It has only taken me 3 days to find out how to create an admin user in Luci, limit that user to read router settings, and login using the router's LAN address.
I'm writing because there is a Luci GUI tool to do this which is,:for no apparent reason, NOT included in the distro. Opkg luci-app-acl
Who is steering the ship?
It's an open source project, feel free to chip in...
This is not a common use case for OpenWrt. Since many devices are resource limited (especially for storage), the standard image does not include things that are extraneous for the majority of users. But the opkg package manager makes it easy to install additional functionality, and you can always build your own images that have it preloaded (this is actually very easy to do with the online image builder).
Try doing:
opkg update
opkg install luci-app-acl
Trying it on a test router I get:
root@BlueWave-29130:/tmp# opkg install luci-app-acl
Installing luci-app-acl (git-21.194.67638-1d6053e) to root...
Downloading https://downloads.openwrt.org/releases/21.02.3/packages/arm_cortex-a7_neon-vfpv4/luci/luci-app-acl_git-21.194.67638-1d6053e_all.ipk
Configuring luci-app-acl.
root@BlueWave-29130:/tmp#
Now login to Luci and on the system dropdown you'll see 'ACL lists' and away you go!
I beg to differ.
IMHO, the extraordinary power of 'root' made me log ago adopt use of a neutered 'admin' account to inspect any planned changes and double check them before going 'live' via root. 'root' should never be a default prompt (as with Luci login).
as you said... "IMHO" -- this is your opinion. The vast majority of users do not have a need for non-root users.
I'm not sure how your 'neutered admin' really protects you. If you have the permissions to change significant parts of the system, you also have the ability to mess things up. A neutered account obviously might have some limitations, but if it can make similar changes as your root account, it is not really going to protect you from mistakes/misconfigurations any differently than just using root. And, if you then switch to a root account to make the final changes, you could still make a mistake there.
The real way to protect yourself from the unfettered root abilities is to 1) make a backup of your working configuration before making any changes, 2) think before you type, and optionally 3) have a backup router that you either use as your dev system or loaded with your backup such that it can be swapped in rapidly should you mess things up on the primary router.
Usually, the benefit of non-root users on OpenWrt would be when you need a non-privileged/untrusted user to be able to do limited things such as checking status or for things like file and resource sharing based on services running on your device.
Meanwhile, if you're going to disparage the OpenWrt project and it's volunteer development team with comments like:
you're not going to endear yourself to the community and you will have a hard time convincing them to consider adding a feature into the standard image.
I'm doubtful that any position that could improve OPENWRT but that requires change will be well received.
As a 50+ year *nix user, programmer & system designer I fully understand superuser privileges. From that same base of experience, I also understand that typos afflict us all.
That is why I firmly reiterate that using 'root' as a default is perilous.
Ok then, you’re free to create your own images with your preferred config and make them available in the community builds section?
No one forced users to keep the system as it comes out of the box.
Though I note Luci already includes the option to review changes before committing them.
In a general purpose computer, yes.... in an embedded system that rarely needs to be changed and where the potential for data loss is minimal, it really isn't a big deal to have a default root user.
And I still don't see how your permissions-limited users actually improve resilience here. Can you give concrete examples of how this has actually avoided disaster?
Counterpoint: Name a consumer router that does not come with a single fully-privileged user (although they might call it "admin" in their UI and not "root") and that offers to define such a read-only account. I'm certain they exist, but I'm genuinely hard-pressed to name one.
OpenWrt is, first and foremost and by default, a FOSS replacement for OEM firmware for advanced users, not a full-blown Linux installation with graduated user roles. While it absolutely can be and your use case is perfectly valid, it is most definitely not the default use case. The important point is that there is nothing stopping you from implementing your concept, and as you have discovered there's even a supporting package. However, I hear your complaint that this possibility is not well communicated. If you feel like amending the wiki, you are completely free to do so.
I think you bring up a very good point. The use of the username 'root' in a *nix environment is my point. In other more complex systems the notion that 'root' would be the default user is unsettling. 'admin' is the id that the consumer routers use to indicate a fully privileged user. The default user is either created at system startup or blank.
As a poor typist, I don't login as a privileged user to check settings.
I login as a privileged user to change settings only.