Add new user to openwrt 23.05.2

Lachini · January 13, 2025, 8:40am

Hi,
I make a modem by using openwrt 23.05.2.
but i want add a new "admin" user name.
admin only should be login form web ui an not from ssh.
admin only must access to limited pages.(setting wifi SSID or password, change user/pass for admin and ...) and have new pages to see status of modem.

i add new "admin" user by editing passwd and shadow file in etc folder.
and i edit /etc/config/rpcd to :

config login
	option username 'root'
	option password '$p$root'
	list read '*'
	list write '*'
 
config login
        option username 'admin'
        option password '$p$admin'
	list read '*'

by this changes admin user can login only from web ui and only can see all pages without able to editing.

pleas help me how to make new page to admin user and only have limited access to editing.

thanks.

slh · January 13, 2025, 9:35am

The source is at your fingertips. Don't you think how to set up your commercial product is the cost of doing business, aka your own homework?

Lachini · January 13, 2025, 10:55am

Adding new user is not well documented for 23.05.2 . and I cant find a document to add new user and pages.
I am using MediaTek MT7628K SoC and EC200 LTE module for making my modem. It is not a commercial product.

Darin755 · January 13, 2025, 8:35pm

What is your end goal? The reason multiuser is not well documented is because it really isn't supported. It technically can work but the functionality is not completely implemented everywhere. I would avoid using it unless you are just playing around for fun.

Lachini · January 14, 2025, 3:59pm

Thanks @Darin755 to replay to me.
I would be very happy. If I can add this feature. Definitely the guidance of the forum users will help me do it faster and better. And I think it will expand the scope of openwrt.

LilRedDog · January 14, 2025, 4:13pm

That one is simple: disable ssh.
System/Administration/SSH Access->Allow root logins with password-unclick.

psherman · January 14, 2025, 4:29pm

Of course, once the admin has logged in via LuCI, they can just check that box again and login via ssh if they so desire.

Making OpenWrt a multi-user OS in general isn't terribly difficult by adding multiple users, but setting up tiered administrative access is not trivial and may require some additional changes to underlying administrative code.

LilRedDog · January 14, 2025, 4:33pm

They wanted people out of SSH.
One issue at a time.

I do not understand why OP wants to grant anyone else access to LuCI:
Give it a 22 character password and just lock the router down.

Hostle · January 14, 2025, 4:44pm

add luci-app-acl. via luci, add admin user and disable menus admin should not see.

Hostle · January 14, 2025, 5:01pm

don't do this, just use luci to configure the user and the admin user will not have ssh access.

hostle@hostle-Satellite-L775:~$ ssh admin@192.168.1.1
admin@192.168.1.1's password: 
Permission denied, please try again.
admin@192.168.1.1's password: 
Permission denied, please try again.
admin@192.168.1.1's password: 
Connection closed by 192.168.1.1 port 22

Lachini · January 14, 2025, 5:37pm

Thanks @Hostle ,
My openwrt version is : 23.05.2
But your version seems to be higher. Right?
in my openwrt ui [system --> acl settings] is not present.

Hostle · January 14, 2025, 5:44pm

if you follow the link i provided, that router is in my lab, it was at 5.15 ...

version doesn't matter you just need to install the package "luci-app-acl"

go to system --> software
click the update list button
select the available tab
type "luci-app-acl" into filter
select install.

once installed you can access it via System->ACL Settings