Matt Provost wrote:
On Aug 04 05:21 PM, Artur Grabowski wrote:
Jan Sepp <[EMAIL PROTECTED]> writes:
The answer was surprisingly simple. I just had to create a second pf
device, chown it and make it read-only for the new owner, and I could get
my statistics. These are the actual commands:
soekris # mknod /dev/pf2 c 73 0
soekris # chown myUser /dev/pf2
soekris # chmod u-w /dev/pf2
soekris # ls -l /dev/pf2
cr--r--r-- 1 myUser wheel 73, 0 Aug 4 16:38 /dev/pf2
soekris # su - myUser
$ pfctl -p /dev/pf2 -i sis0 -vvsI
sis0 (instance, attached)
Cleared: Thu Aug 4 15:48:46 2005
etc.
etc.
If the idea is that the user isn't supposed to be able to write to the
device, it doesn't really work.
# mknod /dev/pf2 c 73 0
# chown art /dev/pf2
# chmod u-w /dev/pf2
# ls -l /dev/pf2
cr--r--r-- 1 art wheel 73, 0 Aug 4 17:19 /dev/pf2
# su - art
$ chmod u+w /dev/pf2
$ ^D
# ls -l /dev/pf2
crw-r--r-- 1 art wheel 73, 0 Aug 4 17:19 /dev/pf2
# rm /dev/pf2
#
Right, you can use group permissions for that. Chown it to root:wheel,
chmod 740, then anyone in the wheel group can read it but can't delete
or chmod it. If you just need one user, make them have their own group
and do the same.
Matt
Well, not as CLOSED as I thought, obviously ;-)
Hope we've got all loopholes covered now.
Thanks once again!
Jan
