Hello, On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: > As listed on the pcsc-lite TODO file [1] I would like to run pcscd as > a normal user instead of root. To do this I need to: Good idea.
> But since both OpenCT and pcsc-lite should not be installed at the > same time the problem is very limited. I'm sure there will be accidental violations of this (IMHO essential) rule for quite some time. So better to have different group names. Why not make it explicit and call it "pcscd" or "smartcard", if your goal is running pcscd as a non-root user and not to try to restrict access to card readers via group membership. > I would like to have comments from users of OpenCT and users of > pcsc-lite about my plans. Maybe I missed something and a better > solution is available. In the end, the group *name* does not really matter, as standard users on Linux machines usually come with a plethora of groups pre-configured to give the user a functioning experience and most users will only encounter it when they need to add it based on some tutorial on the web (if it happens to be disabled) and forget it after they have added themselves. For example Debian SID extra groups of the auto-created user are: 20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),105(scanner),111(netdev),112(bluetooth),117(powerdev). I don't know exactly what the extra groups are for nor do I care a lot. Apparently they are needed to provide a usable desktop experience to me. Quite many OpenCT related questions on the mailing list have been "runs as root, does not run as user" and the reason being missing scard group. If the administrator wants to restrict access to smart cards or readers and is serious about it, I'm sure he'll deploy something like SELinux as well/instead. Best, -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
