Unable to open file at keyfile (mode 400) for sudo -i root

[ZenithalHourlyRate]

Describe the bug

For root with sudo -i, with keyfile at mode 400, khefin can not read the keyfile, also this root can not enrol a key

To Reproduce
Steps to reproduce the first behavior:

1. sudo -i
2. Generate a keyfile or use an old keyfile
3. chown root:root keyfile
4. chmod 400 keyfile
5. khefin generate -f keyfile
6. Type in correct passphrase
7. See error khefin: Unable to open file at keyfile

Steps to reproduce the second behavior:

1. sudo -i
2. khefin enrol -d /dev/hidraw0 -f keyfile
3. Type passphrase
4. See error khefin: Unable to open file at keyfile

Expected behavior
Open the keyfile

Environment:

• Operating system: Arch Linux
• Version: 0.6.0
• Authenticator make and model: Canokeys CanoKey

Additional context

• For normal user, the above commands can not reproduce this bug.
• For su - root, the above commands can not reproduce this bug.

[mjec]

Thanks for the report! This is because khefin drops privileges, for reasons which are no longer relevant. I have a fix for this that will form part of version 0.6.1, landing in the next couple of hours.