By default Raspbian auto boots to the pi user. You can change that behavior to require password on boot by using the GUI config tool or sudo raspi-config. Do that if you don't trust who might have physical access to your RPi.Sheepdog wrote: ↑Mon Aug 06, 2018 12:00 amNew to Pi and Linux generally... old to computers.
4 Aug 2018 I put Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), and did apt update, apt upgrade.
In the GUI, I can change "the" password... without having to authenticate myself with the OLD password. Seems a bit of "back-door" for bad guys! (At no stage in hours of work at the GUI have I been asked for my password... not even when booting in from a no-power state.)
In the CLI, when I use passwd, the "old password" that works there is whatever I've made the password with the GUI, or by previous use of CLI.... I do HAVE a password... on some things, anyway... and know how to change it. But changing it with passwd in the CLI is the only time I have to GIVE the password to do anything!
If they have to hedge the "delete user pi" advice that heavily, it makes me nervous.Once you have confirmed that the new account is working, you can delete the pi user. Please note, though, that with the current Raspbian distribution, there are some aspects that require the pi user to be present. If you are unsure whether you will be affected by this, then leave the pi user in place. Work is being done to reduce the dependency on the pi user.
Code: Select all
sudo passwd --lock pi
Users browsing this forum: sora03 and 20 guests