Add a new LuCI user

I'm working on a version 22 on a Rasp (test) and I'm trying to add another user than root for one of my modules

The authentication on my module works with the root and the standard authentication page but I can't add the new user.

I have created a user (https://openwrt.org/docs/guide-user/additional-software/create-new-users)

I added to the etc/config/rpcd:

config login
        option username 'testuser'
        option password '$p$testuser'
        list read '*'
        list write '*'

In my module function index(), I added:

 local webpanel = entry({'mymodule', 'main'}, template("mymodule/main"), "My Config ")
 webpanel.sysauth = {"root", "testuser"}
 webpanel.sysauth_authenticator = "htmlauth"

What is missing? Are there any specific libs to do this?
Thanks

What do you mean with "can't add the new user" ? Is ubus call session login '{ "username": "testuser", "password": "mypassword" } working on the cli?

The testuser is well created on the machine (for example the ssh access works) but when I use this login/password on the client browser authentication page, it doesn't work.
I have this log: Tue Jan 31 12:36:24 2023 user.info : luci: failed login on / for testuser from 10.20.30.154

From what I understand, I have the impression that this code does not return what I want (login is nil with my testuser)

local function session_setup(user, pass)
	local login = util.ubus("session", "login", {
		username = user,
		password = pass,
		timeout  = tonumber(luci.config.sauth.sessiontime)
	})

If I understand correctly, it calls this method in util.lua:
function ubus(object, method, data, path, timeout)

In my case, the line return ubus_return(_ubus_connection:call(object, method, data)) returns PERMISSION_DENIED

So what is ubus call session login … doing when invoked via the cli? Is there an /etc/passwd and /etc/shadow entry for testuser? Is it using a supported (md5, $1$…) hash?

In /etc/passwd : testuser:x:999:999:testuser:/home/testuser:/bin/ash (I tried with a 0 instead of 999 for the group without success )
In /etc/shadow : testuser:$1$AXAMtMqt$mmZopzgdsfRgmksnPT64n0:19389:0:99999:7:::

With the root account on a ubus list command:

root@OpenWrt:~# ubus list
container
dhcp
dnsmasq
dnsmasq.dns
file
hostapd
hotplug.dhcp
hotplug.ieee80211
hotplug.iface
hotplug.neigh
hotplug.net
hotplug.ntp
hotplug.tftp
iwinfo
log
luci
luci-rpc
network
network.device
network.interface
network.interface.lan
network.interface.loopback
network.rrdns
network.wireless
rc
service
session
system
uci
wpa_supplicant

With testuser account:

testuser@OpenWrt:/$ ubus list
dnsmasq.dns

EDIT: other command:

root@OpenWrt:~# ubus call session list
{
        "ubus_rpc_session": "00000000000000000000000000000000",
        "timeout": 0,
        "expires": 0,
        "acls": {
                "access-group": {
                        "unauthenticated": [
                                "read"
                        ]
                },
                "ubus": {
                        "luci": [
                                "getFeatures"
                        ],
                        "session": [
                                "access",
                                "login"
                        ]
                }
        },
        "data": {

        }
}

And the same with testuser account:

testuser@OpenWrt:/$ ubus call session list
Command failed: Not found

You still haven’t answered what the result of ubus call session login '{ "username": "testuser", "password": "…" }' is. This is what LuCI is doing internally to validate the login credentials.

