SCR3310 reader working for root, but not scard group

David Tomaschik david at systemoverlord.com
Sun Feb 27 02:52:27 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a 3310 and with pcscd, I haven't even found the need to use the
scard group.  I have found that occasionally I have to restart
scdaemon in order to get new readers/cards recognized.  I haven't
narrowed it down specifically yet.  (I just got my readers & cards
Thursday/Friday.)

Let me know if you find something that works for you.

David


On 02/26/2011 07:45 PM, Todd A. Jacobs wrote:
> I have an SCR3310 card reader on an Ubuntu 10.10 system, and installed
> the drivers through the libccid package. This works out of the box for
> root, but mortal users can't access the card at all. I tried a lightly
> modified version of the scripts from
> http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html
> but without success.
>
> Here's all the debugging info I could think of. Anyone have any
> suggestions for getting this working?
>
> $ sudo aptitude install
>
> $ lsusb | fgrep SCM
> Bus 001 Device 012: ID 04e6:511f SCM Microsystems, Inc.
>
> $ ls -l /dev/bus/usb/001/012
> crw-rw-r-- 1 root root 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012
>
> $ sudo chown .scard /dev/bus/usb/001/012
>
> $ ls -l /dev/bus/usb/001/012
> crw-rw-r-- 1 root scard 189, 11 2011-02-26 16:32 /dev/bus/usb/001/012
>
> $ gpg --card-status
> gpg: selecting openpgp failed: ec=6.108
> gpg: OpenPGP card not available: general error
>
> $ sudo pcscd --foreground --debug --apdu
> 00000000 debuglog.c:230:DebugLogSetLevel() debug level=debug
> 00000040 debuglog.c:259:DebugLogSetCategory() Debug options: APDU
> 00000385 pcscdaemon.c:512:main() pcsc-lite 1.5.5 daemon ready.
> 00337587 hotplug_libusb.c:403:HPEstablishUSBNotifications() Driver
> ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active
> polling instead.
> 00000051 hotplug_libusb.c:412:HPEstablishUSBNotifications() Polling
> forced every 1 second(s)
>
> $ cat gnupg-ccid.rules
> # GPG SmartCard Reader Support
> #
>
> ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/e003/*",
> RUN+="/usr/local/sbin/gnupg-ccid.sh"
> ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/5115/*",
> RUN+="/usr/local/sbin/gnupg-ccid.sh"
> ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="4e6/511f/*",
> RUN+="/usr/local/sbin/gnupg-ccid.sh"
>
> $ ls -l /usr/local/sbin/gnupg-ccid.sh
> -rwxr-xr-x 1 root root 905 2011-02-26 15:40 /usr/local/sbin/gnupg-ccid.sh
>
> $ cat /usr/local/sbin/gnupg-ccid.sh
> #!/bin/bash
> #
> # taken from libgphoto2
> #
> # Sets up newly plugged in card reader so that only members of the
> # group can access it
>
> GROUP=scard
>
> # can access it from user space. (Replace scard with the name of the
> # group you want to have access to the card reader.)
> #
> # Note that for this script to work, you'll need all of the following:
> # a) a line in the file /etc/hotplug/gnupg-ccid.usermap that corresponds
> # to the card reader you are using.
> # b) a group "scard" where all users allowed access to the
> # card reader are listed
> # c) a Linux kernel supporting hotplug and usbdevfs
> # d) the hotplug package (http://linux-hotplug.sourceforge.net/)
> #
> # In the usermap file, the first field "usb module" should be named
> # "gnupg-ccid" like this script.
> #
>
> if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ]
> then
> chmod o-rwx "${DEVICE}"
> chgrp "${GROUP}" "${DEVICE}"
> chmod g+rw "${DEVICE}"
> fi
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGcBAEBAgAGBQJNaa5UAAoJEP2raL8/Cn3q3pwMAJdmaGqcBWC+wQA7fSs7nIeO
3aiGvye3jDNTlSothHqXFqJUuVqpCyxGEFvBIPt1ScxYeSZu2eUjJz3ItZGUyqrO
Mx2LBjkHMtugIaBO2K4Fwgdhmfv1fLeK3GuYKf/zlIJ30aLnNjU1fR2YOZ5OQoGJ
Hhgv0VabmYAYKzJKnjYoAwFF8Dw3+jnN1ApMIOe7s7UNM1/cfExCjxzRwkyyZeI5
B095VNGPq7MCbDDL2nX+38TmtK5viH70wlXI9sPAMZDEs7qqHYO2UaY2O+Ub9dyU
nlb+gYf4sA3f6nuWD4XEhnNlFTVh9PXGG+A5XSPOogEJJBPG5pnc3wOaHiKMkJ5C
dIIrBZ3zt464/3+2a8mJ4TVvtnJ/P8m4EPIbK8F68DoKILXPUef32FRsgJdO2ecD
tHxqCrPVpj4RMID0d7vjcYnJTp7t/JeNlGU3rSvRZTLWhRbcyHrApZLglr8+P/K3
6WDF9ELRk0g+vsedoN95Uf+O+Nuw47I1O/EQA/r2Pg==
=Hav1
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list