Develop Reference

Wireshark - you don't have permission to capture on that device mac

I installed Wireshark and during the installation it showed an error but the installation itself completed. When I ran the program and tried to capture packets on my network, it showed this error:
I'm new to mac so i don't even know how to properly ask.
Could someone help me?

According to User: gmale's answer on ask.wireshark.org, he solved his problem in this way and I'm sure that it could solve yours as well. It says:
1- Open Terminal
To see your exact user name (for me that was AliGht)
2- Type 'whoami'
3- execute the following commands:
cd /dev
sudo chown AliGht:admin bp*
and enter your computer password:
4- now type this command:
ls -la | grep bp
The last command will display a list of files such as:
5- Make sure all of them have your user name and admin as the user/group. For some reason, the last one didn't get assigned properly so I had to run the command:
sudo chown AliGht:admin bpf4
so the last command fixed my problem as you see in the last image:
Done!
If your WireShark is open then close it and open it again.
All credits of this tutorial goes to user gmale on ask.wireshark.org,
If you want to open WireShark always as administrator then take a look to another post which I created a shortcut for it via Applescript, and this is the only way which you can open the WireShark always as administrator even when you turn off/on your mac.

I don't know how to solve this problem, but if you want a temporary fix, you can use the following command:
$ sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark

Wireshark provides the solution itself, along with the explanation of weird secrets:
add your user to the group "access_bpf" by commanding
sudo dseditgroup -o edit -a `whoami` -t user access_bpf
then launch Wireshark's script
sudo "/Library/Application Support/Wireshark/ChmodBPF/ChmodBPF";
That's all, because (as the script explains):
# Unfortunately, macOS's devfs is based on the old FreeBSD
# one, not the current one, so there's no way to configure it
# to create BPF devices with particular owners or groups. BPF
# devices on macOS are also non-cloning, that is they can
# be created on demand at any time. This startup item will
# pre-create a number of BPF devices, then make them owned by
# the access_bpf group, with permissions rw-rw----, so that
# anybody in the access_bpf group can use programs that capture
# or send raw packets.

If you want to open WireShark always as administrator I suggest to use AppleScript:
Open AppleScript: By pressing cmd+space and write AppleScript Editor in the Spotlight Search as picture below:
Then from File --> Choose NEW
In the open window write:
do shell script "/Applications/Wireshark.app/Contents/MacOS/Wireshark" ¬
with administrator privileges user name "username" password "password"
Change the "username" and "password" with yours. If you don't know your username in terminal write "whoami" to see your username, password is your computer password!.
Mine is look like this:
Now export your script as Application, by going to --> File --> Export , and change File Format to Application write a name for your file and Save it on your desktop like following pictures:
DONE now run your App from Desktop, and by this way your WireShark runs always by Admin Permission.

I have faced the same problem in MacOS High Sierra (v10.13.6). I have clean-up all dependency files and folders but nothing works for me.
Using the terminal, if I run the following command then it is working -
sudo chmod o+r /dev/bpf*

sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark
This should work.

Run the application from the terminal with the following command:
User$ **sudo Wireshark**
Wireshark should open and packet capture should work then.

Was having same issue with install and run permissions etc. Attempted a few of the above mentioned fixes and although they would come back with the desired result program still would not run properly even with uninstall/install in addition.Getting a bit overwhelmed with it not working after several remedies being attempted I came to one that was super simple and worked -
I simply set up/checked log in as root user. Here you can enable/disable root user account, enable log in account and change root password. So I just switched profiles from my Admin account to the Root account. (I am honestly not sure if its safe to do it this way, so thinking many of you have far more knowledge on this than me I'd appreciate your comments on that!) Also my understanding is that you cannot properly run sudo commands if root account is enabled - So probably just tuning it off if it were on would suffice, but I wanted a quick and easy install at that point. The steps are really easy:
support.apple.com/en-us/HT204012
Then just switch user accounts to root -Log in with "other" then type root and your password.
Now just install Wireshark and it should install and run properly!
**I don't think I would stay in root account after install.
Hope maybe this will help some!

