[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: adding user to package-forreign group



On Thu, Nov 29, 2007 at 11:09:26PM +0100, Micha Lenk wrote:
Hi,

I am the maintainer of package libchipcard, a library for accessing
smart cards. The software is designed in a client/server layout, where
the server manages chipcard reader devices and serves requests made by
applications willing to access a smart card. The daemon process is
running as unprivileged user "chipcard", created by a postinst script.

In order to access ReinerSCT Cyberjack smart card readers a driver
package libcyberjack-ctapi2 is needed, which is not in the archive but
available on SF.net or the manufacturer's homepage. Unfortunately the
driver package restricts access to the kernel device to members of the
system group "cyberjack" (using a udev rule). This usually locks the
chipcard daemon out. The author of the driver package dislikes to change
the name of the group "cyberjack" for rather historical reasons.

If you're intending on packaging this, then change the udev rule to be a sane default. If you're not, then simply document this problem and its solution in README.Debian. You could also try to convince the upstream maintainer to use the group chipcard on new Debian installations, using the presence of /etc/debian_version or lsb_release -i.

You probably don't want to add the chipcard user to the cyberjack group because it is entirely possible that someone has a user named cyberjack[0], which would have unfortunate consequences. If an in-archive package has a conflict with an existing username, then it will generally fail when it tries to add an already existing non-system user as a system user (at least it should), so this problem will never occur with an in-archive package.

[0] I have found at least three websites having users named cyberjack, so this is not entirely theoretical.

--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
a typesetting engine: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature


Reply to: