hardware31
Posts: 19
Joined: Tue Oct 15, 2013 11:39 pm

Change your default password.

Tue Sep 19, 2017 11:18 pm

Is there any command I can perform after performing these steps to see if I have done it the right way?
is there any way to confirm if I have successfully performed the changes
Thanks for listening.


Change your default password

The default username and password is used for every single Raspberry Pi running Raspbian. So, if you can get access to a Raspberry Pi, and these settings have not been changed, you have root access to that Raspberry Pi.

So the first thing to do is change the password. This can be done via the raspi-config application, or from the command line.

sudo raspi-config

Select option 2, and follow the instructions to change the password.

In fact, all raspi-config does is start up the command line passwd application, which you can do from the command line. Simply type in your new password and confirm it.

passwd

Changing your username

You can, of course, make your Raspberry Pi even more secure by also changing your username. All Raspberry Pis come with the default username pi, so changing this will immediately make your Raspberry Pi more secure.

To add a new user with the same permissions as the pi user:

sudo useradd -m fred -G sudo

This adds a new user called fred, creates a home folder, and adds the user to the sudo group. You now need to set a password for the new user:

sudo passwd fred

Log out and log back with the new account details. Check your permissions are in place (i.e. you can sudo) by trying the following.

sudo visudo

The visudo command can only be run by an account with sudo privileges. If it runs successfully, then you can be sure that the new account is in the sudo group.

Once you have confirmed that the new account is working, you can delete the pi user. Please note, though, that with the current Raspbian distribution, there are some aspects that require the pi user to be present. If you are unsure whether you will be affected by this, then leave the pi user in place. Work is being done to reduce the dependency on the pi user.

To delete the pi user, type the following:

sudo deluser pi

This command will delete the pi user but will leave the home/pi folder. If necessary, you can use the command below to remove the home folder for the pi user at the same time. Note the data in this folder will be permanently deleted, so make sure any required data is stored elsewhere.

sudo deluser -remove-home pi

Make sudo require a password

Placing sudo in front of a command runs it as a superuser, and by default, that does not need a password. In general, this is not a problem. However, if your Pi is exposed to the internet and somehow becomes exploited (perhaps via a webpage exploit for example), the attacker will be able to change things that require superuser credential, unless you have set sudo to require a password.

To force sudo to require a password, enter

sudo nano /etc/sudoers.d/010_pi-nopasswd

and change the pi entry (or whichever usernames have superuser rights) to

pi ALL=(ALL) PASSWD: ALL

Now save the file.


www.raspberrypi.org/documentation/confi ... ecurity.md

asandford
Posts: 1996
Joined: Mon Dec 31, 2012 12:54 pm
Location: Waterlooville

Re: Change your default password.

Tue Sep 19, 2017 11:55 pm

hardware31 wrote:
Tue Sep 19, 2017 11:18 pm
Is there any command I can perform after performing these steps to see if I have done it the right way?
is there any way to confirm if I have successfully performed the changes
Thanks for listening.
To confirm your password change, switch to the userid

Code: Select all

[email protected]:~ $ su - pi
Password:
[email protected]:~ $

klricks
Posts: 5885
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: Change your default password.

Wed Sep 20, 2017 12:31 am

IMO I would not bother to change the user from pi unless I was running a server of some sort with open ports.

Note that the user pi is a member of several groups, not just sudo. You will need to add your new user(s) to the same groups. If not then a lot of things won't work for the new user eg audio.

The groups username command will show all groups of a user:

Code: Select all

$ groups pi
pi : pi adm dialout cdrom sudo audio video plugdev games users input netdev spi i2c gpio
Unless specified otherwise my response is based on the latest and fully updated Raspbian Stretch w/ Desktop OS.

User avatar
buja
Posts: 474
Joined: Wed Dec 31, 2014 8:21 am
Location: Netherlands

Re: Change your default password.

Wed Sep 20, 2017 5:21 am

I found this link: https://www.modmypi.com/blog/how-to-cha ... d-password

It is an easy way to change the default user name and I have used it on a Pi after upgrading to Raspbian Stretch, so on a clean system. So far it seems to work well. When using sudo it will ask for the user password (with user pi it does not do that), but you can change that too.

hardware31
Posts: 19
Joined: Tue Oct 15, 2013 11:39 pm

Re: Change your default password.

Thu Sep 21, 2017 12:54 am

very good the tips thank you all
This is exactly what I would like to do, I do not know how to change the topic to resolved.
I would like to make an application I will try to perform these changes on two different sd cards I would like to try following the official documentation and the way I was suggested in modymypi

After the steps in the cards are completed
It would be possible for me to post the results and confirm if I can make the changes correctly
Thanks for listening.

Return to “Raspbian”