more verbose instructions for Locking the screen when YubiKey is removed

security/yubi-key.md

@@ -104,7 +104,9 @@ YubiKey. This will require creating simple qrexec service which will expose
 ability to lock the screen to your USB VM, and then adding udev hook to
 actually call that service.
 
-1. First configure the qrexec service. Create `/etc/qubes-rpc/custom.LockScreen` (in dom0)
+In dom0:
+
+1. First configure the qrexec service. Create `/etc/qubes-rpc/custom.LockScreen`
   with simple command to lock the screen. In case of xscreensaver (used in Xfce)
   it would be:
 
@@ -115,7 +117,9 @@ would require creating `/etc/qubes-rpc/policy/custom.LockScreen` with:
 
         sys-usb dom0 allow
 
-3. Create udev hook in your USB VM. Store it in `/rw/config` to have it
+In your USB VM:
+
+3. Create udev hook. Store it in `/rw/config` to have it
 persistent across VM restarts. For example name the file
 `/rw/config/yubikey.rules`. Write there single line:
 
@@ -126,8 +130,13 @@ persistent across VM restarts. For example name the file
         ln -s /rw/config/yubikey.rules /etc/udev/rules.d/
         udevadm control --reload
 
-  Then make `/rw/config/rc.local` executable. For changes to take effect, you
+5. Then make `/rw/config/rc.local` executable.
-  need to call this script manually for the first time.
+
+        sudo chmod +x /rw/config/rc.local
+  
+6. For changes to take effect, you need to call this script manually for the first time.
+
+        sudo /rw/config/rc.local
 
 If you use KDE, the command(s) in first step would be different: