JSON RPC limiting access

I'm trying to configure home-assistant to read presence from the router using: https://www.home-assistant.io/integrations/luci/ . However, I don't feel comfortable hardcoding root password into home-assistant configuration in plain text. I found instructions how to create a read-only user for home-assistant & luci: https://stackoverflow.com/a/70441922/1608594 - but I'm wondering how can I restrict its access further?
I believe I need to put some list of things I would like to read into list read:

config login                     
        option username 'readonlyuser'
        option password '$p$readonlyuser'
        list read '*'

What should I put there?

Welcome to the forum! Interesting first post!

There is some documentation on ACLs here: https://openwrt.org/docs/techref/ubus#acls, using that as a guide you can see how you can set specific read values rather than * meaning all. You can also look at the luci-base example:

There is also a luci-app-acl package to manage ACLs as well.

Hope that helps!

That's what I needed! I've ended using one of the already existing ACLs you linked:

config login
	option username 'hass'
	option password '$p$hass'
	list read 'luci-base-network-status'


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.