On Tue, Sep 08, 2020 at 07:13:10PM +0200, Stefan Hagen wrote: Hello Stefan,
> An audio device is special in a way that it has playback and recording > capabilities in one device. The sysctl is used to allow playback (by > default) but not allow recording. > > Video (as in webcam) is always a recording device, which shouldn't be > allowed to access in a default install (in contrast to audio playback). Personally I only set kern.audio.record to 1 immediately before I want to record from my microphone: I turn it back to 0 immediately afterwards, as I don't want a program to record audio when I'm not expecting it to. It would be impractical to do this if it was at a group level, as I would have to log out and back in to make the equivalent change. [I approximate this change by chown'ing a-rwx /dev/video after I've used my webcam though, of course, any other program can chown it back afterwards, so this is gives only very limited security.] Laurie
