2010/8/30 Martin Paljak <mar...@paljak.pri.ee>: > Hello, > > On Aug 30, 2010, at 12:19 PM, Ludovic Rousseau wrote: >> As listed on the pcsc-lite TODO file [1] I would like to run pcscd as >> a normal user instead of root. To do this I need to: > Good idea. > >> But since both OpenCT and pcsc-lite should not be installed at the >> same time the problem is very limited. > > I'm sure there will be accidental violations of this (IMHO essential) rule > for quite some time. So better to have different group names.
I thought that OpenCT changes the access rights of the devices. But it looks like it is not the case. The udev rule is just used to start openct-control (as root?). Exact? Any OpenCT expert (or user) can confirm? > Why not make it explicit and call it "pcscd" or "smartcard", if your goal is > running pcscd as a non-root user and not to try to restrict access to card > readers via group membership. "pcscd" is a good group name. It is a direct link to the pcscd binary Users should _not_ be in that group so the group name should not be as explicit as "smartcard". > If the administrator wants to restrict access to smart cards or readers and > is serious about it, I'm sure he'll deploy something like SELinux as > well/instead. access to the pcscd daemon is done through the named pipe /var/run/pcscd/pcscd.comm. And this is a file so the standard Unix file access conditions can be used. Default access rights are 777. Maybe I can remove the execution bits. Thanks PS: I will not comment about Gentoo :-) -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
