Re: [WIP FAQ13] New section for webcam usage
On Tue, Sep 08, 2020 at 07:13:10PM +0200, Stefan Hagen wrote: Hello Stefan, > An audio device is special in a way that it has playback and recording > capabilities in one device. The sysctl is used to allow playback (by > default) but not allow recording. > > Video (as in webcam) is always a recording device, which shouldn't be > allowed to access in a default install (in contrast to audio playback). Personally I only set kern.audio.record to 1 immediately before I want to record from my microphone: I turn it back to 0 immediately afterwards, as I don't want a program to record audio when I'm not expecting it to. It would be impractical to do this if it was at a group level, as I would have to log out and back in to make the equivalent change. [I approximate this change by chown'ing a-rwx /dev/video after I've used my webcam though, of course, any other program can chown it back afterwards, so this is gives only very limited security.] Laurie
Re: [WIP FAQ13] New section for webcam usage
Laurence Tratt wrote: > On Sun, Sep 06, 2020 at 07:45:32PM +0200, Stefan Hagen wrote: > I have one tangential comment: > > > Using a webcam as user > > > > To use the webcam as regular user, you need to change the device > > permissions. > > This made me wonder if uvideo should have an equivalent sysctl to audio (i.e. > kern.audio.record)? Most, but I'm not sure all, webcams do display a light to > tell you they're recording, but I can see that there is a security concern > here. An audio device is special in a way that it has playback and recording capabilities in one device. The sysctl is used to allow playback (by default) but not allow recording. Video (as in webcam) is always a recording device, which shouldn't be allowed to access in a default install (in contrast to audio playback). I find the "video" group solution clean and sufficient. I'll send a patch for it, once I've figured out how MAKEDEV works. I say "sufficient", because I believe the best solution would be something like sndiod (vidiod?) that acts as multiplexer and allows multiple applications to access the video stream simultaneously. Best Regards, Stefan
Re: [WIP FAQ13] New section for webcam usage
On Sun, Sep 06, 2020 at 07:45:32PM +0200, Stefan Hagen wrote: Hello Stefan, Thanks for this! I'll leave others who are more familiar with the website guidelines to comment on your patch, but I hope something like it can go in, as I found it a bit difficult at first to work out how to use webcams under OpenBSD. I have one tangential comment: > Using a webcam as user > > To use the webcam as regular user, you need to change the device > permissions. This made me wonder if uvideo should have an equivalent sysctl to audio (i.e. kern.audio.record)? Most, but I'm not sure all, webcams do display a light to tell you they're recording, but I can see that there is a security concern here. Laurie
Re: [WIP FAQ13] New section for webcam usage
Hi Stefan, On Sun, 06 Sep 2020, Stefan Hagen wrote: > Hello, > > Lauries video(1) email to misc@ encouraged me to take this information > and try to come up with a proposal to enhance the multimedia faq with > information about webcam usage. > > It's the first time I'm working on a faq article and I don't know about > any style guides. I tried to align with the articles already written. > Please educate me about the parts I missed. > > I'm not sure where people working on documentation collaborate. So > I'm trying my luck here on tech@. > > My proposal is online and I'm also inlining it (not as patch for easier > consumption): https://codevoid.de/h/wip_webcamfaq13.html > > I'm sure some parts need refinement / better wording. > > The part I'm mostly unsure about is how to correctly give the user > permissions to the video devices. Most people probably do it the > way I described (doas chmod $USER in .xsession). > > Once it's good enough to get committed, I'll create a proper patch. > > Any thoughts on it? First, thanks for working on this. I think it's a good idea, let's see what other devs say. One quick comment on the "Using a webcam as user" section. Besides adding the chown line on .xsession you can use /etc/X11/xenodm/GiveConsole too (not sure if this is "less preferred" than your method). I have this in mine: if [ -c /dev/video0 ]; then chown $USER /dev/video0 fi Which should be accompanied with an entry on /etc/X11/xenodm/TakeConsole if [ -c /dev/video0 ]; then chown root /dev/video0 fi