Not necro this thread but I am working on a project that requires non root user access to the luci web ui as well. I am very close to working multi user hack for luci but i need a little help to finish it off
To allow multi user login (as root) is a very simple hack and requires one edit to the .. luci/dispatcher.lua file
function authenticator.htmlauth(validator, accs, default)
local user = luci.http.formvalue("username")
local pass = luci.http.formvalue("password")
if user and validator(user, pass) then
user = "root" <---#### if user/pass check grant root access ####
return user
end
require("luci.i18n")
require("luci.template")
context.path = {}
luci.template.render("sysauth", {duser=default, fuser=user})
return false
end
of course you need to add the users using a shell script or by copiling with adduser support.
Now to only 1 non root user is very simple aswell and requires 2 edits ...3 to prevent the user from setting root passwd from ui
1. edit the .. luci/controller/admin/index.lua as follows ...
function index()
local root = node()
if not root.target then
root.target = alias("admin")
root.index = true
end
local page = node("admin")
page.target = firstchild()
page.title = _("Administration")
page.order = 10
page.sysauth = "root" <--#### change username ####
page.sysauth_authenticator = "htmlauth"
page.ucidata = true
page.index = true
-- Empty services menu to be populated by addons
entry({"admin", "services"}, firstchild(), _("Services"), 40)
end
2. edit the .. luci/controller/admin/servicectl.lua as follows ..
## and again change the "root" to non root username ##
function index()
entry({"servicectl"}, alias("servicectl", "status")).sysauth = "root"
entry({"servicectl", "status"}, call("action_status")).leaf = true
entry({"servicectl", "restart"}, call("action_restart")).leaf = true
end
3. and to prevent the user from setting the root password from the ui you edit the .. luci/controller/admin/system.lua and change the "root" in the set_passwd function to the non root username or add a conditon to only so if user is root .
you may also need to remove the /tmp/indexcache file from the changes to take effect ...if you were already loggeed in before making the cahnges.
I have tested this and it works 100% ... this allows a non root user to log in with non root users privileges. However since these variable are currently hard coded after making the changes only the non root user can log in, all other users receive the "CGI failed to produce response .." error. including root
So to complete this hack, these three variables must be set to the username entered by the user at login ...if the user/pass checks out. I have tried using a function to provided the name enterd by the user to the locations needed but i seem to be having some problems with the plumbing lol
Hopefully Jow or someone with more knowledge of the luci system can help to allow setting these variables at login and complete the multi user hack for luci. One can easily add conditons using the username or user privi's to prevent non root users from accessing the parts of the web ui that allow them to set root passwds, firewall settings, network settings, ssh settings...etc
(Last edited by hostle19 on 13 Apr 2014, 04:03)