SCR3310 reader working for root, but not scard group

Todd A. Jacobs codegnome.consulting at gmail.com
Sun Feb 27 01:45:26 CET 2011


I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed
the drivers through the libccid package. This works out of the box for
root, but mortal users can't access the card at all. I tried a lightly
modified version of the scripts from
http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
but without success.

Here's all the debugging info I could think of. Anyone have any
suggestions for getting this working?

$ sudo aptitude install

$ lsusb | fgrep SCM
Bus 001 Device 012: ID 04e6:511f SCM Microsystems, Inc.

$ ls -l /dev/bus/usb/001/012
crw-rw-r-- 1 root root 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012

$ sudo chown .scard /dev/bus/usb/001/012

$ ls -l /dev/bus/usb/001/012
crw-rw-r-- 1 root scard 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012

$ gpg --card-status
gpg: selecting openpgp failed: ec=6.108
gpg: OpenPGP card not available: general error

$ sudo pcscd --foreground --debug --apdu
00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug
00000040 debuglog.c:259:DebugLogSetCategory() Debug options: APDU
00000385 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready.
00337587 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver
ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active
polling instead.
00000051 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling
forced every 1 second(s)

$ cat gnupg-ccid.rules
# GPG SmartCard Reader Support
#

ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*",
RUN+="/usr/local/sbin/gnupg-ccid.sh"
ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*",
RUN+="/usr/local/sbin/gnupg-ccid.sh"
ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*",
RUN+="/usr/local/sbin/gnupg-ccid.sh"

$ ls -l /usr/local/sbin/gnupg-ccid.sh
-rwxr-xr-x 1 root root 905 2011-02-26 15:40 /usr/local/sbin/gnupg-ccid.sh

$ cat /usr/local/sbin/gnupg-ccid.sh
#!/bin/bash
#
# taken from libgphoto2
#
# Sets up newly plugged in card reader so that only members of the
# group can access it

GROUP=scard

# can access it from user space. (Replace scard with the name of the
# group you want to have access to the card reader.)
#
# Note that for this script to work, you'll need all of the following:
# a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds
#    to the card reader you are using.
# b) a group "scard" where all users allowed access to the
#    card reader are listed
# c) a Linux kernel supporting hotplug and usbdevfs
# d) the hotplug package (http://linux-hotplug.sourceforge.net/)
#
# In the usermap file, the first field "usb module" should be named
# "gnupg-ccid" like this script.
#

if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]
then
    chmod o-rwx "${DEVICE}"
    chgrp "${GROUP}" "${DEVICE}"
    chmod g+rw "${DEVICE}"
fi



More information about the Gnupg-users mailing list