I got same issue and then notice below document provide solution already.
https://www.wireshark.org/docs/wsug_html_chunked/ChBuildInstallOSXInstall.html
2.5. Installing Wireshark under macOS
The official macOS packages are distributed as disk images (.dmg) containing the application bundle. To install Wireshark simply open the disk image and drag Wireshark to your /Applications folder.
In order to capture packets, you must install the “ChmodBPF” launch daemon. You can do so by opening the Install ChmodBPF.pkg file in the Wireshark .dmg or from Wireshark iself by opening Wireshark → About Wireshark selecting the “Folders” tab, and double-clicking “macOS Extras”.
The installer package includes Wireshark along with ChmodBPF and system path packages. See the included Read me first.html file for more details.

I do not want to modify my folder permissions on my system device files like the accepted answer, but I was able to get permissions by opening Wireshark like this:
sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark
Bonus, you can add an alias to your ~/.zshrc:
alias ws="sudo /Applications/Wireshark.app/Contents/MacOS/Wireshark"
Now execute the file: (or you can open a new terminal window)
source ~/.zshrc
Open wireshark with super user permissions:
ws

ftpd can't change root directory when connecting as a non-root user

I have an embedded system running linux and I have busybox installed for running different services. One of the services is ftpd, which I start like this from the etc/init.d/rcS file:
tcpsvd 0.0.0.0 21 ftpd -w -v /mnt/flash&
I have two users in the system, root and a regular user. Root user can easily connect to the FTP server, but when I try to login with the regular user's credentials, I get this error:
ftpd[678]: can't change root directory to '/mnt/flash': Operation not permitted
Now, I thought that it must be a directory permission problem, and I started with changing permissions on the /mnt/flash directory first, but after this didn't work, I ended up having all my files in file-system including / to be owned by this regular user and have drwxrwxrwt permissions (just to find the cause of the problem). But I still get this error.
I have also tried to start ftpd with different root folders, including /.
I also couldn't find any config files for the ftpd in my file-system, maybe I need to create one manually? If so, which one and how to tell ftpd to allow user logins?
I'd really appreciate any help. Thanks.

Well, after trying some random things, I discovered that user login works fine if there is no directory changing involved at all:
tcpsvd 0.0.0.0 21 ftpd -w -v &
I suspect that chroot is called otherwise and the user does not have a right to do that.

How do I keep OS X from requiring admin password when I copy to or delete from its web server?

I've started using the Apache web server that comes with OS X (10.9.4) for testing. When I copy files to its web root (/Library/WebServer/Documents) or delete from the same, I get prompted for the admin password. I have this password, so that's not a problem. It's just inefficient. I haven't had this issue when using other installs of Apache (generally via MAMP). So I'm sure it's just a config issue. Any help is appreciated.

This is done to protect the directory, you can add an ACL to allow your user account read/write access to that folder.
You can add the ACL as follows, Please be sure to change "yourshortname" to your username on the computer.
sudo chmod -R +a "yourshortname allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity" /Library/WebServer/Documents
Let me know if it works for you.

How to give apache the right to write in the Document root on Mac Os 10.8 ( Mountain Lion)

I'm having a lot of issues with PHP and Apache while using os-x mountain lion. Basically my plugin needs wordpress to move some files but it always ask for ftp server credential, like if apache doesn't have permission to write those directories.
Apache is running with
User daemon
Group daemon
if i do
ls -lad htdocs/
i get
drwxrwxr-x 7 root staff 238 13 Ago 21:51 htdocs/
i'm using zend server ce 5.6. What should i do to make sure that apache has full rights to do everything? I would give it root access (it' my dev machine and i must get things working, so i don't care about security issues, but i don't know how to that, if i can do it in a cleaner why i'd be happy but i need this to work )

Your htdocs directory is owned by root, and in the group staff. User permissions on it are rwx, group permission are rwx, and world permissions are rx. So apache needs to be run as either user root or group staff to have full read/write/execute permissions. Otherwise change the owner and/or group of your htdocs directory to daemon and apache will have full rwx permissions. If you really don't care about security at all, just do chmod 777 htdocs (not recommended).