In any case, the suggestion of a _video group seems cleaner to me, but if it has not been done already I suspect there are good reasons for it (did not dig into the archives, so I'm speculating here). I'll take a deeper look later. Cheers, Paco. > > Thanks in advance, > Stefan > > > > Using a Webcam > > Supported Hardware > > > Most webcams today work according to the USB Video Class > (UVC) specification, which is supported by the href="https://man.openbsd.org/uvideo;>uvideo(4) device driver and > attaches to the https://man.openbsd.org/video.4;>video(4) > device. The manpage lists some supported devices, but there is a > good chance that other devices work as well. For example, webcams in > Lenovo Thinkpads laptops do usually work. > > > A supported webcam (or other video device) shows up in dmesg > like this: > > > uvideo0 at uhub0 port 8 configuration 1 interface 0 "Azurewave Integrated > Camera" rev 2.01/69.05 addr 10 > video0 at uvideo0 > uvideo1 at uhub0 port 8 configuration 1 interface 2 "Azurewave Integrated > Camera" rev 2.01/69.05 addr 10 > video1 at uvideo1 > > > > You see that an uvideo device was detected and has > been attached to video0. This device will be accessible > through /dev/video0. > > > Modern laptops sometimes attach a second video device, which is the > infrared camera for face recognition. The second camera does not produce > a usable video stream. > > > You can find the usable camera with the href="https://man.openbsd.org/video;>video(1) command: > > > $ video -q -f /dev/video0 > video device /dev/video0: > encodings: yuy2 > frame sizes (width x height, in pixels) and rates (in frames per second): > 320x180: 30 > 320x240: 30 > 352x288: 30 > 424x240: 30 > 640x360: 30 > 640x480: 30 > 848x480: 20 > 960x540: 15 > 1280x720: 10 > controls: brightness, contrast, saturation, hue, gamma, sharpness, > white_balance_temperature > > $ video -q -f /dev/video1 > video: /dev/video1 has no usable YUV encodings > > > > The usable camera device shows supported resolutions and framerates. > Note that the framerates only apply to the uncompressed YUY2 stream. More > on that in Recording a webcam stream. > > Using a webcam as user > > > To use the webcam as regular user, you need to change the device > permissions. Only root is allowed to access video devices by default. > > > One way of allowing your user to access the video devices is to change > the permissions from ~/.xsession. You can configure > https://man.openbsd.org/doas;>doas(1) to perform > https://man.openbsd.org/chmod;>chmod(1) as superuser > without asking for a password for your user. > > > Then add the following line to your ~/.xsession: > > > doas chown $USER /dev/video0 > > > > If you're not using href="https://man.openbsd.org/xenodm;>xenodm(1) > and you are starting your X session with > https://man.openbsd.org/startx;>startx(1), you can > accomplish the same with > https://man.openbsd.org/fbtab;>fbtab(5). > > > Example entry in /etc/fbtab: > > > /dev/ttyC0 0600/dev/video0 > > > Recording a webcam stream > > > This section uses ffplay and ffmpeg from > graphics/ffmpeg. To find out what your camera is capable of, run the > following command: > > > $ ffplay -f v4l2 -list_formats all -i /dev/video0 > [...] > [video4linux2,v4l2 @ 0x921f8420800] Compressed: mjpeg
Re: [WIP FAQ13] New section for webcam usage
Stefan Hagen wrote: > Using a webcam as user > > > To use the webcam as regular user, you need to change the device > permissions. Only root is allowed to access video devices by default. > > > One way of allowing your user to access the video devices is to change > the permissions from ~/.xsession. You can configure > https://man.openbsd.org/doas;>doas(1) to perform > https://man.openbsd.org/chmod;>chmod(1) as superuser > without asking for a password for your user. > > > Then add the following line to your ~/.xsession: > > > doas chown $USER /dev/video0 > What do you think about adding a group "_video" to the default install and add /dev/video* devices to it with perm. 660. This would allow us to simply instruct users to add their user to group _video to give them access to video devices. Best Regards, Stefan
[WIP FAQ13] New section for webcam usage
