After some experimentation with the RaspAP, I decided to write up a simple web interface for it so that when hostapd started broadcasting, I could use a simple web page rather than ssh to control the wifi and hostapd on the Raspberry Pi. The distribution I used was Raspbian Server Edition once again.
I started off by installing lighttpd and php5
apt-get install lighttpd php5-cgi
After that, I enabled php for lighttpd and restarted it for the settings to take effect.
sudo lighty-enable-mod fastcgi-php
Now, comes the fun part.
For security reasons, the www-data user which lighttpd runs under is not allowed to start or stop daemons, or run commands like ifdown and ifup, all of which I wanted my page to do.
So what I have done, is added the www-data user to the sudoers file, but with restrictions on what commands the user can run.
The line appears in /etc/sudoers like this -
www-data ALL=(ALL) NOPASSWD:/sbin/ifdown wlan0,/sbin/ifup wlan0,/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf,/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf,/sbin/wpa_cli scan_results,/sbin/wpa_cli scan,/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf,/etc/init.d/hostapd start,/etc/init.d/hostapd stop,/etc/init.d/dnsmasq start,/etc/init.d/dnsmasq stop,/bin/cp /tmp/dhcpddata /etc/dnsmasq.conf
Notice I’ve restricted the www-data user to only be able to run the exact commands in the sudoers file
This means that the www-data can only take down, bring up, and show the configuration of wlan0 for example.
After the sudoers file has been modified, the script can now do what it needs to do.
I have a very very rough version written up so far, but it’s not available to download yet.
Here are some screenshots of what it’ll be able to do though !
I’m in the process of prettying up the GUI but in the meantime, this is functional enough
I’ll get the demo up and running soon enough too !
I have released the PHP files for this – Please check this post for details.