On 2023-02-01, Leonardo Moreno <[email protected]> wrote: > Hello, > > I had trouble getting my Yubikey recognized by KeepassXC > as a normal user (staff class, wheel group). > > I compared the ktrace of ykpersonalize between root and this user > and saw that the latter couldn't access /dev/usb0 and /dev/ugen1.00 > > I modified the permissions and I can now use the Yubikey. > > My question is: > > Is this way of solving the problem correct in terms of security > or best practices? If not, do you have any recommendations as how > to do this correctly?
It's probably the least-worst currently working way to use a GUI program on OpenBSD that needs direct access to USB devices. (If it was a cli program then running it as a dedicated user and granting permissions to only that user rather than your normal uid would be a bit better).
