authentication - OpenWrt: LuCI: how to implement limited user access - Stack Overflow (https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico?v=ec617d715196) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (Stack Overflow) (/opensearch.xml) (https://stackoverflow.com/questions/18377138/openwrt-luci-how-to-implement-limited-user-access) (https://cdn.sstatic.net/Shared/stacks.css?v=d6a266655a25) (https://cdn.sstatic.net/Sites/stackoverflow/primary.css?v=22fb2cb11723) (Feed for question 'OpenWrt: LuCI: how to implement limited user access') (/feeds/question/18377138) (https://cdn.sstatic.net/Shared/Channels/channels.css?v=5981bb1a5bd7)  (https://accounts.google.com/gsi/style)  (site logo) Join Stack Overflow    By clicking “Sign up”, you agree to our (/legal/terms-of-service/public) terms of service and acknowledge you have read our (/legal/privacy-policy) privacy policy .  (45fdb50b82cf09e3c22aa1697ef5a8ee0b8a220472cd062937b14b656f99cff0) (1) (2.0)      Sign up with Google    Sign up with GitHub     OR (45fdb50b82cf09e3c22aa1697ef5a8ee0b8a220472cd062937b14b656f99cff0) (1) () () () () () () Email   Password (8+ characters (at least 1 letter & 1 number))      Sign up      Already have an account? (/users/login) Log in         (45fdb50b82cf09e3c22aa1697ef5a8ee0b8a220472cd062937b14b656f99cff0) ()     Skip to main content     (https://stackoverflow.com) Stack Overflow  (https://stackoverflow.co/) About  Products   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav-bar&utm_content=overflowai) OverflowAI    (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-for-teams) Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers   (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-advertising) Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-ai) OverflowAI GenAI features for Teams   (https://stackoverflow.co/api-solutions/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-api) OverflowAPI Train & fine-tune LLMs   (https://stackoverflow.co/labs/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=labs) Labs The future of collective knowledge sharing   (https://stackoverflow.co/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=about-the-company) About the company (https://stackoverflow.blog/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=blog) Visit the blog    (Search…) ()    Loading…          (https://stackoverflow.com) current community        (https://stackoverflow.com) (Stack Overflow)  Stack Overflow    (https://stackoverflow.com/help) help (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) chat     (https://meta.stackoverflow.com) (Meta Stack Overflow)  Meta Stack Overflow      your communities   (https://stackoverflow.com/users/signup?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f18377138%2fopenwrt-luci-how-to-implement-limited-user-access) Sign up or (https://stackoverflow.com/users/login?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f18377138%2fopenwrt-luci-how-to-implement-limited-user-access) log in to customize your list.   (https://stackexchange.com/sites) more stack exchange communities  (https://stackoverflow.blog) company blog      (Click to show search)     (https://stackoverflow.com/users/login?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f18377138%2fopenwrt-luci-how-to-implement-limited-user-access) Log in  (https://stackoverflow.com/users/signup?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f18377138%2fopenwrt-luci-how-to-implement-limited-user-access) Sign up      Let's set up your homepage Select a few topics you're interested in:   python javascript c# reactjs java android html flutter c++ node.js typescript css r php angular next.js spring-boot machine-learning sql excel ios azure docker  Or search from our full list:    (Search)        javascript  python  java  c#  php  android  html  jquery  c++  css  ios  sql  mysql  r  reactjs  node.js  arrays  c  asp.net  json  python-3.x  .net  ruby-on-rails  sql-server  swift  django  angular  objective-c  excel  pandas  angularjs  regex  typescript  ruby  linux  ajax  iphone  vba  xml  laravel  spring  asp.net-mvc  database  wordpress  string  flutter  postgresql  mongodb  wpf  windows  amazon-web-services  xcode  bash  git  oracle-database  spring-boot  dataframe  azure  firebase  list  multithreading  docker  vb.net  react-native  eclipse  algorithm  powershell  macos  visual-studio  numpy  image  forms  scala  function  vue.js  performance  twitter-bootstrap  selenium  winforms  kotlin  loops  express  dart  hibernate  sqlite  matlab  python-2.7  shell  rest  apache  entity-framework  android-studio  csv  maven  linq  qt  dictionary  unit-testing  asp.net-core  facebook  apache-spark  tensorflow  file  swing  class  unity-game-engine  