I have posted this question elsewhere mixed in with other somewhat related questions:
but it remained the only question not addressed specifically. I suspect that is because so few want to do what I am trying to do.
As per the guidelines of @jeff ([SOLVED] VLAN isolation and router access questions), I set up a non-privileged user following the instructions here under 'Create a non-privileged user in OpenWrt', with 'Method 1' for access:
this all worked flawlessly. I can SSH in as the new non-privileged user, and use sudo to make changes.
My question is related to the fact that I do most of my setup and changes via Luci. I don't have the skills yet to be able to do everything in CLI, and I am better visually with a GUI right now. So, my goal is to log in to Luci as a non-privileged user, but still be able to make the necessary changes. This would then enable me to do the next step recommended by @jeff, which is disable the root login.
To me, what I want to do seems impossible because I can't see any way a non-privileged user would be able to make changes with no way to sudo via the GUI. I can't even figure out any way to grant the new non-privileged user access via Luci. I did endless searches on this and found nothing at all. I did, though, come upon this long-running project, so it seems I am not the only one interested in this.
All I am trying to do is restrict access to Luci to a non-privileged user that can make changes, and be able to implement this in a simple manner i.e. have the same type of approach that is being done with SSH. It seems to me there is little security improvement to have set up SSH to only access via a non-privileged user with sudo if I leave the root login enabled and Luci can still have access via the root alogin. I also realized that disabling the root login would cut off my access to Luci as it is configured right now. I saw a warning on this on the ArchLinux wiki here (scroll to 'Disable root login'):
This seems to apply if I used any of the listed commands as my means of disabling the root login (I'd be curious to hear what the suggested method is to disable the root login with OpenWrt) and if I use 'Method 1' for access, as I mentioned above I did. So, I want to make sure I don't cut off access to Luci unless I can find a way to accomplish what I am trying to do.
Any help would be great, but I am not holding out high hopes for this because it doesn't seem like it's doable.