Ubuntu – make the webcam take a picture when an incorrect password is entered


I am using a laptop . I was thinking to have a support in my Ubuntu machine. When an incorrect password is entered, a picture is taken later revealing who has been trying to gain access.

I have searched around and the only thing I have found is stuff to do this on Macs. Is It possible to write a script for Ubuntu to do same .

If possible then what is a script or Software to make this happen.

Best Answer

Based on this post on the Ubuntuforums by BkkBonanza.

This is an approach using PAM and will work for all failed login attempts. Using SSH, a virtual terminal or via the regular login screen, it doesn't matter as everything is handled by PAM in the end.

  1. Install ffmpeg Install ffmpeg, we're going to use this as a command line way of grabbing the webcam images. Update: ffmpeg is removed when you upgrade to Ubuntu 14.04. We can use avconv in place of ffmpeg in the below script. No need to install anything separately.

  2. Create a small script somewhere, e.g. /usr/local/bin/grabpicture with the following content:

     ts=`date +%s`
     ffmpeg -f video4linux2 -s vga -i /dev/video0 -vframes 3 /tmp/vid-$ts.%01d.jpg
     exit 0  #important - has to exit with status 0

    Change the /dev/video0 with the actual video device of your webcam and choose a path where the pictures are being saved - I just choose /tmp. In the newer version of Ubuntu use avconv instead of ffmpeg (sudo apt-get install libav-tools).

  3. Make it executable, e.g. chmod +x /usr/local/bin/grabpicture.

  4. Test it, by just calling it: /usr/local/bin/grabpicture. Check if you see files appearing in /tmp/vid....jpg.

  5. Configure PAM to call this on every failed attempt.

    Note: do this carefully - if this fails you'll not be able to gain access to your system again in a regular way.

    1. Open a terminal window with root access (sudo -i) and leave it open - just in case you screw up in the next steps.

    2. Open /etc/pam.d/common-auth in your favourite editor, e.g. by doing gksudo gedit /etc/pam.d/common-auth. Keep in mind for the following steps that order of lines in this file matters.

    3. Locate the line below. By default there's one line before the one with pam_deny.so. On my 12.04 system it looks like this:

        auth    [success=1 default=ignore]      pam_unix.so nullok_secure
    4. In this line change the success=1 to success=2 to have it skip our script on success. This is an important step If you failed this step see below how to recover (***).

    5. Right below there, add a new one to call the actual script:

        auth    [default=ignore]                pam_exec.so seteuid /usr/local/bin/grabpicture
    6. Save and close the file. No need to restart anything.

  6. Test it.

    1. In a new terminal window, as regular user, try su -l username to log in as another user with username username (change with an actual one of course). Deliberately enter the wrong password. Check if this result in a new picture.
    2. The same as above, but now enter the correct password. Check if you log in and it doesn't result in a picture being taken.
  7. If the tests have succeeded you can log out from your DE (Unity/KDE/...) and you should see the same when entering a wrong password from the login screen.

(***) How to recover the system if you messed with /etc/pam.d/common-auth file:

  • Reboot the computer
  • At grub boot press "e" to edit
  • Add


to the line starting by "linux"

Mount the system with write access

mount -o remount,rw /

Edit the file and fix

vi /etc/pam.d/common-auth

Related Question