sorting  date  authentication  go  symfony  t-sql  opencv  matplotlib  .htaccess  google-chrome  for-loop  datetime  codeigniter  http  perl  validation  sockets  google-maps  object  uitableview  xaml  oop  if-statement  visual-studio-code  cordova  ubuntu  web-services  email  android-layout  github  spring-mvc  elasticsearch  kubernetes  selenium-webdriver  ms-access  user-interface  ggplot2  parsing  pointers  google-sheets  machine-learning  c++11  security  google-apps-script  flask  ruby-on-rails-3  templates  nginx  variables  exception  sql-server-2008  gradle  debugging  tkinter  listview  delphi  jpa  asynchronous  web-scraping  pdf  haskell  jsp  ssl  amazon-s3  google-cloud-platform  jenkins  testing  xamarin  wcf  npm  batch-file  generics  ionic-framework  network-programming  unix  recursion  google-app-engine  mongoose  visual-studio-2010  .net-core  android-fragments  assembly  animation  math  next.js  svg  session  hadoop  intellij-idea  curl  rust  django-models  join  winapi  laravel-5  url  heroku  http-redirect  tomcat  google-cloud-firestore  inheritance  webpack  keras  image-processing  gcc  asp.net-mvc-4  logging  swiftui  dom  web  matrix  pyspark  actionscript-3  button  post  optimization  firebase-realtime-database  jquery-ui  iis  cocoa  xpath  d3.js  javafx  firefox  internet-explorer  xslt  caching  select  asp.net-mvc-3  opengl  events  asp.net-web-api  plot  dplyr  encryption  magento  search  stored-procedures  amazon-ec2  ruby-on-rails-4  memory  audio  canvas  multidimensional-array  jsf  random  vector  redux  cookies  input  facebook-graph-api  flash  xamarin.forms  indexing  arraylist  ipad  cocoa-touch  data-structures  video  apache-kafka  model-view-controller  serialization  jdbc  woocommerce  azure-devops  routes  razor  awk  servlets  mod-rewrite  beautifulsoup  excel-formula  docker-compose  filter  iframe  aws-lambda  design-patterns  text  django-rest-framework  visual-c++  cakephp  mobile  android-intent  react-hooks  struct  methods  groovy  mvvm  ssh  lambda  checkbox  ecmascript-6  google-chrome-extension  time  grails  installation  sharepoint  cmake  shiny  spring-security  jakarta-ee  android-recyclerview  plsql  core-data  types  meteor  android-activity  sed  bootstrap-4  websocket  activerecord  graph  replace  scikit-learn  group-by  file-upload  vim  junit  boost  deep-learning  sass  import  memory-management  error-handling  async-await  eloquent  dynamic  soap  silverlight  dependency-injection  charts  layout  apache-spark-sql  deployment  browser  gridview  svn  while-loop  google-bigquery  vuejs2  ffmpeg  dll  highcharts  view  foreach  plugins  makefile  c#-4.0  redis  reporting-services  jupyter-notebook  merge  server  unicode  https  reflection  google-maps-api-3  twitter  oauth-2.0  extjs  pytorch  axios  terminal  pip  split  cmd  mysqli  encoding  django-views  automation  database-design  collections  hash  netbeans  build  data-binding  ember.js  tcp  sqlalchemy  pdo  apache-flex  concurrency  entity-framework-core  command-line  spring-data-jpa  printing  java-8  react-redux  jestjs  service  html-table  neo4j  lua  ansible  material-ui  parameters  enums  module  flexbox  visual-studio-2012  promise  outlook  firebase-authentication  webview  web-applications  uwp  jquery-mobile  utf-8  datatable  python-requests  parallel-processing  drop-down-menu  colors  scroll  hive  scipy  tfs  count  syntax  ms-word  twitter-bootstrap-3  ssis  google-analytics  fonts  three.js  powerbi  rxjs  constructor  graphql  file-io  paypal  discord  cassandra  socket.io  graphics  compiler-errors  gwt  react-router  solr  nlp  url-rewriting  backbone.js  memory-leaks  datatables  oauth  terraform  datagridview  drupal  oracle11g  zend-framework  neural-network  knockout.js  triggers  django-forms  interface  angular-material  google-api  casting  jmeter  linked-list  path  proxy  timer  django-templates  arduino  orm  directory  parse-platform  windows-phone-7  visual-studio-2015  cron  push-notification  conditional-statements  primefaces  functional-programming  pagination  model  jar  xamarin.android  hyperlink  uiview  gitlab  visual-studio-2013  vbscript  google-cloud-functions  azure-active-directory  jwt  download  swift3  configuration  sql-server-2005  process  rspec  pygame  properties  combobox  callback  windows-phone-8  linux-kernel  safari  scrapy  permissions  raspberry-pi  scripting  emacs  clojure  x86  scope  io  compilation  mongodb-query  expo  responsive-design  nhibernate  angularjs-directive  azure-functions  request  bluetooth  dns  3d  binding  reference  architecture  playframework  discord.js  pyqt  version-control  doctrine-orm  package  get  rubygems  sql-server-2012  