0

I'm working on an industrial application for the Pi, and for that we need to, of course, change the username. I don't want to do this manually everytime, so I want to use a script. So far I have written a script for writing the image to the SD card and an install script that installs all the right dependencies, repositories etc. Now I have had good results changing the username manually based on the answer of Mike Lutz in this question, which states

exec sudo -s
cd /
usermod -l newname -d /home/newname -m oldname

unfortunately, this does not work if you want to use it in a script, because the script will still be running on your old username, and therefor the username can't be changed.

So what I have resorted to now, is in the imaging to SD card script, I have written the following:

NEWNAME=pareto
boot_path=/media/pareto/pi_boot
filesystem_path=/media/pareto/pi_filesystem

#check for mounted sd card => unmount
echo "Unmounting SD card"
sudo umount /dev/mmcblk0p1
sudo umount /dev/mmcblk0p2

# mount SD card partitions to the right folders 
echo "Mounting SD card partitions"
sudo mount -t vfat /dev/mmcblk0p1 $boot_path
sudo mount -t ext4 /dev/mmcblk0p2 $filesystem_path

# replace username 'pi' with '$NEWNAME'
echo "Replacing all instances of user 'pi' with '$NEWNAME'"
for i in passwd shadow group gshadow sudoers; do
sudo sed -i "s/:pi/:$NEWNAME/g" $filesystem_path/etc/$i
sudo sed -i "s/^pi:/$NEWNAME:/g" $filesystem_path/etc/$i
sudo sed -i "s/\/pi:/\/$NEWNAME:/g" $filesystem_path/etc/$i
done

# change the home folders name to correspond with $NEWNAME 
sudo mv $filesystem_path/home/pi $filesystem_path/home/$NEWNAME

So far it seems to work, but it feels very dirty. Is there a better way to change the username from a script (either via SSH/UART console) and if not, am I missing some important files I should change as well?

F. Pareto
  • 191
  • 1
  • 5
  • 1
    You say "and for that we need to, of course, change the username". There is no of course about it. What do you actually hope to achieve that can't be done by more conventional means? – Milliways May 05 '17 at 08:02
  • 2
    If you insist on doing this why not create a new user with the same permissions as presumably the Pi user (that you want to change) then delete/lockout the pi user. You may also want to look at config management tools that make this easier (e.g. puppet, chef, ansible). – Steve Robillard May 05 '17 at 08:04
  • @Milliways, good point. The reason to change the username is for security (changing only the password while leaving the standard username makes it slightly easier to break into) but also because we just want it to be called our product's name. SteveRobillard, I thought about this but then I would still be unable to delete the pi user using the same script. Thanks for the recommendation, I will look into them. – F. Pareto May 05 '17 at 08:17
  • It sounds like the real problem here is your insistence that everything be done using "the same script". Anyway, the question would be more appropriate to our larger sibling site Unix & Linux. – goldilocks May 05 '17 at 11:08
  • @goldilocks okay let's forget about using "the same script". With ease of setup in mind how would you go about doing this? I want to minimize input from humans to minimize mistakes after programming the 100th in a row. – F. Pareto May 05 '17 at 11:58
  • I.e., 1) You want to figure out how you can do _____ by any means, then 2) Figure out how to automate that. I think you already have #1. WRT #2, automation does not mean being limited to "the same script". The reason this is a bad fit here is because the fine print caveats of changing a username are relatively obscure, because it is not a common task -> – goldilocks May 05 '17 at 12:23
  • -> I dunno whether the problem is because the user needs to log in again, or it is just WRT the current process. It would not take me long to figure that out, of course, but neither I nor most other people are going to bother in order to solve someone else's online problem. So you either need the attention of people who do know this already, meaning a bigger pool of linux expertise (e.g., U&L), or you need to figure it out yourself and explain it explicitly -- "the user needs to log in again", or, "a new process needs to be started". In which case you have a big clue about #2 above. – goldilocks May 05 '17 at 12:23
  • Worth observing that man usermod notes, "You must make certain that the named user is not executing any processes when this command is being executed if the user's numerical user ID, the user's name, or the user's home directory is being changed." I agree w/ Steve, BTW. Further it sounds to me like what you are doing should be run as a root process. Since sudo pi has superpowers on Raspbian anyway, this would hardly be a greater risk (if that's the objection in the first place -- I dunno why you want to configure the system using a user account). – goldilocks May 05 '17 at 12:28

1 Answers1

2

If I wanted to do this (and I still think it is futile - pi is just a text label for user 1000, and the number can be used in many contexts), I wouldn't do it on a working system.

AFAIK the string pi only appears in 3 places; /etc/passwd, /etc/group and a directory in /home. I would just edit in the appropriate files on a mounted image. (I haven't actually done this so it may need testing.)

Milliways
  • 59,890
  • 31
  • 101
  • 209
  • I generally edit those manually to set up my username. One thing to ensure is that you use the same password for the pi and new user during the transition, otherwise the password hash is wrong which causes problems. – joan May 05 '17 at 08:29
  • It also appears in the /etc/sudoers file, though that may not matter as long as you keep the group memebership the same. – Steve Robillard May 05 '17 at 08:55
  • Are you implying that people would be able to log in using the UID? Otherwise, I don't see how that is an argument for it's futility, especially when one of the stated reasons is: "we just like how it looks".

    Maybe it's just me but your answer comes across a bit.. strange. I'm sure you mean well, but first you tell me that what I want to do is futile (unnecessary and not true), and then you proceed to say the string pi is in only 3 places when my code shows you there are at least 2 more. For the rest you are proposing the exact thing I'm proposing... Am I missing something?

     – F. Pareto May 05 '17 at 09:24
  • @F.Pareto I never said it was "not true". You DID NOT say you wanted to change for reasons of vanity in your question, only and for that "we need to, of course, change the username". I actually said "AFAIK the string pi only appears in 3 places", and NO you were asking a question about the problems of changing on a working OS - I suggested a change on an image, where you can do anything without restriction. – Milliways May 05 '17 at 09:48
  • @F.Pareto I do not believe you can login with a numeric ID, but very many GNU/Linux commands (e.g. chown chmod) do permit this. If, as it appears, in your comments you stated you wanted to make a custom image, rather than each being individual, I would have suggested that you actually made a custom image. – Milliways May 05 '17 at 09:53
  • @SteveRobillard It is not in my /etc/sudoers file and standard Raspbian has a group sudo which perform a similar function, but other Linux distributions do this differently, or don't have sudo as a default. – Milliways May 05 '17 at 10:01
  • @Milliways aha there was some miscommunication then. I took "I still think" in your answer as an indication that you read my comment with extra info. Moreover I asked about changing the username, either on a working OS or (what I'm currently doing) via a mounted image. It appears I did not communicate that clearly enough. Thank you for taking the time to elaborate your answer. – F. Pareto May 05 '17 at 11:10