blob: 8f5035de5276ca47833a14d9a1ca0ace5735b272 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/bin/sh
#
# Fix up ownership and permissions on /Library/Application Support/Wireshark;
# for some reason, it's not being owned by root:wheel, and it's not
# publicly readable and, for directories and executables, not publicly
# searchable/executable.
#
# Also take away group write permission.
#
# XXX - that may be a problem with the process of building the installer
# package; if so, that's where it *should* be fixed.
#
chown -R root:wheel "/Library/Application Support/Wireshark"
chmod -R a+rX,go-w "/Library/Application Support/Wireshark"
CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
BPF_GROUP="access_bpf"
BPF_GROUP_NAME="BPF device access ACL"
min_gid=100
if ! dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1; then
free_gid=$(dscl . -list /Groups PrimaryGroupID | sort -bnk2 | awk -v min_gid=$min_gid 'BEGIN{i=min_gid}{if($2==i)i++}END{print i}')
dseditgroup -q -o create -i $free_gid -r "$BPF_GROUP_NAME" "$BPF_GROUP"
fi
dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"
chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST"
chown root:wheel "$CHMOD_BPF_PLIST"
# Clean up our legacy startup item if it's still around.
rm -rf /Library/StartupItems/ChmodBPF
# Try to bootout first, otherwise bootstrap will fail with
# "Bootstrap failed: 5: Input/output error"
# if org.wireshark.ChmodBPF is already loaded.
launchctl bootout system "$CHMOD_BPF_PLIST" > /dev/null 2>&1
launchctl bootstrap system "$CHMOD_BPF_PLIST"
|