f#  autocomplete  openssl  datepicker  kendo-ui  tree  jackson  controller  yii  nested  grep  xamarin.ios  static  dockerfile  statistics  null  transactions  pycharm  datagrid  active-directory  uiviewcontroller  webforms  phpmyadmin  discord.py  notifications  sas  computer-vision  duplicates  mocking  youtube  nullpointerexception  yaml  menu  sum  bitmap  blazor  asp.net-mvc-5  electron  visual-studio-2008  time-series  yii2  jsf-2  stl  css-selectors  android-listview  floating-point  cryptography  ant  stream  hashmap  character-encoding  msbuild  sdk  asp.net-core-mvc  google-drive-api  selenium-chromedriver  jboss  joomla  cors  navigation  devise  anaconda  background  camera  multiprocessing  pyqt5  binary  frontend  cuda  linq-to-sql  iterator  mariadb  onclick  plotly  ios7  rabbitmq  android-jetpack-compose  microsoft-graph-api  android-asynctask  tabs  insert  laravel-4  uicollectionview  environment-variables  amazon-dynamodb  linker  xsd  console  coldfusion  upload  continuous-integration  ftp  textview  opengl-es  vuejs3  operating-system  mockito  macros  localization  formatting  xml-parsing  json.net  type-conversion  kivy  data.table  timestamp  calendar  integer  segmentation-fault  android-ndk  drag-and-drop  prolog  char  crash  jasmine  automated-tests  dependencies  geometry  android-gradle-plugin  itext  firebase-cloud-messaging  header  fortran  sprite-kit  mfc  attributes  azure-pipelines  nuxt.js  nosql  format  nestjs  odoo  db2  jquery-plugins  jenkins-pipeline  leaflet  event-handling  annotations  flutter-layout  julia  postman  keyboard  textbox  arm  visual-studio-2017  gulp  stripe-payments  libgdx  synchronization  xampp  timezone  crystal-reports  dom-events  azure-web-app-service  uikit  android-emulator  wso2  swagger  sequelize.js  namespaces  aggregation-framework  uiscrollview  google-sheets-formula  jvm  chart.js  com  subprocess  geolocation  webdriver  centos  snowflake-cloud-data-platform  html5-canvas  garbage-collection  dialog  widget  numbers  concatenation  sql-update  qml  set  tuples  windows-10  smtp  mapreduce  java-stream  ionic2  rotation  modal-dialog  spring-data  android-edittext  http-headers  nuget  doctrine  radio-button  sonarqube  grid  lucene  xmlhttprequest  internationalization  listbox  initialization  switch-statement  components  google-play  apache-camel  boolean  serial-port  ldap  ios5  gdb  youtube-api  return  latex  pivot  eclipse-plugin  frameworks  tags  containers  github-actions  dataset  subquery  asp-classic  foreign-keys  label  c++17  copy  uinavigationcontroller  delegates  google-cloud-storage  struts2  migration  base64  protractor  embedded  queue  find  sql-server-2008-r2  uibutton  arguments  composer-php  append  jaxb  zip  stack  cucumber  autolayout  ide  entity-framework-6  popup  tailwind-css  iteration  airflow  r-markdown  windows-7  ssl-certificate  vb6  gmail  hover  jqgrid  g++  range  udp         Next You’ll be prompted to create an account to view your personalized homepage.          (/)   Home    (/questions)   Questions    (/tags)    Tags     (/beta/discussions)   Discussions Labs     (https://chat.stackoverflow.com/?tab=all&sort=active)       Chat    (/users)   Users     (/jobs?source=so-left-nav)   Jobs    (https://stackoverflow.com/jobs/companies?so_medium=stackoverflow&so_source=SiteNav)   Companies    Collectives       Communities for your favorite technologies. (/collectives-all) Explore all Collectives     Teams () Ask questions, find answers and collaborate at work with Stack Overflow for Teams.  (https://stackoverflowteams.com/teams/create/free/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Try Teams for free (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Explore Teams   Teams      Ask questions, find answers and collaborate at work with Stack Overflow for Teams. (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams-compact) Explore Teams          Collectives™ on Stack Overflow Find centralized, trusted content and collaborate around the technologies you use most. (/collectives) Learn more about Collectives     Teams  Q&A for work Connect and share knowledge within a single location that is structured and easy to search. (https://stackoverflow.co/teams/) Learn more about Teams           (Illustration of upvote icon after it is clicked)   Hang on, you can't upvote just yet. You'll need to complete a few actions and gain 15 reputation points
        before being able to upvote. Upvoting indicates when questions and answers are useful. (https://stackoverflow.com/help/whats-reputation) What's reputation and how do I get it?  Instead, you can save this post to reference later.     Save this post for later Not now          (Illustration of upvote icon after it is clicked)   Hang on, you can't downvote just yet. You'll need to complete a few actions and gain 125 reputation points
