On Tue, 2010-08-31 at 21:07 +0200, Ludovic Rousseau wrote: > 2010/8/31 Peter Stuge <pe...@stuge.se>: > > Johannes Findeisen wrote: > >> > I think it is important to pay attention to the original goal: to > >> > run pcscd as a normal user instead of root. > >> > >> Yep, that's what I want too. But, when running pcscd as normal > >> user, this normal user need access to the device. Ok, you could > >> make it usable for all users. Then you are right. No need for an > >> extra group. > > > > I sense a miscommunication. > > > > Is the desire to: > > > > 1. run pcscd as the particular logged-in user > > or > > 2. always run pcscd as one *particular* user, which can not log in > > > > > > I believe 2 is what was proposed. > > More precisely pcscd would be run as the user staring it but in the > group "pcscd" using the sgid-bit mechanism. So the smart card reader > devices need to be accessible to the group "pcscd".
Hello Ludovic, in my own opinion, the user starting it would be root in most cases. Or more precisely the init process. Therefore nothing would change with the exception, that ordinary users can start pcscd too. Given the case, that every user would start it's own instance of pcscd (in opposition to a single instance started by init), then problems arises when there are more than one instance. Which reader for which instance of pcscd for example. Or when a new reader is plugged in, who can access it? First come first serve? In this thread I haven't found any information on the problem to solve. But knowing this problem would be of help, when developing the solution. Have I missed something? Regards Andre > I think that using a special group is more flexible than using a special user. > > I am not sure it is possible to drop the user privileges and become > nobody or something similar (without being root). > > Bye > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
