Jun 262012
 

Creating a new user with Sudo privileges in Debian on raspberry pi

Someone asked on the Raspberry Pi forums recently how to change the default pi user. There is a command usermod, which could be used to do this if you first created a root password. But there are a lot of reasons for not creating a root password (mostly security and “best practice” related – and people still disagree about it).

You can’t use usermod to modify the id you are currently using, so the only way to do it is to create a new user and give it the same privileges (ie make it a sudo user).

The easiest way to do this is from the command line…

sudo adduser username

…where username is the name you give your new user. Then you will be asked to key in a password twice. Make your password as long as you can manage. As much of it as possible should not be real words. This makes it harder to crack by brute force attack.

Then the system will ask you for further information about the user. You can leave these fields blank if you want – just press enter. When finished it will look like this…

sudo adduser john

Adduser will also create a home directory for the new user at /home/username

After that you can give them sudo privileges by editing the sudoers file…

sudo visudo

Use the cursor keys to navigate to the line below the entry for pi and copy it exactly, but use your new username instead of pi.

pi    ALL=(ALL) ALL
john  ALL=(ALL) ALL

Leave the pi entry there for now. This part of the sudoers file should look something like this, although on different installations the users may be different.

sudo user editing

Once done, you need to save the sudoers file. This is done with CTRL+O, then CTRL+X. You will see something like this…

sudoers saved

Testing your new username

Now, before we remove the pi username, we need to make sure that the new username you just created is working properly and with sudo privileges. First you’ll have to logout of your pi account.

logout

Then login again using your new username and password…

login

One way to test your new account has sudo access is to attempt to edit the sudoers file…

sudo visudo

output of sudo visudo, run as john

It made me type in user john’s password to access the sudo command. It won’t always ask for it.
If you want to remove the pi username from the sudoers list, you can simply delete the line containing the pi entry and then CTRL+O, then CTRL+X to save and exit. Then you’ll want to remove the pi user from the system.

Removing the pi user

If you are doing this to improve security (the world and his wife know the default username and password, after all) you might want to remove the pi user. (In the screenshots I’m removing the user john that I created for this example.) You can do this by logging into the new user account you just created, and typing…

sudo deluser pi to delete just the user account

You don’t have to, but if you want to remove the /home/pi directory as well, use…

sudo deluser -remove-home pi

deluser john

This will remove nearly all traces of the pi user from the system, which will make it much harder for anyone to break into your pi from outside (if it’s connected, that is). I don’t want to remove my pi user as I want my screenshots on other entries to look the same as other people using the pi user, so I removed the user john instead (in case you were wondering).

So now you have made your Raspberry Pi a bit more secure. Enjoy!

  15 Responses to “How to create a new user on Raspberry Pi”

  1. Hi,

    Your way of doing is quite complicated.
    Simply do:

    sudo adduser MyUser
    sudo adduser MyUser sudo

    This last command will add MyUser into sudo group and MyUser will then able to use sudo.
    You don’t need to edit any file. :-)

    Mebepi

    • Thanks I’ll try that. The amazing thing about Linux is that there are so many ways of doing things and you learn something new every day. :)

      • Your way works. (I know you knew that – this is for other readers ;) ). BUT, it’s not completely equivalent to mine – although I will give you it’s a heck of a lot simpler. 8-)

        It will create a new user and add it to the sudo group. But unless you edit the sudoers file with visudo, you can’t make the new ID completely equivalent to the pi id. For example, I created a new id your way and using that new ID, every time I type sudo I have to enter the password. I can make that go away by copying the pi entry in the sudoers file.

        Having said all of that, however, it might be that the best way to change the pi ID (if there is no root id) would therefore be to create a new id your way, then give it sudo privileges, and then use that id to do a usermod command on the pi ID. Then remove the new ID. (Just thinking out loud here.) Thanks very much for your input :yes:

  2. tutorial worked great,thanx a lot

  3. worked very well, thank you.

  4. Truly helpful. I found the usermod command usefull help to import my .ssh directory to the new user! Over ssh, i also noticed that the account needs a password, otherwise you can’t log in. :-)

  5. Thank you very much for posting this.

    I think there is a small type? To save the file while in visudo, use Ctrl-O, not Ctrl-K. Then Ctrl-X to exit. At least on my RPi, visudo uses nano to edit.

    • Thanks. I’ll check this out. It’s possible that something’s changed recently. It definitely didn’t use nano when I wrote the blog.
      Checked this and you’re absolutely right. visudo is using Nano now. I’ve made the appropriate amendments.
      Thanks for helping me keep the blog up to date and accurate :)

  6. [...] Clone user ‘pi’ prior to deleting user ‘pi’ using methods described in this post and this [...]

  7. [...] your new Raspbian installation, and remove the default "pi" user (which has password "raspberry"). This guide explains the procedure [...]

  8. Every Time I Try To Open “sudo visudo” i get this:

    sudo: parse error in /etc/sudoers near line 1
    sudo: no valid sudoers sources found, quitting
    sudo: unable to initialize policy plugin
    pi@raspberrypi ~ $
    HELP!!!

    • are you working from within LXDE or raw command line? If LXDE, try raw command line without starting X.

      Other than that, I can’t think of anything else that might help you. Hopefully others will chip in.

    • got that the other day…. can u sudo other things? if not, you kinda bricked your pi account and if you don’t have root enabled, you will have to reimage.