        before being able to downvote. Casting downvotes indicate issues with quality, effort, or accuracay of a post. (https://stackoverflow.com/help/whats-reputation) What's reputation and how do I get it?  Instead, you can try suggesting an edit to improve the post.   Suggest edit No thanks          (Illustration of upvote icon after it is clicked)   Hang on, you can't upvote just yet. You'll need to complete a few actions and gain 15 reputation points
        before being able to upvote. Upvoting indicates when questions and answers are useful. (https://stackoverflow.com/help/whats-reputation) What's reputation and how do I get it?  To start gaining reputation, try answering a related question. authentication lua openwrt      Find related question Not now           (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (/questions/18377138/openwrt-luci-how-to-implement-limited-user-access) OpenWrt: LuCI: how to implement limited user access  (/questions/ask) Ask Question     (2013-08-22 09:53:47Z) Asked 11 years, 8 months ago  Modified (?lastactivity) (2021-12-21 21:44:58Z) 3 years, 4 months ago  (Viewed 16,008 times) Viewed 16k times         This question shows research effort; it is useful and clear  (70:3:31e,16:ad1e33b935dfe437,10:1745519204,16:acd20740e443ae86,8:18377138,d0531d540009f3b45d3698e2c7e7e811420166c16ee49823e6be4e4a5ac733ac) 5  (This question does not show any research effort; it is unclear or not useful)    (70:3:31e,16:9b9575b8960a6a68,10:1745519204,16:888a67911d8a57ea,8:18377138,6b05f20f616e76bc791bfc5c37a28d783f7b6aa7ec52d386ab86c053d51d615a)      Save this question.  (/posts/18377138/timeline)    Show activity on this post.    Goal: two users root and user. Root can access everything via web-interface, but user should see only some parts of the menus. One option would be to pass "sysauth" option to every module in question. That is not very practical, because the user would see every menu entry and would get login page for every menu he is not allowed to. My idea is to figure out who is logged on and then do nothing in the index() function of each restricted module. So far I couldn't find such a function in LuCI API ((http://luci.subsignal.org/api/luci/) http://luci.subsignal.org/api/luci/ ), that would return a current logged user. I know how to add additional users in OpenWrt/LuCI ((https://forum.openwrt.org/viewtopic.php?pid=163013#p163013) https://forum.openwrt.org/viewtopic.php?pid=163013#p163013 ). But it is only a part of the solution. Any idea, how to achieve my goal?  (/questions/tagged/authentication) (show questions tagged 'authentication') authentication  (/questions/tagged/lua) (show questions tagged 'lua') lua  (/questions/tagged/openwrt) (show questions tagged 'openwrt') openwrt      (/q/18377138) (Short permalink to this question) Share  Share a link to this question     Copy link (https://creativecommons.org/licenses/by-sa/3.0/) (The current license for this post: CC BY-SA 3.0) CC BY-SA 3.0     (/posts/18377138/edit) () Improve this question  Follow (70:3:31e,16:3a3d1884ce3c7ed6,10:1745519204,16:8442d9ace43aeacb,8:18377138,6ed2b6346dd3d9733ae61f47cdc75b48d55f8cc4489f8039f8397cef6ee85b80)  Follow this question to receive notifications       asked (2013-08-22 09:53:47Z) Aug 22, 2013 at 9:53   (/users/1113139/yegorich) (yegorich's user avatar)    (/users/1113139/yegorich) yegorich yegorich (reputation score) 4,849 (3 gold badges)  3  3 gold badges (34 silver badges)  34  34 silver badges (40 bronze badges)  40  40 bronze badges           (Use comments to ask for more information or suggest improvements. Avoid answering questions in comments.) Add a comment |  (Expand to show all comments on this post)          2 Answers 2   Sorted by:  (/questions/18377138/openwrt-luci-how-to-implement-limited-user-access?answertab=scoredesc#tab-top) Reset to default   (scoredesc) Highest score (default)  (trending) Trending (recent votes count more)  (modifieddesc) Date modified (newest first)  (createdasc) Date created (oldest first)            This answer is useful  (70:3:31e,16:6ce6d17e357760e8,10:1745519204,16:e5b00ada3993f1de,8:19006175,83a0a7d6c1cb521d732be5745f5117888d9fb4e23a6c0fe6f3188bca8d3e0609) 3  (This answer is not useful)    (70:3:31e,16:bfc168877e69107c,10:1745519204,16:18a32e84e594e7ec,8:19006175,1a272d3bac2fdc61cf27c748eef72191e15725e188094d56a7b2b9f305254e8e)      Save this answer.  (Loading when this answer was accepted…)     (/posts/19006175/timeline)    Show activity on this post.    I ended up creating a Lua function like described here: (http://lua-users.org/wiki/SaveTableToFile) http://lua-users.org/wiki/SaveTableToFile , to find and remove unneeded keys from the table. function remove_idx (  tbl, index )  -- initiate variables for save procedure local tables,lookup = { tbl },{ [tbl] = 1 } for idx,t in ipairs ( tables ) do local thandled = {} for i,v in ipairs ( t ) do thandled[i] = true local stype = type ( v ) -- only handle value if stype == "table" then if not lookup[v] then table .insert ( tables, v )
