I needed to use tcpdump to perform network troubleshooting on an Apple OS-X system (Darwin Kernel Version 7.9.0), but when I tried running it from my account, I received a "permission denied" message.
$ tcpdump
tcpdump: (no devices found) /dev/bpf0: Permission denied
I don't know the root password for the system, but my account has
administrator privileges on the system. Without knowing the root
password, though, I could not su
to the root account.
Fortunately, I found a solution at
Ethereal "Turbo Charged", where Olivier Biot posted a solution,
which I qoute below:
Do a "sudo chown Gurue /dev/bpf*" (or whatever your login name is on your Mac). Once you've done that, you can (at least until the machine is rebooted) run Ethereal or Tethereal or tcpdump or... as yourself, rather than as root. (Mac OS X's "/dev" is implemented with devfs, so the special files aren't persistent across reboots, and it's an older devfs so it can't be configured to set up particular devices with particular owners and permissions, so any ownership or permission changes you make don't survive across reboots.)
I checked the existing permissions on /dev/bpf* files first.
$ ls -l /dev/bpf*
crw------- 1 root wheel 23, 0 12 Jun 18:32 /dev/bpf0
crw------- 1 root wheel 23, 1 12 Jun 15:30 /dev/bpf1
crw------- 1 root wheel 23, 2 12 Jun 15:30 /dev/bpf2
crw------- 1 root wheel 23, 3 12 Jun 15:30 /dev/bpf3
I then used changed the permissions on just /dev/bpf0. I was
prompted for a password when I used sudo chown myacct /dev/bpf0
and was able to change the permissions when I entered my password.
$ sudo chown jdoe /dev/bpf0
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
Password:
I was then able to run tcpdump. When I disconnected and reconnected,
I received the message tcpdump: (no devices found) /dev/bpf1: Permission
denied
when I tried running tcpdump again, so I changed
the permission on /dev/bpf1 as well. I could have used
sudo chown jdoe /dev/bpf*
initially to change the permissions
on all the /dev/bpf* files. Since I very infrequently need to
run tcpdump on this system, it doesn't matter to me that I will have
to reset the permissions on the files again whenever the system is rebooted.