User avatar
SyncBerry
Posts: 51
Joined: Sat Sep 21, 2019 11:13 am
Location: France (S-W)

[Resolved (nearly)] Change username

Tue Sep 24, 2019 11:39 am

In previous (now locked/obsolete) adduser discussions, RaTTuS said
RaTTuS wrote:
Tue Jul 24, 2012 7:40 am
...
ssh-keygen -t rsa
...
Nowadays, ssh-keygen -t ed25519 is recommended but it is not the default (rsa remains) for backwards compatibility reasons. This is of course obvious for the keep or change usename way when it come to create a ssh key.


Also, I like the change username way by happyharrysco1. I expected this in the end:
happyharrysco1 wrote:
Sun Jan 27, 2013 9:08 pm
...

Code: Select all

sudo passwd -d -l root
and you are done :)
After one night has elapsed, one question went to my mind: should we/would you also rm -rf /home/root (prefixed with sudo) to finish the cleanup (this folder doesn't exist out of the box)? <= NO: root's home is /root, not /home/root (DON'T remove as it contains some system wide config files that must remain here).
BTW, before running the full process, I wander why sudo <command> never asks a password in my Pi as on Ubuntu (something related to the -l option for passwd (see man and above) at the time of building the Raspbian distro? <=NO: see below).

And a last question: I recently read, maybe in a beginners tuto (I'm new to Pi & Raspbian), that changing usernane (pi to something else) would lead into some corner problems. I wander if any could develop on this. On my own I think to raspi-config GUIs (graphical text et full graphical modes as with my eyes I saw "pi" in them) which may be hard-coded in these tools. Please confirm and give other issues if ever any (I later met one, see below).

Best regards and thank you the RPF for this wonderful little board and hard'n soft brains in it.
Last edited by SyncBerry on Tue Oct 01, 2019 5:57 pm, edited 5 times in total.

bjtheone
Posts: 380
Joined: Mon May 20, 2019 11:28 pm
Location: The Frozen North (AKA Canada)

Re: Change username

Tue Sep 24, 2019 1:05 pm

Changing pi to something else is not a problem as long as your new user gets the same access rights as pi had. The easiest way is to just change "pi" to another name. There are a bunch of ways to do it. Here is a decent write up:

https://raspberrypi.stackexchange.com/q ... t-username

There may be legacy scripts that assume the only user is "pi". Lots of examples reference user "pi" however your new username will work fine as long as you have the same access privileges. Remember Linux is a multiuser system, and different users have very different privileges.

I would strongly suggest that at a minimum you require a password for sudo. Blocking root logins is also a good idea.

User avatar
SyncBerry
Posts: 51
Joined: Sat Sep 21, 2019 11:13 am
Location: France (S-W)

Re: Change username

Tue Sep 24, 2019 1:23 pm

Many thanks for your reply bjtheone
My Pi is headless so I can't test root local loggin. ATM I tryied ssh login but as don't know the root password it fails. I have to dig a bit more to clarify root permissions (local/remote) on raspbian OOTB.
Maybe the simple fact that root hasn't a password OOTB would prevent local login and prevents ssh login (or in this last case is it sshd config that prevents this).

Is "no-password-sudo" intended in Raspbian ? Is it related to "no-password-root" ? Where do we set this ?
Sorry if these are question yet covered by official documentation, I read a huge part before I jump, so maybe I missed or forgot answers.

I find I can sudo su to become root. echo $USER confirms. Again no password required !

User avatar
SyncBerry
Posts: 51
Joined: Sat Sep 21, 2019 11:13 am
Location: France (S-W)

Re: Change username

Mon Sep 30, 2019 8:53 pm

Feedback of one week to dig around:
For those who want classical security, i.e. root user has no password AND sudoers* are prompted for their password when running sudo anycommand):
Update this file where pi user is ~hardcoded~, so that it reads :

Code: Select all

sudo su
cd /etc/sudoers.d
mv 010_pi_nopassword 010_myuser
nano /etc/sudoers.d/010_myuser

#pi ALL=(ALL) NOPASSWD: ALL
myuser ALL=(ALL) PASSWD: ALL

Ctrl+O then Enter then Ctrl+X then
exit
Then you'll need to update in the same manner another file where pi user was hardcoded:
/etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf

Code: Select all

[Configuration]
#AdminIdentities=unix-user:pi;unix-user:0
AdminIdentities=unix-user:myuser;unix-user:0
This way, some OOTB graphical apps (e.g. PackageKit aka Add / Remove Software) will work as intended, i.e. prompt user password for priviledged operations, instead of requiring only the root's password that doesn't exist, so doesn't work.


* in fact these 2 patches only workaround the single myuser user. Raspbian seems to best run as a single admin OS.

[TODO] : update official documentation

User avatar
SyncBerry
Posts: 51
Joined: Sat Sep 21, 2019 11:13 am
Location: France (S-W)

Re: [Resolved (nearly)] Change username

Tue Oct 01, 2019 6:01 pm

[EDIT] : I tried to install gufw from Add /Remove Software: it failed. I had to do it from command line. Maybe an other corner case of changing username. Although, I succeeded to install baobab with this tool.

Return to “Beginners”