Kino: libraw1394 -> plugdev does not work in Gutsy

This has always been an issue for IEEE 1394 AV/C DV devices on Ubuntu since Edgy at least. The issue is that the user must have read/write permissions to /dev/raw1394 and the defaults have been changed to accommodate disk devices:

$ ls -l /dev/raw1394
crw-rw---- 1 root disk 171, 0 2007-09-06 05:23 /dev/raw1394

So the user needs to be added to the 'disk' group:

$ sudo usermod -aG disk ${USER}

and then log-out/log-in for the group change to take effect.

/etc/udev/rules.d/40-permissions.rules has the following:

# IEEE1394 (firewire) devices
# Please note that raw1394 gives unrestricted, raw access to every single
# device on the bus and those devices may do anything as root on your system.
# Yes, I know it also happens to be the only way to rewind your video camera,
# but it's not going to be group "video", okay?
KERNEL=="raw1394", GROUP="disk"
KERNEL=="dv1394*", GROUP="video"
KERNEL=="video1394*", GROUP="video"

Confirmed with Gutsy Tribe-5 64-bit.

Not an issue with Kino, but with the OS device permissions

In the same time, user/group tool in admin menu don't list "disk" in groups management window. I'm waiting to see how this bug will be solved to see if i must report this problem too (open new bug).

The reason 'disk' doesn't appear in the Gnome > Administration > Users and Groups "Manage Groups" dialog is that it only lists groups with a GID of 100 or higher, except for root (GID=0).

'disk' is a system-level group (<100) that shouldn't be available to users.

I don't think this can be classified as a bug in udev, but as a wish-list item. Access to the raw1394 device allows access to all devices on the IEEE 1394 bus and as such would be a big security hole if users had easy access.

At the same time, user-mode applications such as Kino need write access to an AV/C camera device in order to control it. The way around it might be to develop additional udev rules that detect the camera and create a psuedo-device for it, such as /dev/avc0

I'm not sure how practical that is or what additional work would be required but hal sees the AV/C camera as a separate device so it should be feasible.

If this is indeed how users-admin behaves, it's wrong. The only difference between groups in the 0-99 range and those in 100-999 is that those in 0-99 are allocated statically by the base-passwd maintainer (a.k.a. me) while those in 100-999 are allocated dynamically by packages calling 'addgroup --system'. For example, plugdev is GID 46 and should be displayed by users-admin. It may be true that some groups in the 0-99 range should not be shown by users-admin (as indeed should some groups in 100-999, e.g. ssh), but just blacklisting everything under 100 is entirely the wrong answer.

Could you or somebody confirm this behaviour from the source and file a separate bug on gnome-system-tools about it? Feel free to quote me and use /usr/share/doc/base-passwd/users-and-groups.html as a reference.

Created bug #141067 "Group GIDs 1-99 not shown in Groups Settings dialog".