On Jul 27 09:31 AM, Jan Sepp wrote:
> Hello,
>
> I am creating a shell script that gathers PF statistics for my various
> interfaces, as in pfctl -i <<if>> -vvsI . (Yes, I am aware of the
> existence of rpfcd, but as I want to monitor only one local box and
> write the output directly to console, that seems overkill to me.) I am
> running OpenBSD 3.6 on a Soekris.
>
> This script should not run as root. If I run it as a non-privileged
> user, I get an error. Basically, the problem is in the mode bits for
> /dev/pf, which are crw-------, owner root.
>
> [ Jan Sepp snipped here ]
The answer was surprisingly simple. I just had to create a second pf
device, chown it and make it read-only for the new owner, and I could get
my statistics. These are the actual commands:
soekris # mknod /dev/pf2 c 73 0
soekris # chown myUser /dev/pf2
soekris # chmod u-w /dev/pf2
soekris # ls -l /dev/pf2
cr--r--r-- 1 myUser wheel 73, 0 Aug 4 16:38 /dev/pf2
soekris # su - myUser
$ pfctl -p /dev/pf2 -i sis0 -vvsI
sis0 (instance, attached)
Cleared: Thu Aug 4 15:48:46 2005
etc.
etc.
Thank you all who answered my question and most notably Matt Provost,
who essentially wrote the answer down for me!
Jan Sepp
