disable microphone and camera for a user

Question

Is there a simple way to denied access to camera and microphone to specific user?

A solution using as shown here Disabling Web camera is not really suitable as other users need to renable-it via sudo command.

So far I didn't find any solution to really specify which user can and which user cannot.

UPDATE:

I am running Manjaro/Arch
Seems that could be related to systemd https://wiki.archlinux.or/index.php/Users_and_groups#Pre-systemd_groups
getent group video > video:x:986:
none of my user is under video group
targeted user is only under is own group groups my-user -> my-user
my-user has access to video capture /dev/video0 tested with VLC

I believe that the accepted answer in https://unix.stackexchange.com/questions/141255/give-a-specific-user-permissions-to-a-device-without-giving-access-to-other-user is valid for your case, too — planetmaker, Dec 18 '19 at 16:20
`udev` rule sounds as good direction. But still a bit obscure. — mickro, Dec 18 '19 at 18:18

score 0 · Answer 1 · answered Dec 18 '19 at 16:22

0

On my debian, camera device file is /dev/video0 and permissions are the following:

$ ls -l /dev/video0 
crw-rw----+ 1 root video 81, 0 Nov 18 16:54 /dev/video0

My user is in part group video so that i can use the webcam... but if it wasn't, i wouldn't be able to. So just remove the user from group video (or the equivalent on your system) to disable the ability to use webcam.

answered Dec 18 '19 at 16:22

binarym

2,639
9
12

none of my users are part of `video` group. I am running a Manjaro/Arch. And I believe that is due to `systemd` https://wiki.archlinux.org/index.php/Users_and_groups#Pre-systemd_groups – mickro Dec 18 '19 at 18:02
nothing stops you in adding users to a group. And even assigning a new group to a device which then eligible users are made part of. This kind of stuff is exactly one of the reasons to have (different) groups – planetmaker Dec 19 '19 at 00:18
I want don't want to grant access but to forbid access. @planetmaker I don't get how adding a group to camera device and adding user to will stop a specific user to use it. – mickro Dec 19 '19 at 08:17
Yes, so? Have all users be in that group except those which you want to deny usage... – planetmaker Dec 19 '19 at 08:33
still there not any users in the `video` group and everyone has access. So adding users to `video` changes nothing. – mickro Dec 19 '19 at 11:41
1

@mickro Everything seems explained in the documentation you linked: if your system run `systemd`, then, permissions are not managed this way anymore but with ACL and systemd-login.... Look to this direction – binarym Dec 19 '19 at 13:21

disable microphone and camera for a user

1 Answers1