Follow by Email

Blog Archive

Search This Blog

Raspberry Pi user setup

Raspberry Pi user Setup Set up a new user Lock / Disable user and delete Change user and root password
Share it:
Raspberry Pi user setup

Raspberry Pi Set up a new user
Depending on the Linux distribution, the user setup looks a bit different. In a freshly installed Linux, there is usually only "root", if not a user-defined user was added during the installation.

If you have an image of Raspbian written on an SD card, then there is a default user named "pi" and the password "raspberry". This has the advantage that you can get started right away and not have to set up any users.

Other distributions have similar default users. For most, there is only one user "root". The user "root" is very good at administering a system because it requires extensive permissions, which usually only the user "root" has.

However, if you are working normally with a system, you should do this more with a normal user who is limited in his permissions. If the distribution does not provide such a default user, then you have to set this up. Of course it is also possible to set up an additional user.
  • Set up a new user.
  • Assign users to other user groups.
  • Test the new user.
Root privileges
It is recommended to work with root privileges.
sudo -i

You can return to the previous session with "exit".
Solution: Set up new user
Then we set up a user with home directory.
useradd -m {USERNAME}
Or we set up a user without a home directory.
useradd {USERNAME}
The home directory can also be created later.
usermod -d / home / {USERNAME}
A user who does not have a password can not log in. Therefore, we set up a password for the newly created user.
passwd {USERNAME}
The password must be entered "blind" and then confirmed. "Blind" means that no key is pressed. Also no asterisks or dots.

So that the user can work with the command line, we assign him a standard bash.
usermod -s / bin / bash {USERNAME}
Then we assign the new user the main group "users". It may be natural that the user can also have another main group.
usermod -g users {USERNAME}

Solution: Assign or remove users to other user groups
User groups have the advantage of being able to assign and revoke rights for a whole group of users. You can assign these rights to a user by adding them to the group or removing the rights by removing them from the group.
In this way, as an administrator you save a lot of effort when setting and revoking permissions for individual users.

Examples of adding users to user groups.
gpasswd -a {USERNAME} sudo
gpasswd -a {USERNAME} ssh
Check group membership of a user:
Examples of removing users to user groups.
gpasswd -d {USERNAME} sudo
gpasswd -d {USERNAME} ssh
Note: Group changes and the like are only active after logging in again. A reboot is not necessary.
Solution: Test user
If you have created a new user, then you would like to test it. Normally, it would be necessary to log out and log in with the new user. However, if you are connected to Raspberry Pi via SSH, then the new user, depending on the configuration, does not have this authorization. That means you would have to test it locally. In order to avoid this inconvenience, one goes a shorter way, in which one becomes by means of root rights to this user.
The command "su" stands for "Substitute User". With that you can make yourself any user, if you have root rights.
With "exit" you can return to the previous user.
Attention: An "exit" also terminates an SSH connection. This means that you should know if you have changed to another user via "su", otherwise you will end the connection.

Raspberry Pi set user interface
You want your Raspberry Pi (Raspbian Jessie) to boot from the command line, or you want the graphical interface to start automatically. 
Generally, you can set that with the tool "raspi-config". But it is only on the command line.

Let's see what is currently being started.
systemctl show
If the output in the first line gives "id =", then Raspberry Pi starts with the command line. If the output in the first line is "Id =", then Raspberry Pi starts with the graphical user interface.

Finish the ad with CTRL + C:

If the command line should be started:
sudo systemctl set-default
If the graphical user interface is to be started:
sudo systemctl set-default
After that a restart is necessary.
Raspberry Pi Lock / Disable user and delete
Deleting a user may cause one or the other to stop working as normal. In various places a user can be configured or preset. So it may be that, for example, entries in the "/ etc / crontab" or "sudoers" need to be changed. One is therefore forced to make extensive adjustments if necessary. Therefore, it should usually be enough to disable a user.

  • Lock or disable user.
  • Delete user.
Root privileges
It is recommended to work with root rights ..
sudo -i
You can return to the previous session with "exit".

Solution: lock / unlock user
If you just want to prevent the user from logging in, it will be enough to lock your password. That means he can not log in anymore.
usermod -L {USERNAME}
passwd -l {USERNAME}
For internal processes (also cron jobs) the user can continue to be used.

Solution: Delete user
If you definitely want to delete a user, then the following procedure is recommended. 
First you save the user directory of the respective user.

Before deleting, all processes that are still running under the user must be terminated.
killall -u {USERNAME}
Then you can really delete the user.
userdel -r {USERNAME}
Please note: There will be no return. You can set up the user again though. But that does not mean that he has the same rights and opportunities as before.

Raspberry Pi Change user and root password
Each standard installation has default users with default passwords. This must be the case so that the system administrator has the opportunity to gain access to the system during the first startup.

Because standard users and their associated default passwords are publicly documented, they pose a significant security risk. If default passwords are not changed, then an attacker with the known password can gain access to the system.

Therefore, after commissioning, the passwords of the standard users must be changed. For Raspberry Pi with Raspbian this is usually just "pi". The root user usually has no password on Raspbian.
  • Change the password of the user "pi".
  • Create password of the user "root".
  • Delete the password of the user "root".
Note: Passwords are stored in the bash history
If you change passwords via the command line, then the input is stored in plain text in the bash history on the hard disk via the keyboard. The bash history is located as a file in each user directory. 
To prevent the recording of a command only occasionally, start the command with a "space". The command is executed normally and the space is otherwise ignored.

Note: Saving and writing passwords
By the way, it's ok to write down passwords. The only question is where this documentation is kept. So not under the desk pad, but better in a lockable cabinet. 
By the way, ok is also a password manager. Although it is less beautiful that the access data are then in a single place. But that's still better than using the same, perhaps unsafe, password everywhere.

Solution: Change user password of "pi"
The configuration program "raspi-config" makes it possible to change the password of the user "pi" very easily and quickly.
sudo raspi-config
Alternatively it is possible to make the change via the command line, if you are logged in as user "pi". Note "spaces" at the beginning of the command.
Or if you want to change the password for another user. Note "spaces" at the beginning of the command.
sudo passwd {USERNAME}
"passwd" requires entering the old password and entering the new password twice. The new password will then be valid at the next login.

Solution: Create root password
First we switch to the user "root".
sudo -i
Now we have to set a password for "root".
The same procedure applies as with the user password. You can return to the previous session with "exit".
Solution: Delete root password
Since you can get root privileges in Raspbian at any time with the user "pi" with the command line suffix "sudo", you do not need a password for "root". Once you have set it up, you can delete it as follows.
sudo passwd -d root
Share it:

Raspberry Pi

Post A Comment: