Creating a new user with Sudo privileges in Debian on raspberry pi
Someone asked on the Raspberry Pi forums recently how to change the default pi user. There is a command usermod, which could be used to do this if you first created a root password. But there are a lot of reasons for not creating a root password (mostly security and “best practice” related – and people still disagree about it).
You can’t use usermod to modify the id you are currently using, so the only way to do it is to create a new user and give it the same privileges (ie make it a sudo user).
The easiest way to do this is from the command line…
sudo adduser username
…where username is the name you give your new user. Then you will be asked to key in a password twice. Make your password as long as you can manage. As much of it as possible should not be real words. This makes it harder to crack by brute force attack.
Then the system will ask you for further information about the user. You can leave these fields blank if you want – just press enter. When finished it will look like this…
Adduser will also create a home directory for the new user at /home/username
After that you can give them sudo privileges by editing the sudoers file…
Use the cursor keys to navigate to the line below the entry for pi and copy it exactly, but use your new username instead of pi.
pi ALL=(ALL) ALL
john ALL=(ALL) ALL
Leave the pi entry there for now. This part of the sudoers file should look something like this, although on different installations the users may be different.
Once done, you need to save the sudoers file. This is done with
CTRL+X. You will see something like this…
Testing your new username
Now, before we remove the pi username, we need to make sure that the new username you just created is working properly and with sudo privileges. First you’ll have to logout of your pi account.
Then login again using your new username and password…
One way to test your new account has sudo access is to attempt to edit the sudoers file…
It made me type in user john’s password to access the sudo command. It won’t always ask for it.
If you want to remove the pi username from the sudoers list, you can simply delete the line containing the pi entry and then
CTRL+X to save and exit. Then you’ll want to remove the pi user from the system.
Removing the pi user
If you are doing this to improve security (the world and his wife know the default username and password, after all) you might want to remove the pi user. (In the screenshots I’m removing the user john that I created for this example.) You can do this by logging into the new user account you just created, and typing…
sudo deluser pi to delete just the user account
You don’t have to, but if you want to remove the /home/pi directory as well, use…
sudo deluser -remove-home pi
This will remove nearly all traces of the pi user from the system, which will make it much harder for anyone to break into your pi from outside (if it’s connected, that is). I don’t want to remove my pi user as I want my screenshots on other entries to look the same as other people using the pi user, so I removed the user john instead (in case you were wondering).
So now you have made your Raspberry Pi a bit more secure. Enjoy!