Allow a normal user to use a smartcard on Debian

Just after getting an openpgp smartcard and an omnikey cardman usb reader, I had a problem:

I couldn't use it without being root.

I found a tutorial on this site but in my configuration this tutorial didn't work and I had to make some adjustments. So I write details here, hopping this could be helpfull:

The first step is to get information (idVendor and idProduct) from the device with lsusb -v

For me:

  • idVendor 0x076b OmniKey AG*
  • idProduct 0x6623 *

Next step is to create a file /etc/udev/gnupg-ccid.rules whith this line inside:

ACTION=="add", ATTRS{idVendor}=="076b", ATTRS{idProduct}=="6623", GROUP="scard", RUN+="/etc/udev/scripts/gnupg-ccid"

Of course, if your card reader is not the same, you have to adapt idVendor and idProduct.

After, you have to create another file /etc/udev/scripts/gnupg-ccid with:

#!/bin/bash

if [ "${ACTION}" = "add" ] && [ -f "${DEVICE}" ] then * chmod o-rwx "${DEVICE}"* * chgrp "${GROUP}" "${DEVICE}"* * chmod g+rw "${DEVICE}"* fi

Change permissions:

# chmod +x /etc/udev/scripts/gnupg-ccid

Link the rules to udev:

# ln -s /etc/udev/gnupg-ccid.rules /etc/udev/rules.d/gnupg-ccid.rules

Create scard group:

# addgroup scard

Add your user to scard group:

# addgroup youruser scard

Ask udev to reload rules:

# udevadm control --reload-rules

Done!


Comments :

No comment yet

Add a comment

social