Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limited privileged user in WEB-GUI #485

Open
olewsaa opened this issue Jan 28, 2020 · 4 comments
Open

Limited privileged user in WEB-GUI #485

olewsaa opened this issue Jan 28, 2020 · 4 comments
Labels
feature request

Comments

@olewsaa
Copy link

olewsaa commented Jan 28, 2020

Request for enhancement
Add a user in addition to admin, with access only to scan and select remote base station for wlan1 client when using wlan1 as a client and wlan0 & eth0 as servers. I am using the access point in a boat where crew want to be able to login on and scan and set the remote shore station. Giving full access with the admin account might break current manual setup. Hence limit the access to only selecting hot-spot ashore and entering password the it is a desired feature.

Your environment

  • Raspberry Pi hardware Pi 3 Model B+
  • Raspbian version is Buster Desktop
  • Followed the project prerequisites? Yes
  • Checked the project FAQ? Yes
  • RaspAP Quick Install ? Quick install
  • Using default configuration? No, some manual steps to make wlan1 (long-range USB antenna) as client and wlan0 and eth0 as server.
  • Simultaneous AP and managed mode? No.
  • Onboard wireless chipset or external adapter? Both, wlan1 as client, wlan0 and eth0 as server.
  • Other software or services running with RaspAP? None

Steps to reproduce
No steps are needed to include a limited privileged user. My setup is found at:
https://sites.google.com/site/olewsaa/yacht-server/raspberry-pi-as-a-router-gateway and
https://github.com/olewsaa/Yacht-computer/tree/master/wifi2wifi/web-version
It works very well, with the exception that any crew member logged in a admin can overwrite the configuration and trigger a tedious manual reconfiguration.

Expected behavior
The user login should only be allowed to do "scan" and select client connection and enter password for remote hot-spot.

Actual behavior
Currently admin user can change anything and hence overwrite the config files added manually to set the access point to the desired setting.
@billz
Copy link
Member

billz commented Jan 28, 2020

Very interesting use case! From your description, enabling monitor mode could be an alternate solution. This allows all configuration actions of a wireless client (scan, update, connect, delete) but restricts the ability to administer any other services.

@olewsaa
Copy link
Author

olewsaa commented Jan 29, 2020

I am happy that you liked the use case, the commercial redbox does this a few other things, but is quite costly. I wanted something similar with a nice web interface. It seems that I have found a nice alternative.

I have done some testing and it seems to limit the web-gui by removing the save buttons. This is just fine for my usage. Hopefully the crew will not manage to break the settings now. I still think that two users admin and user should be implemented in the web-gui, but this is just a minor issue now.

@billz
Copy link
Member

billz commented Jan 30, 2020

I agree that there's a valid case for a user role with limited privileges. Will work this into a future update, thanks.

@billz billz pinned this issue Nov 27, 2021
@billz billz unpinned this issue Mar 19, 2023
@billz
Copy link
Member

billz commented Oct 4, 2023

The RaspAP/Auth class #1393 could be extended to include a limited privilege user.
Initially, when this user is logged in RaspAP would function in monitor mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@billz @olewsaa