Change user password from GUI

each time i add a new user from ACL setting and log to it, when i change the password from menu -->system--> administrator , the root password changes instead of user password!!!
please help me i want to make any logged user in luci GUI to change his password instead of changing root password.


the dialogue do say Changes the administrator password for accessing the device...

you could try to alter and change the hardcoded root, assuming that's enough.

thank you for your reply but i didn't know how to use the file passwd.lua in github! In openwrt i have password.js file ender /www/luci-static/resources/view containing:

'use strict';
'require view';
'require dom';
'require ui';
'require form';
'require rpc';
var formData = {
    password: {
        pw1: null,
        pw2: null
var callSetPassword = rpc.declare({
    object: 'luci',
    method: 'setPassword',
    params: ['username', 'password'],
    expect: {
        result: false
return view.extend({
    checkPassword: function(section_id, value) {
        var strength = document.querySelector('.cbi-value-description'),
            strongRegex = new RegExp("^(?=.{8,})(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*\\W).*$", "g"),
            mediumRegex = new RegExp("^(?=.{7,})(((?=.*[A-Z])(?=.*[a-z]))|((?=.*[A-Z])(?=.*[0-9]))|((?=.*[a-z])(?=.*[0-9]))).*$", "g"),
            enoughRegex = new RegExp("(?=.{6,}).*", "g");
        if (strength && value.length) {
            if (false == enoughRegex.test(value))
                strength.innerHTML = '%s: <span style="color:red">%s</span>'.format(_('Password strength'), _('More Characters'));
            else if (strongRegex.test(value))
                strength.innerHTML = '%s: <span style="color:green">%s</span>'.format(_('Password strength'), _('Strong'));
            else if (mediumRegex.test(value))
                strength.innerHTML = '%s: <span style="color:orange">%s</span>'.format(_('Password strength'), _('Medium'));
                strength.innerHTML = '%s: <span style="color:red">%s</span>'.format(_('Password strength'), _('Weak'));
        return true;
    render: function() {
        var m, s, o;
        m = new form.JSONMap(formData, _('Router Password'), _('Changes the administrator password for accessing the device'));
        m.readonly = !L.hasViewPermission();
        s = m.section(form.NamedSection, 'password', 'password');
        o = s.option(form.Value, 'pw1', _('Password'));
        o.password = true;
        o.validate = this.checkPassword;
        o = s.option(form.Value, 'pw2', _('Confirmation'), ' ');
        o.password = true;
        o.renderWidget = function() {
            var node = form.Value.prototype.renderWidget.apply(this, arguments);
            node.querySelector('input').addEventListener('keydown', function(ev) {
                if (ev.keyCode == 13 && !ev.currentTarget.classList.contains('cbi-input-invalid'))
            return node;
        return m.render();
    handleSave: function() {
        var map = document.querySelector('.cbi-map');
        return dom.callClassMethod(map, 'save').then(function() {
            if (formData.password.pw1 == null || formData.password.pw1.length == 0)
            if (formData.password.pw1 != formData.password.pw2) {
                ui.addNotification(null, E('p', _('Given password confirmation did not match, password not changed!')), 'danger');
            return callSetPassword('root', formData.password.pw1).then(function(success) {
                if (success)
                    ui.addNotification(null, E('p', _('The system password has been successfully changed.')), 'info');
                    ui.addNotification(null, E('p', _('Failed to change the system password.')), 'danger');
                formData.password.pw1 = null;
                formData.password.pw2 = null;
                dom.callClassMethod(map, 'render');
    handleSaveApply: null,
    handleReset: null

please explain me how to make it work
i am not a developper.

What's the scenario you're trying to support? Are you setting up something where you want each user to log in to see their own private set of resources, like samba to see files?

