Now that we have a switch in place with kern.video.record which requires initial root access to enable video recording, I want propose the idea of making the /dev/video* devices accessible to users who are a member of the 'video' group:
lrwxr-xr-x 1 root wheel 6 Dec 29 12:38 video -> video0 crw-rw---- 1 root video 44, 0 Dec 29 12:38 video0 crw-rw---- 1 root video 44, 1 Dec 29 12:38 video1 With this we would enable a default setup which avoids running video programs as root, or pushing people to manually tweak the /dev/video* permissions. In this diff I'm re-using group id 6, which was the first free one found. I'm not sure if this is the right approach. What do you think? Index: etc/group =================================================================== RCS file: /cvs/src/etc/group,v retrieving revision 1.94 diff -u -p -u -p -r1.94 group --- etc/group 28 Jan 2020 16:51:03 -0000 1.94 +++ etc/group 29 Dec 2020 11:40:07 -0000 @@ -4,6 +4,7 @@ kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root +video:*:6: bin:*:7: wsrc:*:9: users:*:10: Index: etc/MAKEDEV.common =================================================================== RCS file: /cvs/src/etc/MAKEDEV.common,v retrieving revision 1.111 diff -u -p -u -p -r1.111 MAKEDEV.common --- etc/MAKEDEV.common 6 Jul 2020 06:11:26 -0000 1.111 +++ etc/MAKEDEV.common 29 Dec 2020 11:40:07 -0000 @@ -428,7 +428,7 @@ __devitem(au, audio*, Audio devices,audi _mkdev(au, audio*, {-M audio$U c major_au_c $U 660 _sndiop M audioctl$U c major_au_c Add($U, 192) 660 _sndiop-})dnl __devitem(vi, video*, Video V4L2 devices,video)dnl -_mkdev(vi, video*, {-M video$U c major_vi_c $U 600 +_mkdev(vi, video*, {-M video$U c major_vi_c $U 660 video MKlist[${#MKlist[*]}]=";[ -e video ] || ln -s video$U video"-})dnl __devitem(asc, asc*, ASC Audio device)dnl _mkdev(asc, asc*, {-M asc$U major_asc_c 0-})dnl