[systemd-devel] [EXT] Best practice for giving a system daemon access to smartcard readers
Ran Benita
ran at unusedvar.com
Tue Feb 18 18:24:07 UTC 2025
On Tue, Feb 18, 2025, at 10:18, Windl, Ulrich wrote:
> Hi!
>
> Did you consider using ACLs instead of changing owner and group? However I must admit I never tried it with devices.
> So my idea was to add an ACL for pcscd when the service is in use and drop that right if the service is not active.
> You could even query the ACL to use it as “locked flag”.
Yes, I considered it. ACLs seem like a good solution. The only reason I'm not going for it
is that udev rules don't provide a builtin way to add ACLs that I can see. So I'll need to use
RUN setfacl which seems not so nice to me. Although in my system I do see that at least
`brltty` rules seem to do exactly that...
Ran
More information about the systemd-devel
mailing list