3

I would like to restrict the access to the webcam only to certain programs/users. I use Ubuntu 16.04. If I am right my webcam is linked with /dev/video0 (just as an example), which is owned by root and group video. However group "video" doesn't show up invoking command groups and doesn't seem used anymore by systemd, using command grep 'video' /etc/group no user is in fact reported to be in the group. As far as I understand I can now use udev rules, but I don't understand how to use it, if video0 belongs to root, why at the moment am I able to open the camera without being root using any program? It should not possible in my mind..what am I missing?

Thank You

EDIT

Output of ls -l /dev/video0

crw-rw----+ 1 root video 81, 0 apr 18 10:39 /dev/video0

Output of getfacl /dev/video0

getfacl: Removing leading '/' from absolute path names
# file: dev/video0
# owner: root
# group: video
user::rw-
user:rok:rw-
group::rw-
mask::rw-
other::---
rok
  • 300
  • Please add the output of ls -l /dev/video0 and getfacl /dev/video0. – ctrl-alt-delor Apr 18 '19 at 08:55
  • Did it, please take a look. thx – rok Apr 18 '19 at 09:01
  • Output of ls shows a + in mode, this indicates a file Access Control List. From output of getfacl, I see that user rok has read and write access. Probably some rule to give the user that is locally logged in access to local devices. You can manually remove this privilege with setfacl, however it will probably come back, so you need to find the rule and disable it. (see https://unix.stackexchange.com/q/101263/4778 for more on file ACLs etc) – ctrl-alt-delor Apr 18 '19 at 11:33

0 Answers0