Oups, sorry, here is the answer

root@OpenWrt:~# ubus call session login '{ "username": "testuser", "password": "testuser" }'
{
        "ubus_rpc_session": "4877f1fc985cb49c3bb2c304d208062d",
        "timeout": 300,
        "expires": 299,
        "acls": {
                "access-group": {
                        "luci-app-firewall": [
                                "read",
                                "write"
                        ],
                        "luci-app-opkg": [
                                "read",
                                "write"
                        ],
                        "luci-base": [
                                "read",
                                "write"
                        ],
                        "luci-base-network-status": [
                                "read"
                        ],
                        "luci-mod-network-config": [
                                "read",
                                "write"
                        ],
                        "luci-mod-network-dhcp": [
                                "read",
                                "write"
                        ],
                        "luci-mod-network-diagnostics": [
                                "read"
                        ],
                        "luci-mod-status-channel_analysis": [
                                "read"
                        ],
                        "luci-mod-status-firewall": [
                                "read",
                                "write"
                        ],
                        "luci-mod-status-index": [
                                "read",
                                "write"
                        ],
                        "luci-mod-status-index-dhcp": [
                                "read"
                        ],
                        "luci-mod-status-index-dsl": [
                                "read"
                        ],
                        "luci-mod-status-index-wifi": [
                                "read",
                                "write"
                        ],
                        "luci-mod-status-logs": [
                                "read"
                        ],
                        "luci-mod-status-processes": [
                                "read",
                                "write"
                        ],
                        "luci-mod-status-realtime": [
                                "read"
                        ],
                        "luci-mod-status-routes": [
                                "read"
                        ],
                        "luci-mod-system-config": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-cron": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-flash": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-init": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-mounts": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-reboot": [
                                "write"
                        ],
                        "luci-mod-system-ssh": [
                                "read",
                                "write"
                        ],
                        "luci-mod-system-uhttpd": [
                                "read",
                                "write"
                        ],
                        "unauthenticated": [
                                "read"
                        ]
                },
                "cgi-io": {
                        "backup": [
                                "read"
                        ],
                        "download": [
                                "read"
                        ],
                        "exec": [
                                "read",
                                "write"
                        ],
                        "upload": [
                                "write"
                        ]
                },
                "file": {
                        "/": [
                                "list"
                        ],
                        "/*": [
                                "list"
                        ],
                        "/bin/dmesg -r": [
                                "exec"
                        ],
                        "/bin/kill": [
                                "exec"
                        ],
                        "/bin/ping": [
                                "exec"
                        ],
                        "/bin/ping6": [
                                "exec",
                                "list"
                        ],
                        "/bin/tar -tzf /tmp/backup.tar.gz": [
                                "exec"
                        ],
                        "/bin/traceroute": [
                                "exec"
                        ],
                        "/bin/traceroute6": [
                                "exec",
                                "list"
                        ],
                        "/bin/umount": [
                                "exec"
                        ],
                        "/dev/mtdblock[0-9]*": [
                                "read"
                        ],
                        "/etc/crontabs/root": [
                                "read",
                                "write"
                        ],
                        "/etc/dropbear/authorized_keys": [
                                "read",
                                "write"
                        ],
                        "/etc/filesystems": [
                                "read"
                        ],
                        "/etc/firewall.user": [
                                "read",
                                "write"
                        ],
                        "/etc/init.d/cron reload": [
                                "exec"
                        ],
                        "/etc/init.d/firewall restart": [
                                "exec"
                        ],
                        "/etc/iproute2/rt_tables": [
                                "read"
                        ],
                        "/etc/luci-uploads/*": [
                                "write"
                        ],
                        "/etc/opkg.conf": [
                                "read",
                                "write"
                        ],
                        "/etc/opkg/*.conf": [
                                "read",
                                "write"
                        ],
                        "/etc/rc.local": [
                                "read",
                                "write"
                        ],
                        "/etc/sysupgrade.conf": [
                                "read",
                                "write"
                        ],
                        "/lib/upgrade/platform.sh": [
                                "list"
                        ],
                        "/proc/filesystems": [
                                "read"
                        ],
                        "/proc/mounts": [
                                "read"
                        ],
                        "/proc/mtd": [
                                "read"
                        ],
                        "/proc/partitions": [
                                "read"
                        ],
                        "/proc/sys/kernel/hostname": [
                                "read"
                        ],
                        "/proc/sys/net/ipv6/conf/*/mtu": [
                                "read"
                        ],
                        "/proc/sys/net/ipv6/conf/*/hop_limit": [
                                "read"
                        ],
                        "/proc/sys/net/netfilter/nf_conntrack_count": [
                                "read"
                        ],
                        "/proc/sys/net/netfilter/nf_conntrack_max": [
                                "read"
                        ],
                        "/sbin/block": [
                                "exec"
                        ],
                        "/sbin/firstboot -r -y": [
                                "exec"
                        ],
                        "/sbin/ifdown": [
                                "exec"
                        ],
                        "/sbin/ifup": [
                                "exec"
                        ],
                        "/sbin/ip -[46] neigh show": [
                                "exec"
                        ],
                        "/sbin/ip -[46] route show table all": [
                                "exec"
                        ],
                        "/sbin/ip -[46] rule show": [
                                "exec"
                        ],
                        "/sbin/logread": [
                                "stat"
                        ],
                        "/sbin/logread -e ^": [
                                "exec"
                        ],
                        "/sbin/reboot": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --force -k /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --force -u -k /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --force -u /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --force /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --list-backup": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --restore-backup /tmp/backup.tar.gz": [
                                "exec"
                        ],
