Jun 262012
 

Creating a new user with Sudo privileges in Debian on raspberry pi

Someone asked on the Raspberry Pi forums recently how to change the default pi user. There is a command usermod, which could be used to do this if you first created a root password. But there are a lot of reasons for not creating a root password (mostly security and “best practice” related – and people still disagree about it).

You can’t use usermod to modify the id you are currently using, so the only way to do it is to create a new user and give it the same privileges (ie make it a sudo user).

The easiest way to do this is from the command line…

sudo adduser username

…where username is the name you give your new user. Then you will be asked to key in a password twice. Make your password as long as you can manage. As much of it as possible should not be real words. This makes it harder to crack by brute force attack.

Then the system will ask you for further information about the user. You can leave these fields blank if you want – just press enter. When finished it will look like this…

sudo adduser john

Adduser will also create a home directory for the new user at /home/username

After that you can give them sudo privileges by editing the sudoers file…

sudo visudo

Use the cursor keys to navigate to the line below the entry for pi and copy it exactly, but use your new username instead of pi.

pi    ALL=(ALL) ALL
john  ALL=(ALL) ALL

Leave the pi entry there for now. This part of the sudoers file should look something like this, although on different installations the users may be different.

sudo user editing

Once done, you need to save the sudoers file. This is done with CTRL+O, then CTRL+X. You will see something like this…

sudoers saved

Testing your new username

Now, before we remove the pi username, we need to make sure that the new username you just created is working properly and with sudo privileges. First you’ll have to logout of your pi account.

logout

Then login again using your new username and password…

login

One way to test your new account has sudo access is to attempt to edit the sudoers file…

sudo visudo

output of sudo visudo, run as john

It made me type in user john’s password to access the sudo command. It won’t always ask for it.
If you want to remove the pi username from the sudoers list, you can simply delete the line containing the pi entry and then CTRL+O, then CTRL+X to save and exit. Then you’ll want to remove the pi user from the system.

Removing the pi user

If you are doing this to improve security (the world and his wife know the default username and password, after all) you might want to remove the pi user. (In the screenshots I’m removing the user john that I created for this example.) You can do this by logging into the new user account you just created, and typing…

sudo deluser pi to delete just the user account

You don’t have to, but if you want to remove the /home/pi directory as well, use…

sudo deluser -remove-home pi

deluser john

This will remove nearly all traces of the pi user from the system, which will make it much harder for anyone to break into your pi from outside (if it’s connected, that is). I don’t want to remove my pi user as I want my screenshots on other entries to look the same as other people using the pi user, so I removed the user john instead (in case you were wondering).

So now you have made your Raspberry Pi a bit more secure. Enjoy!

  42 Responses to “How to create a new user on Raspberry Pi”

  1. Hi,

    Your way of doing is quite complicated.
    Simply do:

    sudo adduser MyUser
    sudo adduser MyUser sudo

    This last command will add MyUser into sudo group and MyUser will then able to use sudo.
    You don’t need to edit any file. :-)

    Mebepi

    • Thanks I’ll try that. The amazing thing about Linux is that there are so many ways of doing things and you learn something new every day. :)

      • Your way works. (I know you knew that – this is for other readers ;) ). BUT, it’s not completely equivalent to mine – although I will give you it’s a heck of a lot simpler. 8-)

        It will create a new user and add it to the sudo group. But unless you edit the sudoers file with visudo, you can’t make the new ID completely equivalent to the pi id. For example, I created a new id your way and using that new ID, every time I type sudo I have to enter the password. I can make that go away by copying the pi entry in the sudoers file.

        Having said all of that, however, it might be that the best way to change the pi ID (if there is no root id) would therefore be to create a new id your way, then give it sudo privileges, and then use that id to do a usermod command on the pi ID. Then remove the new ID. (Just thinking out loud here.) Thanks very much for your input :yes:

  2. tutorial worked great,thanx a lot

  3. worked very well, thank you.

  4. Truly helpful. I found the usermod command usefull help to import my .ssh directory to the new user! Over ssh, i also noticed that the account needs a password, otherwise you can’t log in. :-)

  5. Thank you very much for posting this.

    I think there is a small type? To save the file while in visudo, use Ctrl-O, not Ctrl-K. Then Ctrl-X to exit. At least on my RPi, visudo uses nano to edit.

    • Thanks. I’ll check this out. It’s possible that something’s changed recently. It definitely didn’t use nano when I wrote the blog.
      Checked this and you’re absolutely right. visudo is using Nano now. I’ve made the appropriate amendments.
      Thanks for helping me keep the blog up to date and accurate :)

  6. […] Clone user ‘pi’ prior to deleting user ‘pi’ using methods described in this post and this […]

  7. […] your new Raspbian installation, and remove the default "pi" user (which has password "raspberry"). This guide explains the procedure […]

  8. Every Time I Try To Open “sudo visudo” i get this:

    sudo: parse error in /etc/sudoers near line 1
    sudo: no valid sudoers sources found, quitting
    sudo: unable to initialize policy plugin
    pi@raspberrypi ~ $
    HELP!!!

    • are you working from within LXDE or raw command line? If LXDE, try raw command line without starting X.

      Other than that, I can’t think of anything else that might help you. Hopefully others will chip in.

      • Hi, if you’re having trouble getting into the Visudo file – try the command ‘pkexec visudo’. It will then authenticate it as the super-user, requiring a password for one of the users on your system (most likely pi).

    • got that the other day…. can u sudo other things? if not, you kinda bricked your pi account and if you don’t have root enabled, you will have to reimage.

