Access webcam without sudo

edit

Should it work if I add myself to video? because it doesn't change any thing for me...

It should work, if the device file (/dev/video0) permissions have the read (second r in the ls -l output) permission for group and its group ownership is group video.

Also (and this is an old UNIX gotcha which propagated to Linux but is not widely appreciated), group membership changes for a user - set with, for example, the command line adduser me video - propagate only after a subsequent login of that user... so, after adding yourself to the group, you typically have to log out or your user session and log in again for the group membership to be valid.

Good to know, unfortunately I restarted with no change...

crw-rw----+ 1 root video 81, 0 Oct 18 23:09 /dev/video0 and I am in the video group...

Does opencv do anything else as sudo with the camera?

I just tested with crwxrwxrwx+ 1 root video 81, 0 Oct 18 23:09 /dev/video0 too and can confirm that it still doesn't work unless I use sudo

OK, then it's probably something else forbidding device access. Pardon my asking more questions. I think we can eventually get to the bottom of this!

• What Linux distribution have you installed?

• Are you running Linux in a VM guest? If so, the host may be somehow forbidding device access.

• Are you running SELinux? Run the command "sudo selinuxrunning; echo $?" - if the output is "0" you are running SELinux.

• Could you be using containers or namespaces in some way which would disallow device access?

Thanks for your help!

Fedora 25, no VM

$ sudo selinuxrunning; echo $?
sudo: selinuxrunning: command not found
1

but...

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

containers or namespaces? not that I am aware of...

OK! I am familiar with Ubuntu, Debian and Fedora. I'm not an expert at SELinux but I've had partial success with opening permissions on it before. I'm looking at this webpage now, it's a good basic overview. Can you run this:

$ ls -Z /dev/video0

My guess is that the /dev/video0 device is locked down to a certain class of user, role, type, or mls, and that as a regular user you don't have the needed SELinux permissions to access the device. You may be able to (as root) assign additional classes of user, role, type or mls to your userid, or to the device file.

I will have physical access to a current Fedora system in several hours and if we don't figure it out by then I may have more ideas.

To prove selinux is the culprit you can temporarily disable selinux (set it to permissive or targeted), reboot, try to access the device. If the device access is granted then you know selinux is the cause of the access denial. Then re-enable selinux (to enforcing mode or however you currently have it set) and reboot again. From that point we can adjust the selinux permissions on the device file or on the user that needs access. Howto to reference is here.

Setting it to permissive didn't change anything...

$> ls -Z /dev/video0
system_u:object_r:v4l_device_t:s0 /dev/video0

Hm. I don't know if you've double checked that the output of running groups $USER (where $USER is your user name) lists video.

The ls -Z shows the selinux permissions on /dev/video0 are that the user needs to be a system user, the role is as an object, the type is v4l_device_t and mls is s0. You could try:

sudo chcon -u unconfined_u /dev/video0
sudo chcon -r unconfined_r /dev/video0
sudo chcon -t unconfined_t /dev/video0

And then see if you can open the device as a regular user. I think.