                        "/sbin/sysupgrade --test /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade -k /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade -n --force /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade -n /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade -u -k /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade -u /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/sysupgrade /tmp/firmware.bin": [
                                "exec"
                        ],
                        "/sbin/wifi": [
                                "exec"
                        ],
                        "/tmp/backup.tar.gz": [
                                "write"
                        ],
                        "/tmp/firmware.bin": [
                                "write"
                        ],
                        "/tmp/upload.ipk": [
                                "write"
                        ],
                        "/usr/bin/arp-scan": [
                                "exec",
                                "list"
                        ],
                        "/usr/bin/btrfsck": [
                                "list"
                        ],
                        "/usr/bin/nslookup": [
                                "exec"
                        ],
                        "/usr/bin/ntfsfix": [
                                "list"
                        ],
                        "/usr/bin/ping": [
                                "exec"
                        ],
                        "/usr/bin/ping6": [
                                "exec",
                                "list"
                        ],
                        "/usr/bin/traceroute": [
                                "exec"
                        ],
                        "/usr/bin/traceroute6": [
                                "exec",
                                "list"
                        ],
                        "/usr/lib/lua/luci/version.lua": [
                                "read"
                        ],
                        "/usr/lib/opkg/info/netifd.control": [
                                "read"
                        ],
                        "/usr/libexec/luci-peeraddr": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-call install *": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-call list-available": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-call list-installed": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-call remove *": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-call update *": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-list available": [
                                "exec"
                        ],
                        "/usr/libexec/opkg-list installed": [
                                "exec"
                        ],
                        "/usr/sbin/e2fsck": [
                                "list"
                        ],
                        "/usr/sbin/fsck.f2fs": [
                                "list"
                        ],
                        "/usr/sbin/fsck.fat": [
                                "list"
                        ],
                        "/usr/sbin/ip6tables": [
                                "list"
                        ],
                        "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [
                                "exec"
                        ],
                        "/usr/sbin/ip6tables -Z": [
                                "exec"
                        ],
                        "/usr/sbin/ip6tables-save": [
                                "exec"
                        ],
                        "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [
                                "exec"
                        ],
                        "/usr/sbin/iptables -Z": [
                                "exec"
                        ],
                        "/usr/sbin/iptables-save": [
                                "exec"
                        ],
                        "/usr/sbin/logread": [
                                "stat"
                        ],
                        "/usr/sbin/logread -e ^": [
                                "exec"
                        ],
                        "/usr/sbin/nft --terse --json list ruleset": [
                                "exec"
                        ],
                        "/www/luci-static/resources/view/status/include": [
                                "list"
                        ]
                },
                "ubus": {
                        "dsl": [
                                "metrics"
                        ],
                        "file": [
                                "read",
                                "write",
                                "list",
                                "remove",
                                "exec",
                                "stat"
                        ],
                        "hostapd.*": [
                                "del_client",
                                "wps_start",
                                "wps_cancel",
                                "wps_status"
                        ],
                        "iwinfo": [
                                "assoclist",
                                "countrylist",
                                "freqlist",
                                "txpowerlist",
                                "scan",
                                "info"
                        ],
                        "luci": [
                                "getConntrackHelpers",
                                "getMountPoints",
                                "getFeatures",
                                "getSwconfigFeatures",
                                "getSwconfigPortState",
                                "getConntrackList",
                                "getRealtimeStats",
                                "getProcessList",
                                "getInitList",
                                "getLEDs",
                                "getTimezones",
                                "getUSBDevices",
                                "setInitAction",
                                "setLocaltime",
                                "setPassword",
                                "getBlockDevices",
                                "setBlockDetect"
                        ],
                        "luci-rpc": [
                                "getBoardJSON",
                                "getHostHints",
                                "getNetworkDevices",
                                "getWirelessDevices",
                                "getDHCPLeases",
                                "getDUIDHints"
                        ],
                        "network": [
                                "get_proto_handlers"
                        ],
                        "network.interface": [
                                "dump"
                        ],
                        "network.rrdns": [
                                "lookup"
                        ],
                        "session": [
                                "access",
                                "login"
                        ],
                        "system": [
                                "board",
                                "info",
                                "validate_firmware_image",
                                "reboot"
                        ],
                        "uci": [
                                "changes",
                                "get",
                                "add",
                                "apply",
                                "confirm",
                                "delete",
                                "order",
                                "rename",
                                "set"
                        ]
                },
                "uci": {
                        "dhcp": [
                                "read",
                                "write"
                        ],
                        "dropbear": [
                                "read",
                                "write"
                        ],
                        "firewall": [
                                "read",
                                "write"
                        ],
                        "fstab": [
                                "read",
                                "write"
                        ],
                        "luci": [
                                "read",
                                "write"
                        ],
                        "network": [
                                "read",
                                "write"
                        ],
                        "system": [
                                "read",
                                "write"
                        ],
                        "uhttpd": [
                                "read",
                                "write"
                        ],
                        "wireless": [
                                "read",
                                "write"
                        ]
                }
        },
        "data": {
                "username": "testuser"
        }
}

I have the same answer with root, just

"data": {
                "username": "root"
        }

and "ubus_rpc_session": "5cb....", are different

I don't know why but since I executed the command ubus call session login '{ "username": "testuser", "password": "testuser" }' it now works on my HTML pages