  9. […] In order for your friends and family to be able to use your Mumble server you will need to make your Raspberry Pi accessible to the outside world. Therefore, it is highly advisable that you create a new user name and password (the default is “pi” and “raspberry” respectively) or at the very least change the password. The following guide explains how to do this: How to create a new user on a Raspberry Pi […]

  10. thanks a lot – helped me!

  11. Yes indeed works a treat … instead of deleting my pi user I just commented it out …

  12. Jan 30, 2015, using downloaded latest NOOBS – to Raspbian install:
    Actually the above (main) procedure failed for me. If I entered just as above: “new name ALL=(ALL) ALL”, whereas ‘pi’ had “ALL=(ALL) ALL …” then some other stuff. After that, I could not get back into sudo with EITHER ‘pi’ OR my new supposed user. This made it impossible to even log out, since I had not established a root pwd.
    Now, I’m not sure if I left out a space and entered instead, “ALL=(ALL)ALL”.
    Anyway, the result – every time I used sudo with either account – was the exact same three lines of error messages listed above by louistheman.
    pkexec visudo did nothing, just hung on the line.
    So I had to unplug power (ugh) – only option – and reimage.

  13. ricko again,
    1/30/15, continued:
    Another observation…

    When I did create that other account, before trying to use visudo, I observed that it had almost no files at all inside, especially none of the ‘hidden’ files beginning with “.”.

    The original ‘pi’ account, on the other hand, had a large number of hidden files (“.config”, etc) – among other files – that directed how the account would display on X, among other behaviors. None of that was present in the new user account, even after running ‘startx’ once. Those files in /home/pi/ have all kinds of different types, permissions, executable-ness, etc etc. Trying to recreate that directory – or whatever should be in it to make it function – seems an effort requiring a whole lot of knowledge that a newbie such as I just doesn’t have.

    Perhaps there is some script or executable that will somehow populate the new /home/user account, but I don’t know what it is or how to run it. I’ve noticed the ‘man’ (manual) pages are really mostly not much help for any but a few tasks. If there is such a tool or simple technique, I would be obliged to anyone who could explain that to me.

    Seems like a small, ‘easy to use’ machine should be a little, well, easier to use – especially for its target environment. Just sayin..

    ricko

  14. Thanks for that however there’s one problem with ALL=(ALL) ALL this is OK but you have to enter your password every time you want to do something as root instead of the above I’ve found that if you pu ALL=(NOPASSWD) ALL then I found that I didn’t need to waste time

  15. thanks a lot. it’s helpful

  16. Hi, I just followed this and it worked fine for most things however I cannnot get Scratch or Minecraft to run on my new user account. Can anyone help?

    • I had same problem with Minecraft although not with Scratch after a reboot but did also have issues with Python Games.
      My Minecraft problem turned about to be a “failed to open vchiq instance”.
      Fixed it like this:

      sudo chmod 777 /dev/vchiq

      seemed to be a permissions error with new account but this fixed it after lots of searching.

      Python games folder just needed to be copied from the “Pi” Home folder to the Home folder.

      Hope this helps

    • Better answer actually to Minecraft problem. This method of creating a new user doesn’t automatically add membership to the same groups that “Pi” has. The vchiq permissions problem is because your new user isn’t a member of “video” group like “Pi” is.

      I finally just typed “groups pi” and then “sudo addgroup ”

      Hope that helps even more rather than above work around.

      • Hi Matt,

        When I type “sudo add group”, I get the message, “addgroup: Only one or two names allowed.”

        When I checked what groups my new user was a part of, “groups newuser”, it was only in its own group, “newuser : newuser”

        Is there another way to add groups?

        Thanks

        • ok, found this out. Rookie question. For any one as green as me. you add groups by giving the user then the group, sudo adduser , e.g. sudo adduser newuser video
          It appears you have to add each group, one at a time.

          I’m sure there’s a better way, but this one worked for me.

  17. I fail to delete the user. I opened a thread about it here http://askubuntu.com/q/781718/25388 There is probably a polylocale problem.

  18. This worked well and I learnt a bit about visudo. Thanks a lot!

  19. I tried this with Raspbian Jessie loaded from Noobs, and while it created a su, there are some items on the Pixel GUI that won’t work. Specifically the python games under the games menu item. Clicking on the Games menu opens a sub menu with Minecraft Pi and Python Games. When logged in as “pi” if you click on Python Games, a window opens asking sound preferences, then another with a list of python games to choose from. If you are logged in as the newly created user, clicking on the Python Games item causes the “busy” hourglass to appear with the pointer for a few seconds, and nothing else.

  20. I followed the above procedure on ‘2017-04-10-raspbian-jessie.img’ and in response to ‘sudo deluser pi’ I get an error “userdel: user pi is currently used by process 681…..returned error code 8. Exiting”. I can’t remove user ‘pi’ and can still ssh in as user pi. What did I miss?

  21. In the sudoers file I only had root there. There was no pi to copy. Adding my newuser the same as root did not work and I still got prompted for my password when using sudo. Eventually I found the pi entry… sudo nano /etc/sudoers.d/010_pi-nopasswd copying this with my new user name worked.

  22. “–remove-all-files” is better option than only removing home directory.

  23. What will happen if I enter “sudo startx” into terminal?

  24. Hello sir I’m using first time raspberry pi 3 …. But after login and password no give command stratx ….. command not found error so help me….

  25. Hello!

    This was a great guide.
    Well explained & specified guide.
    Now i know how i can make my users on my Raspberry Pi.
    Thanks for this, im really happy i found this,
    Keep up the good work.

    Regards Fredrik Nordeng

  26. When I try to logout I get “bash: logout: not login shell: use `exit’.” Has something changed since this was written?

Leave a Reply