Sheepdog
Posts: 14
Joined: Sun Aug 21, 2016 7:44 pm

BASIC password questions

Mon Aug 06, 2018 12:00 am

New to Pi and Linux generally... old to computers.

4 Aug 2018 I put Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), and did apt update, apt upgrade.

In the GUI, I can change "the" password... without having to authenticate myself with the OLD password. Seems a bit of "back-door" for bad guys! (At no stage in hours of work at the GUI have I been asked for my password... not even when booting in from a no-power state.)

In the CLI, when I use passwd, the "old password" that works there is whatever I've made the password with the GUI, or by previous use of CLI.... I do HAVE a password... on some things, anyway... and know how to change it. But changing it with passwd in the CLI is the only time I have to GIVE the password to do anything!
New to Pi and Linux generally... old to computers. Using Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), apt-get update, apt-get upgrade at least as recently as 5 Aug 2018

gkreidl
Posts: 5765
Joined: Thu Jan 26, 2012 1:07 pm
Location: Germany

Re: BASIC password questions

Mon Aug 06, 2018 5:12 am

The default settings of Raspbian are a security nightmare because sudo does not require a password.
There's a tutorial by the Foundation which explains how to enhance security.
Minimal Kiosk Browser (kweb)
Slim, fast webkit browser with support for audio+video+playlists+youtube+pdf+download
Optional fullscreen kiosk mode and command interface for embedded applications
Includes omxplayerGUI, an X front end for omxplayer

Sheepdog
Posts: 14
Joined: Sun Aug 21, 2016 7:44 pm

Re: BASIC password questions

Mon Aug 06, 2018 10:51 am

Thank you, grk...

For others reading this, I think the guide he meant is...

https://www.raspberrypi.org/documentati ... ecurity.md

... which is good.

Nice to have support for my uncomfortable feeling that using sudo is too easy... thank you. The article shows how the operation of sudo can be made less Bad-Guy-Friendly.

I'm torn by the ambivalent advice about creating a new user. Made sense to do that, to me, but then I read, at the Foundation's page (you can read anything, //somewhere// on the net) that I should probably leave user Pi in place. If Pi is still there (ready to be mis-used), is there any point in taking on the extra confusion of having ANOTHER user in the mix? Sigh. Maybe the answer is to create a new user, but leave Pi in place, but give it, Pi, a really REALLY nasty password??
Last edited by Sheepdog on Mon Aug 06, 2018 6:29 pm, edited 1 time in total.
New to Pi and Linux generally... old to computers. Using Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), apt-get update, apt-get upgrade at least as recently as 5 Aug 2018

klricks
Posts: 5919
Joined: Sat Jan 12, 2013 3:01 am
Location: Grants Pass, OR, USA
Contact: Website

Re: BASIC password questions

Mon Aug 06, 2018 1:08 pm

Sheepdog wrote:
Mon Aug 06, 2018 12:00 am
New to Pi and Linux generally... old to computers.

4 Aug 2018 I put Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), and did apt update, apt upgrade.

In the GUI, I can change "the" password... without having to authenticate myself with the OLD password. Seems a bit of "back-door" for bad guys! (At no stage in hours of work at the GUI have I been asked for my password... not even when booting in from a no-power state.)

In the CLI, when I use passwd, the "old password" that works there is whatever I've made the password with the GUI, or by previous use of CLI.... I do HAVE a password... on some things, anyway... and know how to change it. But changing it with passwd in the CLI is the only time I have to GIVE the password to do anything!
By default Raspbian auto boots to the pi user. You can change that behavior to require password on boot by using the GUI config tool or sudo raspi-config. Do that if you don't trust who might have physical access to your RPi.

From CLI using sudo passwd pi will allow password change without entering the old password.

By default the root password is not set but can be set using sudo passwd However there is no point as long as sudo is unlocked.

IMO changing the password is all that is needed for most users running behind a router.

If running a server of some sort with open ports then use more extreme measures like deleting user pi, lockdown sudo etc.
Unless specified otherwise my response is based on the latest and fully updated Raspbian Stretch w/ Desktop OS.

Sheepdog
Posts: 14
Joined: Sun Aug 21, 2016 7:44 pm

Re: BASIC password questions

Mon Aug 06, 2018 1:31 pm

Thank you... and all you say makes sense. (Apart from one nit I will pick.) However, I DO want to run a server that will be visible across the interent... hence my caution. (And I still find the fact that one can change the user pi password with the GUI without knowing the old password poor design.)

You say.... "delete pi user" (after creating a new user!). But...

https://www.raspberrypi.org/documentati ... ecurity.md

says....
Once you have confirmed that the new account is working, you can delete the pi user. Please note, though, that with the current Raspbian distribution, there are some aspects that require the pi user to be present. If you are unsure whether you will be affected by this, then leave the pi user in place. Work is being done to reduce the dependency on the pi user.
If they have to hedge the "delete user pi" advice that heavily, it makes me nervous.
New to Pi and Linux generally... old to computers. Using Raspbian 9 (Stretch) on a Pi 3 B (ver 1.2), apt-get update, apt-get upgrade at least as recently as 5 Aug 2018

fbe
Posts: 370
Joined: Thu Aug 17, 2017 9:08 pm

Re: BASIC password questions

Tue Aug 07, 2018 5:45 pm

The other weakness that is not mentioned by any tutorial is, that pi is allowed to run any command with root privileges. In fact pi is root if you know pi's password, even if you "make pi secure". Simply creating another user with password authentication and the same privilege and removing the pi account doesn't make things more secure.

I would try to allow login via ssh as root using public key authentication (only) and then "disarm" the pi user (remove pi from sudo group, remove the privilege to run sudo without password, don't automatically login as user pi). You could even disable the pi password too (set the password field in /etc/shadow to "*") and allow ssh login only with public key authentication for pi user...

User avatar
HawaiianPi
Posts: 3038
Joined: Mon Apr 08, 2013 4:53 am
Location: Aloha, Oregon USA

Re: BASIC password questions

Sun Aug 12, 2018 1:53 am

You can disable the "pi" user with,

Code: Select all

sudo passwd --lock pi
I know I've run into problems in the past after removing the pi user, but I'm not sure if any of those problems still exist (some of the issues were resolved). I usually create my own user and disable the pi user, and I haven't run into any problems doing that.

Passwordless sudo is not as big an issue as some here make it out to be, unless others you consider a security risk have physical access to your Pi.
My mind is like a browser. 27 tabs are open, 9 aren't responding,
lots of pop-ups...and where is that annoying music coming from?

Return to “Raspbian”