           lookup[v] = #tables end else if i == index then t[i] = nil return end end end for i,v in pairs ( t ) do -- escape handled values if (not thandled[i]) then local flag = 0 local stype = type ( i ) -- handle index if stype == "table" then if not lookup[i] then table .insert ( tables,i )
          lookup[i] = #tables end else flag = 1 if i == index then t[i] = nil return end end if flag == 1 then stype = type ( v ) -- handle value if stype == "table" then if not lookup[v] then table .insert ( tables,v )
             lookup[v] = #tables end else if i == index then t[i] = nil return end end end end end end end   And then inserted my user check and page delete after in libs/web/luasrc/dispatcher.lua dispatch(): if c and c.index then local tpl = require "luci.template" if util.copcall(tpl.render, "indexer" , {}) then return true end end   That's how I remove unneeded pages depending on who is logged in: if ctx.authuser == "user" then remove_idx(ctx.tree, "packages" )
            remove_idx(ctx.tree, "leds" ) end   It is a little bit quick and dirty, but it works. Please note, that direct access by
manipulating the URL is still possible. Update  LuCI2 will provide ACL support und multi-user environment: (http://git.openwrt.org/?p=project/luci2/ui.git;a%3Dsummary) http://git.openwrt.org/?p=project/luci2/ui.git;a%3Dsummary    (/a/19006175) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/3.0/) (The current license for this post: CC BY-SA 3.0) CC BY-SA 3.0     (/posts/19006175/edit) () Improve this answer  Follow (70:3:31e,16:bde65ba90de274f2,10:1745519204,16:2ff023b3677a57f8,8:19006175,0e46d8adb8039766597550b7b0de33fceb3127b2a27f12bbbccb9c173115caeb)  Follow this answer to receive notifications       (/posts/19006175/revisions) (show all edits to this post) edited (2014-01-20 08:42:49Z) Jan 20, 2014 at 8:42         answered (2013-09-25 13:23:20Z) Sep 25, 2013 at 13:23   (/users/1113139/yegorich) (yegorich's user avatar)    (/users/1113139/yegorich) yegorich yegorich (reputation score) 4,849 (3 gold badges)  3  3 gold badges (34 silver badges)  34  34 silver badges (40 bronze badges)  40  40 bronze badges        6   thanks for share your solution. i have a simple question: i don't know the remove_idx write to which file? add "user check" after dispatch() function or in dispatch() 'modifi dispatch()'. and where i use "remove unneeded pages" code? I'm confused. sorry for my bad english. – (/users/1037028/omid) (772 reputation) omid  Commented (2014-01-10 12:22:35Z, License: CC BY-SA 3.0) Jan 10, 2014 at 12:22        i added remove_idx function and user check, but only remove item in menu first page render, if reload or go to other page, leds and packages item go back and available in menu. may be i bad use check user code, can you help me please? – (/users/1037028/omid) (772 reputation) omid  Commented (2014-01-11 20:03:24Z, License: CC BY-SA 3.0) Jan 11, 2014 at 20:03        Both remove_idx() and authentication check must be in libs/web/luasrc/dispatcher.lua file, because the whole index tree is built as soon as you open routers web interface. User authentication check must be in the dispatch() routine, right after the code I showed in my answer. This is the routine, where the index tree will be filled. – (/users/1113139/yegorich) (4,849 reputation) yegorich  Commented (2014-01-11 21:13:58Z, License: CC BY-SA 3.0) Jan 11, 2014 at 21:13   (this comment was edited 1 time)          i added if ctx.authuser... after if c and c.index... , if i click system or network menu, leds and packages not available in menu list but if i click dhcp or startup ..., leds and packages available in menu list. – (/users/1037028/omid) (772 reputation) omid  Commented (2014-01-11 21:23:16Z, License: CC BY-SA 3.0) Jan 11, 2014 at 21:23      (number of 'useful comment' votes received) 1   I've solved the problem of reappearing sub-tabs through replacing c with ctx.tree in remove_idx() call. But  direct access by manipulating the URL is still possible. – (/users/1113139/yegorich) (4,849 reputation) yegorich  Commented (2014-01-20 08:40:35Z, License: CC BY-SA 3.0) Jan 20, 2014 at 8:40        (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.)  |  (Expand to show all comments on this post) Show 1 more comment            This answer is useful  (70:3:31e,16:3f71eebdfebec12d,10:1745519204,16:2e13b320be4d9add,8:70441922,45f2512e5c4c34b3641f2a6947bfe12ca81ba154b2554b6ffb398b4037b9e1b1) 2  (This answer is not useful)    (70:3:31e,16:4da1e9612316c8c4,10:1745519204,16:e7e607a767197669,8:70441922,31fdae5cc77b3bfefbc50712933d04f67931f9a71ef33329b305203a05443754)      Save this answer.  (Loading when this answer was accepted…)     (/posts/70441922/timeline)    Show activity on this post.    If you'd like to create multiple OpenWRT Luci users with varying access, you can following these steps: Create a (https://openwrt.org/docs/guide-user/security/secure.access) local user account  (https://forum.openwrt.org/t/solved-luci-add-support-user-in-addition-to-root/17402/3) Add the user to the RCP configuration and define access level  See sample excerpt from /etc/config/rpcd config below: config login                     
        option username 'adminuser' option password '$p$adminuser' list read '*' list write '*' config login                     
        option username 'readonlyuser' option password '$p$readonlyuser' list read '*'   This also works if you're obtaining an authentication token for (https://github.com/openwrt/luci/wiki/JsonRpcHowTo) JSON-RPC calls to Luci.   (/a/70441922) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/70441922/edit) () Improve this answer  Follow (70:3:31e,16:4518f72d7b68d2f9,10:1745519204,16:6aa342ee310764d5,8:70441922,3fbb48a12a986444509131ca9d7b14db4408d0268d18e608b8f4b4c3fa46cee1)  Follow this answer to receive notifications       answered (2021-12-21 21:44:58Z) Dec 21, 2021 at 21:44   (/users/14199280/empiric53) (empiric53's user avatar)    (/users/14199280/empiric53) empiric53 empiric53 (reputation score) 21 (3 bronze badges)  3  3 bronze badges        1   Any idea how to further limit read access e.g. to specific values? – (/users/1608594/carbolymer) (1,652 reputation) carbolymer  Commented (2022-01-03 12:01:42Z, License: CC BY-SA 4.0) Jan 3, 2022 at 12:01        (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)       (18377138) (false) () (0) Your Answer  (True)                                                    Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question . Provide details and share your research!  But avoid … Asking for help, clarification, or responding to other answers. Making statements based on opinion; back them up with references or personal experience.  To learn more, see our (/help/how-to-answer) tips on writing great answers .      Draft saved Draft discarded  (45fdb50b82cf09e3c22aa1697ef5a8ee0b8a220472cd062937b14b656f99cff0)   Sign up or (/users/login?ssrc=question_page&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f18377138%2fopenwrt-luci-how-to-implement-limited-user-access%23new-answer) log in       Sign up using Google     Sign up using Email and Password   (false) (false) Submit Post as a guest Name () ()    Email Required, but never shown   () ()       Post as a guest Name () ()     Email Required, but never shown   () ()       Post Your Answer  Discard  By clicking “Post Your Answer”, you agree to our (https://stackoverflow.com/legal/terms-of-service/public) terms of service and acknowledge you have read our (https://stackoverflow.com/legal/privacy-policy) privacy policy .(1)     Start asking to get answers Find the answer to your question by asking. (/questions/ask) Ask question   Explore related questions (/questions/tagged/authentication) (show questions tagged 'authentication') authentication  (/questions/tagged/lua) (show questions tagged 'lua') lua  (/questions/tagged/openwrt) (show questions tagged 'openwrt') openwrt    See similar questions with these tags.      The Overflow Blog      (https://stackoverflow.blog/2025/04/22/visually-orchestrating-data-diagnostics-but-platform-agnostic/?cb=1) Visually orchestrating data diagnostics but platform agnostic       (https://stackoverflow.blog/2025/04/23/community-products-roadmap-update-april-2025/?cb=1) Community Products roadmap update, April 2025   Featured on Meta  (Meta Stack Exchange)   (https://meta.stackexchange.com/questions/408408/results-of-the-march-2025-community-asks-sprint?cb=1) Results of the March 2025 Community Asks Sprint   (Meta Stack Exchange)   (https://meta.stackexchange.com/questions/408476/upcoming-initiatives-on-stack-overflow-and-across-the-stack-exchange-network-a?cb=1) (Upcoming initiatives on Stack Overflow and across the Stack Exchange network - April 2025) Upcoming initiatives on Stack Overflow and across the Stack Exchange network...   (Meta Stack Overflow)   (https://meta.stackoverflow.com/questions/421831/policy-generative-ai-e-g-chatgpt-is-banned?cb=1) Policy: Generative AI (e.g., ChatGPT) is banned   (Meta Stack Overflow)   (https://meta.stackoverflow.com/questions/433641/what-we-learned-about-follow-up-questions-and-whats-next?cb=1) What We Learned About Follow-up Questions and What's Next            Related (https://stackoverflow.com/q/4552495?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/4552495/asp-net-open-ldap-role-based-security?rq=3) ASP.NET, Open LDAP role based security  (https://stackoverflow.com/q/11492674?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/11492674/how-to-implement-authentication?rq=3) How to implement authentication?  (https://stackoverflow.com/q/24364435?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/24364435/spring-ldap-authentication-with-multiple-user-ou-and-multiple-access-cns?rq=3) Spring LDAP authentication with multiple user OU and multiple access CNs  (https://stackoverflow.com/q/26262418?rq=3) (Question score (upvotes - downvotes)) 2  (https://stackoverflow.com/questions/26262418/openwrt-basic-auth-system?rq=3) openWRT basic auth system  (https://stackoverflow.com/q/32391165?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/32391165/openwrt-admin-control-programmatically?rq=3) openWRT: admin control programmatically  (https://stackoverflow.com/q/43967445?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/43967445/luci-openwrt-a-simple-client-mode-setup?rq=3) Luci (OpenWRT) - A Simple Client Mode Setup  (https://stackoverflow.com/q/44558971?rq=3) (Question score (upvotes - downvotes)) 1  (https://stackoverflow.com/questions/44558971/uci-lua-script-how-to-edit-firewall-rule?rq=3) UCI. Lua script. How to edit firewall rule  (https://stackoverflow.com/q/58535075?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/58535075/how-to-perform-basic-auth-in-lua?rq=3) How to perform basic Auth in Lua  (https://stackoverflow.com/q/66104924?rq=3) (Question score (upvotes - downvotes)) 2  (https://stackoverflow.com/questions/66104924/can-not-log-into-openwrt-web-interface-with-correct-password?rq=3) Can not log into OpenWRT web interface with correct password    (https://stackexchange.com/questions?tab=hot) Hot Network Questions   (English Language & Usage Stack Exchange)  (https://english.stackexchange.com/questions/631002/if-sentences-that-do-not-indicate-causality) If-sentences that do not indicate causality   (Ask Different)  (https://apple.stackexchange.com/questions/479680/why-do-usr-bin-gcc-usr-bin-g-usr-bin-clang-usr-bin-python3-usr-bin-gi) Why do /usr/bin/gcc, /usr/bin/g++, /usr/bin/clang, /usr/bin/python3, /usr/bin/git, and other 71 files have the same inode number?   (Unix & Linux Stack Exchange)  (https://unix.stackexchange.com/questions/794116/why-does-cd-succeed-in-bash) Why does cd '' succeed in bash?   (Mathematica Stack Exchange)  (https://mathematica.stackexchange.com/questions/312326/solution-for-5d-integral-in-unit-hypercube) Solution for 5D integral in unit hypercube   (Mi Yodeya)  (https://judaism.stackexchange.com/questions/149074/pursuit-of-truth-as-a-value-in-torah) Pursuit of truth as a value in Torah   (WordPress Development Stack Exchange)  (https://wordpress.stackexchange.com/questions/428975/m-in-pre-do-shortcode-tag) $m in pre_do_shortcode_tag   (Philosophy Stack Exchange)  (https://philosophy.stackexchange.com/questions/124435/when-proving-a-conclusion-of-the-form-p-v-q-we-only-have-to-prove-a-single-disj) When proving a conclusion of the form P v Q, we only have to prove a single disjunct. Is that a slight abuse of syntax and exactness required of proof   (Literature Stack Exchange)  (https://literature.stackexchange.com/questions/29146/unarmed-if-any-meet-her-in-emily-dickinsons-the-past-is-such-a-curious-creat) "Unarmed if any meet her" in Emily Dickinson's "The Past is such a curious Creature"   (Chemistry Stack Exchange)  (https://chemistry.stackexchange.com/questions/188472/how-to-obtain-cyclopentane-from-1-4-pentadiene) How to obtain cyclopentane from 1,4-pentadiene?   (Aviation Stack Exchange)  (https://aviation.stackexchange.com/questions/108433/looking-to-understand-the-physics-of-heading-change-with-roll) Looking to understand the physics of heading change with roll   (TeX - LaTeX Stack Exchange)  (https://tex.stackexchange.com/questions/741418/how-to-resolve-a-strange-breaking-in-tcolorbox) How to resolve a strange breaking in tcolorbox   (Physics Stack Exchange)  (https://physics.stackexchange.com/questions/848248/if-an-object-falls-without-friction-in-a-gravitational-field-is-the-average-spe) If an object falls without friction in a gravitational field, is the average speed independent of the path taken?   (Electrical Engineering Stack Exchange)  (https://electronics.stackexchange.com/questions/744582/why-should-we-avoid-extremely-large-resistance-values-in-the-feedback-circuit) Why should we avoid extremely large resistance values in the feedback circuit?   (Christianity Stack Exchange)  (https://christianity.stackexchange.com/questions/106020/how-are-languages-managed-during-the-conclave) How are languages managed during the conclave?   (Science Fiction & Fantasy Stack Exchange)  (https://scifi.stackexchange.com/questions/296169/a-very-old-short-story-about-a-computer-similar-to-asimovs-multivac-but-not-by) A very old short story about a computer similar to Asimov's Multivac, but not by Asimov   (Puzzling Stack Exchange)  (https://puzzling.stackexchange.com/questions/131605/fill-the-circles-so-that-the-sum-of-the-three-numbers-along-each-of-the-ten-line) Fill the circles so that the sum of the three numbers along each of the ten lines is the same.   (Mathematics Stack Exchange)  (https://math.stackexchange.com/questions/5059034/why-is-the-wot-limit-of-alternating-projections-a-projection-in-uniformly-convex) Why is the WOT-limit of alternating projections a projection in uniformly convex Banach spaces?   (Electrical Engineering Stack Exchange)  (https://electronics.stackexchange.com/questions/744602/what-is-the-switch-mode-equivalent-of-a-center-tap-common-dual-rail-linear-power) What is the switch mode equivalent of a center tap common dual rail linear power supply?   (Arqade)  (https://gaming.stackexchange.com/questions/411951/is-there-a-quick-way-to-unlock-songs) Is there a quick way to unlock songs?   (Science Fiction & Fantasy Stack Exchange)  (https://scifi.stackexchange.com/questions/296184/which-robert-a-heinlein-juvies-were-serialized) Which Robert A. Heinlein juvies were serialized?   (Science Fiction & Fantasy Stack Exchange)  (https://scifi.stackexchange.com/questions/296191/a-man-leaves-a-womans-uploaded-consciousness-alone-for-1000-years-to-wipe-it-an) A man leaves a woman's uploaded consciousness alone for 1000 years to wipe it and make a personal assistant   (Aviation Stack Exchange)  (https://aviation.stackexchange.com/questions/108446/what-exactly-is-the-inlet-cooling-arrangement-for-the-robinson-r22-helicopter) What exactly is the inlet/cooling arrangement for the Robinson R22 helicopter   (Movies & TV Stack Exchange)  (https://movies.stackexchange.com/questions/125165/comedy-about-super-addictive-brand-of-beer) Comedy about super-addictive brand of beer   (Electrical Engineering Stack Exchange)  (https://electronics.stackexchange.com/questions/744615/convert-0-3-3-v-pwm-of-esp32-s3-mini-to-0-10-v-to-control-vfd-by-using-lm358-opa) Convert 0-3.3 V PWM of ESP32 S3 mini to 0-10 V to control VFD by using LM358 opamp     (/feeds/question/18377138) (Feed of this question and its answers)   Question feed   Subscribe to RSS  Question feed To subscribe to this RSS feed, copy and paste this URL into your RSS reader.   (https://stackoverflow.com/feeds/question/18377138)            ()   lang-lua    (https://stackoverflow.com)      (https://stackoverflow.com) Stack Overflow  (/questions) Questions  (/help) Help  (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) Chat    (https://stackoverflow.co/) Products  (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=teams) Teams  (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=advertising) Advertising  (https://stackoverflow.co/advertising/employer-branding/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=talent) Talent    (https://stackoverflow.co/) Company  (https://stackoverflow.co/) About  (https://stackoverflow.co/company/press/) Press  (https://stackoverflow.co/company/work-here/) Work Here  (https://stackoverflow.com/legal) Legal  (https://stackoverflow.com/legal/privacy-policy) Privacy Policy  (https://stackoverflow.com/legal/terms-of-service/public) Terms of Service  (/contact) Contact Us  Your Privacy Choices     (https://stackoverflow.com/legal/cookie-policy) Cookie Policy    (https://stackexchange.com) Stack Exchange Network  (https://stackexchange.com/sites#technology) Technology   (https://stackexchange.com/sites#culturerecreation) Culture & recreation   (https://stackexchange.com/sites#lifearts) Life & arts   (https://stackexchange.com/sites#science) Science   (https://stackexchange.com/sites#professional) Professional   (https://stackexchange.com/sites#business) Business   (https://api.stackexchange.com/) API   (https://data.stackexchange.com/) Data       (https://stackoverflow.blog?blb=1) Blog  (https://www.facebook.com/officialstackoverflow/) Facebook  (https://twitter.com/stackoverflow) Twitter  (https://linkedin.com/company/stack-overflow) LinkedIn  (https://www.instagram.com/thestackoverflow) Instagram   Site design / logo © 2025 Stack Exchange Inc;  user contributions licensed under  (https://stackoverflow.com/help/licensing) CC BY-SA .  rev 2025.4.24.25566