WordPress isn't really checking if it has the right to write in a directory (it's the same for plugin installation), it's only checking if the user and group it's running through Apache is the same that the parent folder.
So the only way is indeed to chmod the folder to your Apache user/group

Correct owner/group/permissions for Apache 2 site files/folders under Mac OS X?

It's hard to find Mac-specific answers to this question on the web, so I'm hoping someone out there can put this one to rest for me? My permissions are screwed up on my sites and I'm not sure how to fix them without just slamming a recursive 777 on everything which is quite obviously incorrect.
Thanks!

This is the most restrictive and safest way I've found, as explained here for hypothetical ~/my/web/root/ directory for your web content:
For each parent directory leading to your web root (e.g. ~/my, ~/my/web, ~/my/web/root):
chmod go-rwx DIR (nobody other than owner can access content)
chmod go+x DIR (to allow "users" including _www to "enter" the dir)
sudo chgrp -R _www ~/my/web/root (all web content is now group _www)
chmod -R go-rwx ~/my/web/root (nobody other than owner can access web content)
chmod -R g+rx ~/my/web/root (all web content is now readable/executable/enterable by _www)
All other solutions leave files open to other local users (who are part of the "staff" group as well as obviously being in the "o"/others group). These users may then freely browse and access DB configurations, source code, or other sensitive details in your web config files and scripts if such are part of your content. If this is not an issue for you, then by all means go with one of the simpler solutions.

If you really don't like the Terminal here is the GUI way to do dkamins is telling you :
1) Go to your user home directory (ludo would be mine) and from the File menu choose Get Info cmdI in the inspector :
2) By alt/option clicking on the [+] sign add the _www group and set it's permission to read-only :
Thus consider (good practice) not storing personnal information at the root of your user home folder (& hard disk) !
You may skip this step if the **everyone** group has **read-only** permission but since AirDrop the **/Public/Drop Box** folder is mostly useless...
3) Show the Get Info inspector of your user Sites folder and reproduce step 2 then from the gear action sub-menu choose Apply to enclosed Items... :
Voilà 3 steps and the GUI only way...

I know this is an old post, but for anyone upgrading to Mountain Lion (10.8) and experiencing similar issues, adding FollowSymLinks to your {username}.conf file (in /etc/apache2/users/) did the trick for me. So the file looks like this:
<Directory "/Users/username/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>

2 month old thread, but better late than never! On 10.6, I have my webserver documents folder set to:
owner:root
group:_www
permission:755
_www is the user that runs apache under Mac OS X. I then added an ACL to allow full permissions to the Administrators group. That way, I can still make any changes with my admin user without having to authenticate as root.
Also, when I want to allow the webserver to write to a folder, I can simply chmod to 775, leaving everyone other than root:_www with only read/execute permissions (excluding any ACLs that I have applied)

On my 10.6 system:
vhosts folder:
owner:root
group:wheel
permissions:755
vhost.conf files:
owner:root
group:wheel
permissions:644

The user owner for me is the admin user and the group is _www and works with permissions set to 775 for dir and for files 664

Catalina Update / Desktop Permissions
I come across this once a year on macOS. I usually use apache2 for hosting a
folder on my desktop.
If you are trying to give access to the desktop folder you need to follow this to allow httpd to have access to all folders: https://apple.stackexchange.com/a/373139/353465

Open up terminal first and then go to directory of web server
cd /Library/WebServer/Documents
and then type this and what you will do is you will give read and write permission
sudo chmod -R o+w /Library/WebServer/Documents
This will surely work!