The traditional user/group system may be simple, but it is limited. For example, it fails when you have a multi-user desktop system when some people login in locally, and some people login in remotely. What should the permissions on on the camera be?
The way this kind of thing was solved 20 years ago was that you could be given membership of some additional groups when logging in locally.
(The wart is that if you, say, opened the sound device when you were logged in to one of the lab workstations locally, you could pass that file descriptor to another process and keep it open after you'd logged out, and then use it to play Rob Zombie at full volume when some unsuspecting victim was by themselves in the lab at 2am).
The way this kind of thing was solved 20 years ago was that you could be given membership of some additional groups when logging in locally.
(The wart is that if you, say, opened the sound device when you were logged in to one of the lab workstations locally, you could pass that file descriptor to another process and keep it open after you'd logged out, and then use it to play Rob Zombie at full volume when some unsuspecting victim was by themselves in the lab at 2am).