If it is a few users where you can set an initial password to tell them and they are not required to change then the easiest approach would be to SSH to the device and use the command line passwd command to set them.

it is abnormal that a logged 'user' then root can change the root password!!!
what i want to do is to add only a second user with restricted access but he can change his login password ( the account he is logged in).

well, openwrt isn't really designed to be a multi user environment.

a work around might be to delete the change password dialogue from the web ui,
then no one can change the password through the browser.

so no hope to make what i want to do? :frowning: any expert could find a solution

The rpc call needs to be changed to take the authenticated user into account when changing the password. Nothing trivial.

I don't think many people have more users than just root. I just added one with direct editing of /etc/passwd and /etc/group, and after using passwd as root to set a password I can SSH in using that user.

But I can't use the username / password to log in to LUCI.

If you're saying that:

  1. Once you create additional users they can log in to LUCI how did you set them up?

  2. They can then change the root password, and presumably all other settings, that would seem to be a problem. If it is an out of the box one it may need addressing. If you had to adjust some settings to allow the login to LUCI then maybe the it crept in there.

Presumably using luci-app-acl.

So it is presumably doing something that my simple file edits don't to allow login to LUCI, and maybe shadow-useradd would also do.

Although I can't test the full scenario I'd have thought many parts of LUCI will assume root is logged in. If that was a validated design assumption then I'd suggest thst non-root users shouldn't be able to login to LUCI - just like they can't if created manually the way I did.

BTW, I see this in the logs from LUCI:
Wed Feb 16 15:35:41 2022 : luci: failed login on / for ianc from

And this from SSH, so my account is valid and I rememered the password for more than 30 seconds :wink:
Wed Feb 16 15:37:03 2022 authpriv.notice dropbear[32211]: Password auth succeeded for 'ianc' from

yes but how to do that?

i used ACL settings in luci GUI to add user and config privileges

1 Like

i added user using ACL settings in luci GUI

so anyone could make some changes in file /www/luci-static/resources/password.js to make the logged in user change user password not root one?!!!
please i hardly need it

Correct, it manages the /etc/config/rpcd logins. Most components of modern LuCI do not directly execute code on the router anymore, they invoke UBUS RPC methods via HTTP which are guarded by ACLs, so LuCI accounts (rpcd logins) can be selectively granted access to certain procedures or not.

LuCI accounts (rpcd logins) can be synchronized with /etc/shadow and the preexisting root login does exactly that, but you can also define logins which do not exist as UNIX accounts or assign password different than the /etc/shadow ones.

The OPs specific question centers around the "change router password" view which, due to the way it is coded, always changes the password of the root UNIX user once the logged in session has enough permissions to open the "change router password" view.

What the OP expected however, is the ability to change the own LuCI login password (which might not be even backed by a corresponding UNIX account in /etc/shadow). This functionality simply does not exist for less-authenticated users. Login passwords can be changed through the ACL management but then you would need to grant less privileged users access to said ACL management which in turn would allow them to escalate their own permissions...

So in short, the OP is expecting a not yet existing functionality.

I'd say there are two parts ot that:

  • Can the user run it?
  • What permissions do they have when they run it?

They ought to be seperate, so that a user can be allowed to run it as themselves, and maybe run it as root if needed akin to the file system level SUID bit.

I realise the script would need adjusting too, but that ought to be the lesser of the problems. Once it collects a username + 2 x password and Save is clicked it should be able to invoke the actual change under whichever identity they originally logged into LUCI as.

That view simply isn't meant for setting the current login password. It is meant to change the system wide root password (which also happens to be the login password of the default LuCI "root" account).

What is needed is an entirely new "view" to change the current login password (which maybe gets disabled/hidden if the login session is "root" and it's password being synced with /etc/shadow).

And obviously the restricted login should be configured so that it may not access the "change root password" view/methods.

[Zapped misread and wrongly quoted part]

So has OP enabled this view for the added user? It would seem to be a significant weakness if it is available by default and allows the root password to be chnaged.

That was my impression. He enabled this view for the restricted user, assuming that the restricted user can change his own password through it, which isn't the case. That view will always change the root password.

1 Like