Your Pi and you: Raspberry Pi changing the default user password
Your Raspbian operating system that we are using for these tutorials ships with a standard username and password. The username is pi and the associated password is raspberry. We should, at the very least change the password. This can be changed in the simplest way through raspi-config which runs at first boot of the Pi. We will also see how this can be changed independently of raspi-config. The command is great but hides all of the backend tools that exist in the Linux Operating System. Knowing these commands can help you use other systems that don’t have the raspi-config tool. Additionally, we should consider creating additionally user accounts on the system which again, helps us understand Linux better as well as having backup accounts.
Changing the Password of the User: pi
Firstly, the simplest way to change the password of the default user in Raspbian is to make use of the raspi-config administration menu. This will need to be run as the user root. To achieve this we can log on as the user pi with the password of raspberry. These are the default user and password and mentioned earlier.. To run raspi-config with root permissions we preface the command with sudo:
The menu will start and it will now be running with the privileges in the system of the root user, the administrator account in Linux.
Option 2 in the menu will change the password, but only of the user account pi. The program is merely a script front-end and literally will change the password of a user called pi. Nothing more and nothing less. If the pi use does not exit then the script will fail to set the password. Of course, this is the simple mechanism but underlying we are using the command passwd.
Note on the Command passwd
As a standard user we could set our own password but not those of others using the command passed wihtour sudo rights. Considering that we will have logged in as the user pi we can change our own password without the need of sudo. As a security mechanism if you are setting your own password you will be promted for the current passwd first.
Adding additional user accounts
As you can see, the setting of the user password was not difficult and that has helped us secure your Pi. Leaving the default password is never a good idea. Setting a strong password for the pi account is always going to be recommended. Additionally we can add other accounts to the RPi, we do not have to use the account pi. We can create new account with and without administrative priviliges. The ability of the account pi to run the command sudo comes from the account being added to the group sudo.
As we are still quite early in to the Pi and Linux Essentials journey we will keep this quite brief and limit the discussion to the command useradd,. As we gain more proficiency with Linux we shall look in more detail at the suite of command to manage users and groups.
In the example I will create a new account for myself. I would like this account to be and administrator and to be able to run sudo so I will add it to the group: sudo. If you are adding accounts for ordinary users then there is no need or desire to add them to the sudo group.
sudo useradd -m andrew -G sudo
Step By Step
Breaking the command down step by step we will investigate the options used:
- sudo : this allows the command to run with administrative permissions
- useradd: this is the command to create new users and requires administrative permissions to run
- -m creates the home directory for the user at the same time the user is created
- andrew : is the user account name to create. Usually this is lower-case as the login name as well as the password is case-sensitive in Linux.
- -G sudo: is used to add the user the the secondary group sudo
This will have crated the user account which can be viewed in the file: /etc/passwd
tail -1 /etc/passwd
This will display just the last line of the file and should display the new user account. The passwd file is accessible to all users to read so we do not have to use sudo. Useradd will have created the user but not set the password for the user. For this we can now set the new user’s password.
Setting the User Passwd
sudo passwd andrew #( replace andrew with the account you created)
User passwords are stored in the file /etc/shadow. This is not readable by users so to list it we will need to use sudo
sudo tail -1 /etc/shadow
This will list the new account along with the new SHA 512 encrypted password.
So now we have been able to change the password of the default user pi and create a new account that can use delegated permissions with sudo onto the system. The video for this demonstration is available on Youtube:
- Run the command raspi-config without using sudo to preface the command: raspi-config. Note the message that is displayed
- Now run sudo raspi-config and set the password of the user pi
- Create a new user on the Raspberry Pi. Use your name in lower case as the user. Make sure that this use will be able to use sudo
- Set the password for this user