enabled for owner (root)
5 - read, execute enabled for group (admin)
0 - all other users have no access

This is how I usually do it for programs like tcpdump and tcpflow, and it works like a charm.


----------

