From 84dc44d944e8dc12ed7542336ad96dc52d694757 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Sat, 2 Dec 2023 14:00:34 +0000
Subject: [PATCH] Add restricted wpa_cli commands to sudoers

---
 installers/raspap.sudoers | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/installers/raspap.sudoers b/installers/raspap.sudoers
index 3d625542..a1ce4002 100644
--- a/installers/raspap.sudoers
+++ b/installers/raspap.sudoers
@@ -9,7 +9,11 @@ www-data ALL=(ALL) NOPASSWD:/bin/rm /var/run/wpa_supplicant/wl*
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* scan_results
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* scan
 www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* reconfigure
-www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* select_network *
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* add_network
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i enable_network [0-9]
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* select_network [0-9]
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* set_network [0-9] *
+www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wl* remove_network [0-9]
 www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
 www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service