On Aug 04 05:21 PM, Artur Grabowski wrote: > Jan Sepp <[EMAIL PROTECTED]> writes: > > > The answer was surprisingly simple. I just had to create a second pf > > device, chown it and make it read-only for the new owner, and I could get > > my statistics. These are the actual commands: > > > > soekris # mknod /dev/pf2 c 73 0 > > soekris # chown myUser /dev/pf2 > > soekris # chmod u-w /dev/pf2 > > soekris # ls -l /dev/pf2 > > cr--r--r-- 1 myUser wheel 73, 0 Aug 4 16:38 /dev/pf2 > > soekris # su - myUser > > $ pfctl -p /dev/pf2 -i sis0 -vvsI > > sis0 (instance, attached) > > Cleared: Thu Aug 4 15:48:46 2005 > > etc. > > etc. > > If the idea is that the user isn't supposed to be able to write to the > device, it doesn't really work. > > # mknod /dev/pf2 c 73 0 > # chown art /dev/pf2 > # chmod u-w /dev/pf2 > # ls -l /dev/pf2 > cr--r--r-- 1 art wheel 73, 0 Aug 4 17:19 /dev/pf2 > # su - art > $ chmod u+w /dev/pf2 > $ ^D > # ls -l /dev/pf2 > crw-r--r-- 1 art wheel 73, 0 Aug 4 17:19 /dev/pf2 > # rm /dev/pf2 > # >
Right, you can use group permissions for that. Chown it to root:wheel, chmod 740, then anyone in the wheel group can read it but can't delete or chmod it. If you just need one user, make them have their own group and do the same. Matt
