Default Yubikey dev permissions
Tom Jones
thj at freebsd.org
Thu Feb 28 20:42:32 UTC 2019
On Tue, Feb 26, 2019 at 05:25:56PM -0500, Farhan Khan (F8DA C0DE) via freebsd-hackers wrote:
> Hi all,
>
> I am experimenting with a Yubikey, a consumer grade smart card that stores certificates and passwords. I found that running 'gpg --card-status'
> does not work without root access. By default /dev/usb/0.2.0 (my yubikey) permission is 0600, owned by root. Without changing these permissions, the normal users would not be able to access the device.
>
> Of course making the permissions too broad leaves it open to a rogue user with any terminal access (ie, via SSH). However, it is still protected by a 6-digit pin that will lock out after a default of 3 failed attempts.
>
> Is it worth opening up the default permissions? Thoughts?
I use pcscd (pcsc-lite in ports) with ccid to use my yubikey for gpg
operations.
- [tj]
More information about the freebsd-hackers
mailing list