Re: [Muscle] Re: [opensc-devel] Defining default paths for chipcard drivers
On Wednesday 02 May 2007 00:27:42 Michael Bender wrote: How does this access control mechanism work? openct uses a status file and sockets, both placed in /var/run/openct/ only those with 0700 - only root can access it. 0750 - those in the group can use openct too, 0755 - everyone can use it. Andreas ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Re: [opensc-devel] Defining default paths for chipcard drivers
On Wednesday 02 May 2007 06:17:29 Martin Preuss wrote: On Wednesday 02 May 2007 00:27, Michael Bender wrote: Andreas Jellinghaus wrote: On Tuesday 01 May 2007 21:14:26 Martin Preuss wrote: For CTAPI drivers there is also another problem that should be addressed in the next step: I think it would be best to have a system group/user chipcard (or whatever name is feasible) analogous to the groups disk, audio etc. FYI: debian and ubuntu have scard for smart card access. currently used to limit access to openct. How does this access control mechanism work? [...] My guess would be: By setting the group and permission of the unix domain socket of the daemon or ifdhandler? IIRC some unix variants don't check permissions on socket files or something like that. so we put the permissions on the directory, which works on all unix systems. and that way openct doesn't need to know which permissions to use to create the sockets, which simplifies the code. Regards, Andreas ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Re: [opensc-devel] Defining default paths for chipcard drivers
On Tuesday 01 May 2007 21:14:26 Martin Preuss wrote: For CTAPI drivers there is also another problem that should be addressed in the next step: I think it would be best to have a system group/user chipcard (or whatever name is feasible) analogous to the groups disk, audio etc. FYI: debian and ubuntu have scard for smart card access. currently used to limit access to openct. Andreas ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Re: [opensc-devel] Defining default paths for chipcard drivers
Andreas Jellinghaus wrote: On Tuesday 01 May 2007 21:14:26 Martin Preuss wrote: For CTAPI drivers there is also another problem that should be addressed in the next step: I think it would be best to have a system group/user chipcard (or whatever name is feasible) analogous to the groups disk, audio etc. FYI: debian and ubuntu have scard for smart card access. currently used to limit access to openct. How does this access control mechanism work? mike ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle
Re: [Muscle] Re: [opensc-devel] Defining default paths for chipcard drivers
On Wednesday 02 May 2007 00:27, Michael Bender wrote: Andreas Jellinghaus wrote: On Tuesday 01 May 2007 21:14:26 Martin Preuss wrote: For CTAPI drivers there is also another problem that should be addressed in the next step: I think it would be best to have a system group/user chipcard (or whatever name is feasible) analogous to the groups disk, audio etc. FYI: debian and ubuntu have scard for smart card access. currently used to limit access to openct. How does this access control mechanism work? [...] My guess would be: By setting the group and permission of the unix domain socket of the daemon or ifdhandler? Regards Martin -- Things are only impossible until they're not AqBanking - http://www.aqbanking.de/ LibChipcard - http://www.libchipcard.de/ ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle