美文网首页
摘录-Permanently grant read access

摘录-Permanently grant read access

作者: 晚辈曾阿牛 | 来源:发表于2019-02-17 01:13 被阅读3次

    有些国外网页,打开速度太慢,同时也是为了怕忘记,故摘录到简书。
    原始网页:https://macosx.com/threads/permanently-grant-read-access-to-dev-bpf.46013/#post-326372

    问题:
    Permanently grant read access to /dev/bpf*
    问题详情:

    Hi, I'm trying to use a packet capture library that uses the berkley packet filters in Darwin. In order to capture the packets, I must have read acess to the /dev/bpf* files. I can chmod these, but as soon as I reboot their privledges are reset! Any ideas?
    Thanks,
    Eric

    问题详情的翻译:

    嗨,我正在尝试使用在Darwin中使用berkley数据包过滤器的数据包捕获库。为了捕获数据包,我必须读取/ dev / bpf *文件。我可以chmod这些,但一旦我重新启动他们的权限被重置!有任何想法吗?
    谢谢,
    埃里克

    最佳解答方法:

    To avoid using sudo every time, you can just enable the setuid bit on the application. Do this carefully though, because it means anybody who runs the program is running it with root permissions.
    
    Okay, here's what you do: (most of it from the Terminal)
    
    1. First, set the owner of the program to root. With the setuid bit enabled, the program is run with the permissions of the owner.
    2. Set the group to admin (assuming you're an admin user). This way we can set it so only admin users have access to the program.
    3. chmod 4750 programfilename
    
    The chmod command alters the permission bits. In this case, here's what they represent.
    4 - setuid bit enabled
    7 - read, write, execute enabled for owner (root)
    5 - read, execute enabled for group (admin)
    0 - all other users have no access
    
    This is how I usually do it for programs like tcpdump and tcpflow, and it works like a charm.
    
    

    最佳解答的翻译

    为避免每次都使用sudo,您只需在应用程序上启用setuid位即可。但是要小心这样做,因为这意味着任何运行该程序的人都使用root权限运行它。
    
    好的,这就是你所做的:(大部分来自终端)
    
    1. 首先,将程序的所有者设置为root。启用setuid位后,程序将以所有者的权限运行。
    2. 将组设置为admin(假设您是管理员用户)。这样我们就可以设置它,这样只有管理员用户才能访问该程序。
    3. chmod 4750 programfilename
    
    chmod命令改变权限位。在这种情况下,这是他们所代表的。
    4 - 启用setuid位
    7 - 为所有者(root)启用读,写,执行
    5 - 读取,执行启用组(admin)
    0 - 所有其他用户都无法访问
    
    这是我通常为tcpdump和tcpflow等程序执行的操作,它就像一个魅力。
    

    另外在Wireshark官网上还有两个对话,可以参考一下:


    Wireshark权限问题1 Wireshark权限问题2

    相关文章

      网友评论

          本文标题:摘录-Permanently grant read access

          本文链接:https://www.haomeiwen.com/subject/enuweqtx.html