On 2023-02-01, Leonardo Moreno <leonardo.moreno.urbieta@gmail.com> wrote:
> Hello,
>
> I had trouble getting my Yubikey recognized by KeepassXC
> as a normal user (staff class, wheel group).
>
> I compared the ktrace of ykpersonalize between root and this user
> and saw that the latter couldn't access /dev/usb0 and /dev/ugen1.00
>
> I modified the permissions and I can now use the Yubikey.
>
> My question is:
>
> Is this way of solving the problem correct in terms of security
> or best practices? If not, do you have any recommendations as how
> to do this correctly?
It's probably the least-worst currently working way to use a GUI program
on OpenBSD that needs direct access to USB devices.
(If it was a cli program then running it as a dedicated user and granting
permissions to only that user rather than your normal uid would be a bit
better).
No comments:
Post a Comment