Discussion on Luci multi-user features
See original GitHub issue@Hostle has created a functional system for enabling handling multiple users in Luci.
- User creation, removal and provisioning work.
- Two user classes: admin and user. (root has always full access.)
- Possibility to adjust access on menu-item level
- Possibility to deny ssh access
@Hostle has actually created two alternative methods for a year-old Luci (from March 2015, CC15.05 development cycle) into his Github repo. I have imported the changes into up-to-date DD trunk and have also squashed and polished the commits for discussion purposes to have minimal diffs.
Hostle thinks that the newer method is better, so I will present that here.
Original discussion at forum: https://forum.openwrt.org/viewtopic.php?id=54593 Discussion also at: https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15451559
“New method”:
“New” original, commits from Hostle, updated in April 2017: https://github.com/Fire-WRT/luci/commits/multi4
“New” cleaned-up version from my repo, “multi4-clean” branch, contains four squashed commits targeting LEDE & Openwrt DD trunk/master: https://github.com/hnyman/luci/commits/multi4-clean (March2018: I have rebased multi4 branch history with the LuCI of June 2017.)
Trying the code:
If you want to try the multi-user code, you can easily add my Luci repo as a remote to your own git and then pull from “multi4-clean” branch. The multi4-clean branch contains up-to-date LuCI of 26 June 2017.
I used these commands to import this to my own Openwrt build. (I also created a new branch “multiuser” at my local feed repo so that I easily push the changes aside by “git checkout master”):
cd feeds/luci
git checkout 6047dacb6253c
git checkout -b multiuser
git remote add hnyman https://github.com/hnyman/luci.git
git pull hnyman multi4-clean
git log --oneline
Alternatively, you can download the 4 commits as patches from github and apply them manually. (just add .patch to the end of the commit’s page address and you get a patch that can be download with wget.)
Identified problems/challenges:
NOTE: old, reflects 2015 observations
- Both methods have the drawback that the permission settings only work for previously known pages or menu tabs. E.g. new page system / Custom commands from luci-app-command is not handled. It would be better, if the system somehow sniffed the pages and then decided the permissions based on the main menu tab.
- “new” method required editing existing pages to have permission-checking wrappers around each menu item. E.g. in status, system and network. E.g. https://github.com/hnyman/luci/commit/d56fe7a4aebb10286b8be04234fd6a225a543aee
- system Menu issue (visible although should not be, probably due to other Luci applications): https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15454445 that is a weakness in this approach, as 1) all packages would need the modified index() function, and 2) the /model/cbi/admin_users/users.lua module would need to have all available package options available and enabled/disabled by some short of switch
- I compiled “new” for my own ar71xx build and it worked to large extent, but not quite fully with Firefox. Might be cache problems or something. Hostle himself compiled “new” from my repo to his trunk and says that it worked perfectly. https://github.com/Hostle/luci/commit/c1ba7d780fbafba1d882e3d05ff96baeaee131f3#commitcomment-15451559
Screenshot from trunk Designated Driver r48235:
Issue Analytics
- State:
- Created 8 years ago
- Comments:233 (44 by maintainers)
Top GitHub Comments
We are currently working on the a new version that will work with the many changes made in the 19.07 branch. There is a beta version in the Fire-WRT repo but there’s much more work to be done before a stable version is available. Sit tight … maybe Santa will bring the new version 😉
On Wed, Dec 11, 2019, 12:40 PM alisaeed, notifications@github.com wrote:
Hello Everyone! @Fire-WRT @hnyman @Hostle @nasafix-nasser
I’ve been following this thread for awhile. I’ve been really trying to implement multiple users with menu access permissions. All in all, I think the multi-user-app is a great solution but of course it has its kinks, especially in trying to migrate it into OpenWRT v19 Stable Branch.
So far I’ve been able to successfully adapt the code for use in v19 with the ability to create, edit, and delete users as seen below: Screenshots:
But I’m getting several odd errors that I’m hoping someone can point me in the right direction in solving.
Error 1: Firstly I’m able to login normally with either or root of my created user but there’s a weird error on the login screen. Browser Console returns: Error: “No related RPC reply” flushRequestQueue /luci-static/resources/luci.js?v=git-20.087.56959-ed1fc63:44 luci.js:103:9 Screenshot:
Error 2: Secondly, when editing a new user, not all of my available SubMenus nor my available Page Tabs come up as options to enable/disable for the user. The panel will include some Page Tabs but not others as well as some SubMenus but not others. Example:
Error 3: Additionally, not so much an error, but when a user is created using the Edit Users menu, there isn’t a way to set a password for that user. In order to allow the new user to login to LuCi, you have to set a password for the new user via CLI using passwd command in this case. Also, if you add another user, then delete that user, for whatever reason, it also wipes the password for the first user so you have to set the password for that user via CLI again.
Error 4: And finally, when actually enabling menus for a user, it will successfully show those menu items when the user is logged in but none of the pages will load except for the password page added by the module. Rather than loading, Luci throws RPC errors similar to the error on the login screen but my browser console returns the following: Error: “No related RPC reply” flushRequestQueue /luci-static/resources/luci.js?v=git-20.087.56959-ed1fc63:44 luci.js:103:9
Error: “No related RPC reply” flushRequestQueue /luci-static/resources/luci.js?v=git-20.087.56959-ed1fc63:44 luci.js:103:9 Screenshot:
That’s everything I’ve been able to find in my experimentation but to be frank, these issues have got me stumped. Hopefully someone can help me out and maybe even publish this new version so others can start using it. Thanks in advance!
Cheers, Rick