doc
Folders and files
Name | Name | Last commit date | ||
---|---|---|---|---|
parent directory.. | ||||
When pcsc-lite is compiled using the --enable-polkit option then polkit will be used to control access to the pcsc-lite daemon. That allows more fine grained access control to smart cards that is tied to the system processes rather than solely depending on the smart card controls (e.g., only console users can access the card and so on). Polkit is documented at: https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html A default polkit policy is shipped with pcsc-lite in org.debian.pcsc-lite.policy. The policy file allows restricting access to the daemon as well as access to smart cards. Polkit allows for additional rules, e.g., restricting access to particular smart cards. The rules are javascript files placed in /usr/share/polkit-1/rules.d/. To make specific smart card reader accessible by the web server (run as www-data user) you may use the following rules: polkit.addRule(function(action, subject) { if (action.id == "org.debian.pcsc-lite.access_card" && action.lookup("reader") == 'name of reader' && subject.user == "www-data") { return polkit.Result.YES; } }); polkit.addRule(function(action, subject) { if (action.id == "org.debian.pcsc-lite.access_pcsc" && subject.user == "www-data") { return polkit.Result.YES; } }); Note that the name of the reader can be obtained using "opensc-tool -l" or "pcsc_scan".