How do I create a new user?

Question

Are there any security implications for creating (or not creating) a new user?

If need be, how do I create a new user or change the default user?

Answer 1

Debian

The official Debian image ships with at least 2 users, root and pi. You will only be able to login to the pi account.

How do I change pi's password?

At the very least, you should change the password for the pi account, as anybody with a RPi will be able to log onto yours. To do this, run passwd from the command line and follow the prompts.

How do I change pi's username?

If, like me, you want to use your own name, you want to use usermod like this:

usermod -l newname -d newname -m oldname

There are more options for usermod, which can be found by running man usermod.

Should I set a password for root?

Debian's root does not have a password and is inactive - you cannot login to it or su to root. You should not change this, as it is a security risk and sudo is more secure.

So, are my files secure once I change the password?

Don't be too relaxed with your RPi's security though, the filesystem is not encrypted, by default, and therefore, anyone with physical access can just remove the SD card and read it using another machine.

Related questions

• Why do I have to sudo?

Answer 2

Arch

A fresh Arch install ships with only the root user available. Thus you should definitely be creating a new user, as spending too much time as root is dangerous. In addition, you should also change the root password, as leaving as default is a major security risk.

Changing the root password

The password can be changed when logged in as root by running the passwd command.

# passwd
Changing password for root.
(current) UNIX password: 
Enter new UNIX password:
Retype new UNIX password:

Adding a new user

A new user can be created with the adduser or useradd commands. adduser is probably easiest, the only required field is the name (you can skip the others by pressing enter):

# adduser
Login name for new user []: 

You will be prompted for a new password for the account when it is created.

sudo

If you prefer, you can use sudo, in a similar way to Debian users.

Installation

To install sudo, run

pacman -S sudo

as root.

Use

To allow a user to use sudo they need to be added to the sudoers file. This can be done in two ways.

• Add the user to the wheel group using usermod and uncomment this line in the sudoers file:

  %wheel ALL=(ALL) ALL
  

• or add the user directly to the sudoers file:

  username ALL=(ALL) ALL
  

NOTE You should never edit the sudoers file with Vim, Emacs, etc. You should always edit it via visudo. This prevents you from messing up the syntax and rendering sudo unusable for you.

Disable Root

If you want to you can effectively disable the root account by running this command as root:

# passwd --lock

This option disables a password by changing it to a value which matches no possible encrypted value.

This shouldn't really be necessary if you have a strong root password and have root access through SSH disabled.

Answer 3

Extra trick on raspbian with usermod

usermod command won't run if there are any processes of the to-be-changed user running on the machine when the command is run.

If your on console of the pi there is a way to get around this without having to make another user (or set a pw on root):

Assuming nothing else is running with your username other then the shell on the console - no X session, no ssh login, etc:

exec sudo -s
cd /
usermod -l newname -d /home/newname -m oldname

The reason this works:

• sudo -s tells sudo that instead of just running on command as another user that it should run new shell as the given user
• exec tells the shell that instead of spawning off a new process when it runs a command (hence leaving the shell process running as the login user) that the shell should overwrite itself with the new process - this means that when exec ed command ends the shell is gone - in the case of a login shell that equates to disconnecting from the login
• the cd / is optional. At minimum, things get a bit confusing if you move a dir your in (your login starts out sitting in the user pi home dir) but sometimes will cause a fail, better safe then sorry.

Therefor with exec sudo -s your overwriting your shell with a new shell that has been created as a different user.

P.S. be sure to give usermod -d a full path or you'll end up moving the account's home to somewhere you don't expect (and have a bogus directory entry in passwd)

Answer 4

To add a new user in raspbian:

sudo useradd -m -G pi,sudo,gpio,audio,video steve

Then:

sudo passwd steve

Explaination:

-m - Create a new home directory

-G group1,group2,group3 - Add the user to these groups, don't add sudo if you don't want the user to have sudo privileges.

steve - Name of new user

passwd - Linux requires a password to login, so set password.

Answer 5

I have been reading a bunch of how tos on this, but the easiest is also the simplest

Login as pi,

To add new user:

 sudo adduser john

After successful creation, add john to sudoers group

 sudo usermod john -g sudo

Logout:

logout

Login as john

Update package lists:

 sudo apt-get update

If it works, you're done...