| User Management | ||
|---|---|---|
 |
Chapter 7. Administrator tasks for the Raspberry PI OS |  |
| User Management | ||
|---|---|---|
| |
Chapter 7. Administrator tasks for the Raspberry PI OS | |
In the past the Raspberry user name was pi and and often used with the default password. This is easy to remember but the opposite of being secure. Fortunately newer Raspberry OS versions ask for a user name and password during installation.
For old Raspberry installations just delete the user pi when having a new user that is capable of using the sudo command. Use the user pi to setup permission for the new user
Be aware that changing users uid is not possible while being connected via ssh and logged in as the user being changed. In worst case a temporary user needs to be created or monitor and keyboard be attached to the raspberry.
The following shows how to remove the pi user from an old Raspberry installation:
Groups must exist before a user can be assigned to the group. To create a group sudo groupadd -g <gid><groupname>
sudo adduser --uid <uid> --gid <gid><username> creates a new user and files from /etc/skel are copied over to the new /home/ directory. -u and -g are optional but it is wise to assign to the
<username><username>
the same numeric values uid and gid among different raspberry devices, this makes networking much easier. The user create during stetting up Raspberry OS will get uid and gid 1000.
lslogins -u shows the logins on the system
getent passwd <username> to see its password entry, x is there for historical reasons to tell that the password is encrypted and just a password salted hash is in /etc/shadow
groups <username> shows what groups the user belongs
groups pi shows what groups pi belongs
To do the same as pi copy all groups of pi to the following command
sudo usermod <username> -a -G pi,adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,render,netdev,spi,i2c,gpio
To work with sudo as pi (do not use a regular editor since mistyping could end up in troubles)
sudo cp /etc/sudoers.d/010_pi-nopasswd /etc/sudoers.d/010_<username>-nopasswd and then
sudo visudo -f /etc/sudoers.d/010_<username>-nopasswd replace pi with <username> inside the new copy. Run also sudo visudo -cf /etc/sudoers.d/010_<username>-nopasswd to thest its syntax.
Use visudo as editor since it checks the syntax, do not use a standard editor
If very sure pi is no more needed and other users can do sudo, pi can be removed.
sudo deluser --remove-home pi to delete a user and its home directory,
It might be necessary to remove the pi group before
sudo usermod -g users pi to not use the pi primary group anymore
sudo groupdel pi
| |
|
|
| Debian Repositories |
|
vcgencmd |