Hello, Lauries video(1) email to misc@ encouraged me to take this information and try to come up with a proposal to enhance the multimedia faq with information about webcam usage. It's the first time I'm working on a faq article and I don't know about any style guides. I tried to align with the articles already written. Please educate me about the parts I missed. I'm not sure where people working on documentation collaborate. So I'm trying my luck here on tech@. My proposal is online and I'm also inlining it (not as patch for easier consumption): https://codevoid.de/h/wip_webcamfaq13.html I'm sure some parts need refinement / better wording. The part I'm mostly unsure about is how to correctly give the user permissions to the video devices. Most people probably do it the way I described (doas chmod $USER in .xsession). Once it's good enough to get committed, I'll create a proper patch. Any thoughts on it? Thanks in advance, Stefan Using a Webcam Supported Hardware Most webcams today work according to the USB Video Class (UVC) specification, which is supported by the https://man.openbsd.org/uvideo;>uvideo(4) device driver and attaches to the https://man.openbsd.org/video.4;>video(4) device. The manpage lists some supported devices, but there is a good chance that other devices work as well. For example, webcams in Lenovo Thinkpads laptops do usually work. A supported webcam (or other video device) shows up in dmesg like this: uvideo0 at uhub0 port 8 configuration 1 interface 0 "Azurewave Integrated Camera" rev 2.01/69.05 addr 10 video0 at uvideo0 uvideo1 at uhub0 port 8 configuration 1 interface 2 "Azurewave Integrated Camera" rev 2.01/69.05 addr 10 video1 at uvideo1 You see that an uvideo device was detected and has been attached to video0. This device will be accessible through /dev/video0. Modern laptops sometimes attach a second video device, which is the infrared camera for face recognition. The second camera does not produce a usable video stream. You can find the usable camera with the https://man.openbsd.org/video;>video(1) command: $ video -q -f /dev/video0 video device /dev/video0: encodings: yuy2 frame sizes (width x height, in pixels) and rates (in frames per second): 320x180: 30 320x240: 30 352x288: 30 424x240: 30 640x360: 30 640x480: 30 848x480: 20 960x540: 15 1280x720: 10 controls: brightness, contrast, saturation, hue, gamma, sharpness, white_balance_temperature $ video -q -f /dev/video1 video: /dev/video1 has no usable YUV encodings The usable camera device shows supported resolutions and framerates. Note that the framerates only apply to the uncompressed YUY2 stream. More on that in Recording a webcam stream. Using a webcam as user To use the webcam as regular user, you need to change the device permissions. Only root is allowed to access video devices by default. One way of allowing your user to access the video devices is to change the permissions from ~/.xsession. You can configure https://man.openbsd.org/doas;>doas(1) to perform https://man.openbsd.org/chmod;>chmod(1) as superuser without asking for a password for your user. Then add the following line to your ~/.xsession: doas chown $USER /dev/video0 If you're not using https://man.openbsd.org/xenodm;>xenodm(1) and you are starting your X session with https://man.openbsd.org/startx;>startx(1), you can accomplish the same with https://man.openbsd.org/fbtab;>fbtab(5). Example entry in /etc/fbtab: /dev/ttyC0 0600/dev/video0 Recording a webcam stream This section uses ffplay and ffmpeg from graphics/ffmpeg. To find out what your camera is capable of, run the following command: $ ffplay -f v4l2 -list_formats all -i /dev/video0 [...] [video4linux2,v4l2 @ 0x921f8420800] Compressed: mjpeg : MJPEG : 1280x720 320x180 320x240 352x288 424x240 640x360 640x480 848x480 960x540 [video4linux2,v4l2 @ 0x921f8420800] Raw : yuyv422 : YUYV : 640x480 320x180 320x240 352x288 424x240 640x360 848x480 960x540 1280x720 At the end of the output, you'll find two lines similiar to the two above. The first line shows resolutions supported in the uncompressed YUYV format. The frame rates in this format can be very low. The second line shows the supported MJPEG compressed video resolutions, which deliver much higher framerates (usually 30fps or 60fps). Now try to play the webcam stream. Choose one of the MJPEG resolutions and run: $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 [...] Input #0, video4linux2,v4l2, from '/dev/video0':B sq=0B f=0/0 Duration: N/A, start: 1599377893.546533, bitrate: N/A Stream #0:0: Video: mjpeg (Baseline), yuvj422p(pc, bt470bg/unknown/unknown), 1280x720, 30 fps, 30 tbr, 1000k tbn, 1000k tbc The webcam stream should be displayed. Ffplay also shows the used resolution and the framerate (fps) used. If this works, you can go