From 55e2798363e6ae520f5fa0bf6ffb392e91aaaf9e Mon Sep 17 00:00:00 2001 From: tiyn Date: Wed, 4 Mar 2026 05:05:02 +0100 Subject: [PATCH] linux: added fingerprint readers on linux --- wiki/linux/fingerprint_reader.md | 126 +++++++++++++++++++++++++++++++ wiki/linux/hardware_(linux).md | 39 ++++++---- 2 files changed, 149 insertions(+), 16 deletions(-) create mode 100644 wiki/linux/fingerprint_reader.md diff --git a/wiki/linux/fingerprint_reader.md b/wiki/linux/fingerprint_reader.md new file mode 100644 index 0000000..fba8c26 --- /dev/null +++ b/wiki/linux/fingerprint_reader.md @@ -0,0 +1,126 @@ +# Fingerprint Reader + +Fingerprint readers can be used for local authentication on +[Linux](/wiki/linux.md) systems. + +## Setup + +Support for most fingerprint reader devices is provided by the `libfprint` library and the +`fprintd` daemon, which in turn need to be installed. +Many [Linux](/wiki/linux.md) distributions package both components directly under this name. + +After installation restart the daemon. + +```sh +sudo systemctl restart fprintd +``` + +By default enrolling fingerprints may require administrative privileges. +This can be changed using a `polkit` rule that allows members of the `wheel` group to enroll +fingerprints without using `sudo`. + +Create the file `/etc/polkit-1/rules.d/49-fprint.rules`. + +```sh +sudo vim /etc/polkit-1/rules.d/49-fprint.rules +``` + +Insert the following rule. + +```txt +polkit.addRule(function(action, subject) { + if (action.id == "net.reactivated.fprint.device.enroll" && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); +``` + +## Usage + +This section addresses the usage of fingerprint readers. + +### Enrolling a Fingerprint + +A fingerprint can be registered using the following command. + +```sh +fprintd-enroll +``` + +The program will repeatedly ask to place a finger on the reader until the fingerprint has been +successfully recorded. + +### Listing Stored Fingerprints + +Stored fingerprints of the current user can be displayed with the following command. +`` describes the username to list fingerprints for. + +```sh +fprintd-list +``` + +Fingerprints of other users can be inspected using administrative privileges. + +```sh +sudo fprintd-list root +``` + +### Removing Fingerprints + +Fingerprints can be deleted using `fprintd-delete`. +The following displays the removal of a finger called `` (for example `right-index-finger`) +for a user called ``. + +```sh +sudo fprintd-delete +``` + +### Using Fingerprints with `sudo` + +Fingerprint authentication can be used with `sudo` through PAM. + +Edit the configuration file. + +```sh +sudo vim /etc/pam.d/sudo +``` + +Add the following line near the top of the file. +The line should be placed near the top of the file so that fingerprint authentication is attempted +before password authentication. + +```txt +auth sufficient pam_fprintd.so +``` + +With this configuration the fingerprint reader can be used for `sudo` authentication while the +password remains available as a fallback. + +## Troubleshooting + +This section will focus on errors and the fixing of errors of fingerprint readers. + +### Permission denied when enrolling fingerprints + +When attempting to enroll a fingerprint the following error may occur: + +```txt +EnrollStart failed: GDBus.Error:net.reactivated.Fprint.Error.PermissionDenied: +Not Authorized: net.reactivated.fprint.device.enroll +``` + +In this case `fprintd` requires elevated privileges to enroll fingerprints. + +The issue can be solved by creating a `polkit` rule which allows members of the `wheel` group to +enroll fingerprints. + +In this case the polkit rule `/etc/polkit-1/rules.d/49-fprint.rules` most likely was not set as +described in the [setup section](#setup). + +After adding the rule the error should vanish. +The rule fingerprint enrollment can then be executed without `sudo`. + +```sh +fprintd-enroll +``` diff --git a/wiki/linux/hardware_(linux).md b/wiki/linux/hardware_(linux).md index 3038d3c..3276150 100644 --- a/wiki/linux/hardware_(linux).md +++ b/wiki/linux/hardware_(linux).md @@ -1,32 +1,32 @@ # Hardware (Linux) -This entry focusses on various hardware components of a [Linux](/wiki/linux.md) desktop PC or a +This entry focuses on various hardware components of a [Linux](/wiki/linux.md) desktop PC or a laptop. For non-Linux specific or general topics in hardware see the -[correspoding entry](/wiki/hardware_%28general%29.md) +[corresponding entry](/wiki/hardware_%28general%29.md) -## Battery +## Battery The battery of a notebook can be inspected by using the `upower` command. To use it the tool needs to be installed. In most [Linux](/wiki/linux.md) distributions this is bundled in a package of the same name. -This section is based on [a video by eKiwi](https://youtu.be/t9KMFDTb79E) which addresses battery -health. +This section is based on [a YouTube video by the user eKiwi](https://youtu.be/t9KMFDTb79E) which +addresses battery health. -To find out about a battery, its name needs to be known, which can be done using the following +To find out about a battery, its name needs to be known which can be done using the following command. ```sh upower -e ``` -Afterwards different values like the state, voltage, percentage and many other can be displayed. -Additionally it will show the original capacity (`energy-full-design`) and the current capacity +Afterward different values like the state, voltage, percentage and much other can be displayed. +Additionally, it will show the original capacity (`energy-full-design`) and the current capacity (`energy-full`), which can be used to determine the health of the battery. The following is an example command where `` is the name of the batter returned from the previous step. -This might by similar to `/org/freedesktop/UPower/devices/battery_BAT0`. +This might be similar to `/org/freedesktop/UPower/devices/battery_BAT0`. ```sh upower -i @@ -47,14 +47,14 @@ Tools, programs and guides to manage the power usage and improve battery life ar ## (Liquid) Coolers -The viewing of temperatures of coolers aswell as the selection of RGB-settings can be achieved by +The viewing of temperatures of coolers as well as the selection of RGB-settings can be achieved by using [liquidctl](https://github.com/liquidctl/liquidctl). -## Temperature +## Temperature To check the temperature the command `sensors` can be used which (on most distributions) is a part of the `lm_sensors` package. -It will then display all the available temperature sensors available aswell as many other sensors +It will then display all the available temperature sensors available as well as many other sensors like the RPM for fans. ## ThinkPad TrackPoint @@ -62,15 +62,22 @@ like the RPM for fans. This section is based on a [Reddit comment by zedbraxmen](https://www.reddit.com/r/thinkpad/comments/wjb8qz/configuring_trackpoint_in_wayland/). -The sensitivity and speed of the classic trackpoint on ThinkPads can be changed using UDEV rules. +The sensitivity and speed of the classic TrackPoint on ThinkPads can be changed using UDEV rules. The following lines are an example for a potential file `.rules` located at `/etc/udev/rules.d/`. It could look something like the following. The values for sensitivity and speed could be adjusted. ```txt -ACTION=="add", -SUBSYSTEM=="input", -ATTR{name}=="TPPS/2 IBM TrackPoint", +ACTION=="add", +SUBSYSTEM=="input", +ATTR{name}=="TPPS/2 IBM TrackPoint", ATTR{device/sensitivity}="275", ATTR{device/speed}="215", ``` + +## Fingerprint Readers + +Many modern laptops include fingerprint sensors which can be used for authentication on +[Linux](/wiki/linux.md). +Setup and usage is described in the +[entry regarding fingerprint reader](/wiki/linux/fingerprint_reader.md).