So I don’t get the permission prompt on the site I posted (though it does show a dialogue as lf it’s trying to “listen” for the device) but do on another yubico page but same issue overall. It acts like it doesn’t register the yubikey unless run with admin privileges
Edit: version of Firefox I’m running doesn’t not appear to be the faltpak variant since none of the dependencies mention faltpak at all (installed the default arch Firefox package)
Well if it works as root I would suspect something is wrong with the udev rules. But this is kind of a rabbit hole with uaccess, systemd-logind, etc. (I could be completely wrong. I have no idea)
What I can tell you is that, I do not use the udev rules provided by them. My key 1050:0407 works out of the box with systemd-udev and the hwdb.
→ Did you try without the udev rules provided by them?
question, the group argument thats not talking about a user group is it?
UPDATE: ok turned out the group argument is a usergroup. It wasnt working before because the group did not exists, I created the group plugdev and added my user account to it and now everything is working with mode 0664!!
The modern recommended approach for systemd systems is to use a MODE of 660 to let the group use the device, and then attach a TAG named uaccess [3]. This special tag makes udev apply a dynamic user ACL to the device node, which coordinates with systemd-logind(8) to make the device usable to logged-in users.
Thanks for that. I only have one user account that gets used so don’t think having dynamic user ACL is super important in this case, unless there are other benefits of doing it that way on a single user system.
Also thanks so much for your help!
Edit: so had to brush up on permission calcs. I’m going to try using 0660 and make sure that still works (it should at this point). Since it’ll increase security a bit (removing the ability to read from “others”)
Update: changed permissions to 0660 and all is still well. unless adding the dynamic user ACL provides some additional benefits I think we’re good at this point.