Wireshark-users: Re: [Wireshark-users] FreeBSD & Running As User
From: Stephen Fisher <[email protected]>
Date: Tue, 25 Sep 2007 18:43:02 -0600
On Tue, Sep 25, 2007 at 05:31:16PM -0700, J wrote:

> Can someone offer some insight as to how to run wireshark as a normal
> user in FreeBSD 6.2?  I've tried changing the bpf devices' group, as
> well as granting read access to them via this group, but I'm still
> getting "permission denied" errors.  If not, I would welcome some
> general instructions about how to run wireshark reasonably securely on
> FreeBSD.  Currently using a generic kernel.

Did you also grant the group read rights to all bpf devices?  Does "ls
-l" reflect this?  I usually granted my user read rights and changed the
owner to myself.  I would assume doing it with the group would work too,
but I do not have a FreeBSD box handy with Wireshark on it to test that

To make these changes permament, you need to modify /etc/devfs.conf for
next bootup.  It is probably best to make the change to devfs.conf even
if you aren't going to reboot, as each newly created bpf device inherits
the permissions you give it in that file.  Sometimes new bpf devices are
created on the fly when using capturing tools.