Default Yubikey dev permissions
Farhan Khan (F8DA C0DE)
farhan at farhan.codes
Tue Feb 26 22:26:23 UTC 2019
Hi all,
I am experimenting with a Yubikey, a consumer grade smart card that stores certificates and passwords. I found that running 'gpg --card-status'
does not work without root access. By default /dev/usb/0.2.0 (my yubikey) permission is 0600, owned by root. Without changing these permissions, the normal users would not be able to access the device.
Of course making the permissions too broad leaves it open to a rogue user with any terminal access (ie, via SSH). However, it is still protected by a 6-digit pin that will lock out after a default of 3 failed attempts.
Is it worth opening up the default permissions? Thoughts?
---
Farhan Khan
PGP Fingerprint: 1312 89CE 663E 1EB2 179C 1C83 C41D 2281 F8DA C0DE
More information about the freebsd-hackers
mailing list