The Raspberry Pi OS creates a user called 'pi'. What does this mean and what privileges does this user have? This post discusses user management on a Raspberry Pi.
Table of contents
Introduction to Raspberry Pi user management
Linux operating systems (including the Raspberry Pi OS) use the principle of user accounts to identify and manage access to the system. User accounts (representing an actual person, or user) consist of a user name which is protected by a user password.
When logged in, each user has their own directory in the home directory of the operating system. The contents of the user’s home directory can only be accessed by the user itself or the administrator.
After a fresh install, the Raspberry Pi OS (formerly called Raspbian) creates various user types. Many of these users are system users and will not be discussed in detail here.
The two types of users that are important are the first user and the root user. Most Raspberry Pi users will be familiar with the first user. Additional users can also be added.
This post will also show how to remove additional users, change user passwords and give users root permissions.
Remember that the Raspberry Pi OS is a Debian-based operating system. Many commands and principles used here can be used on other Linux distributions and vice versa.
The Raspberry Pi experience
The Raspberry Pi is often used as a single-user computer which does not need user management. Even so, it might be important to understand the basics of user accounts and the default user.
The pi user account is most often the only user account that is used. This account has access to its own home directory (/home/pi) and can be used to execute administrative commands using the sudo command.
- Get the Raspberry Pi 4B 4GB Starter Kit from Amazon.com
- Get the Raspberry Pi 4B 8GB Starter Kit from Amazon.com
First user
On the Raspberry Pi OS, the default username is pi with the default password of raspberry. The pi user is created automatically as the first user of the operating system.
The first user is an example of a normal user. More normal users, each with their own username and password, can be created.
The home directory of the first user is /home/pi.
Although the first user is not the root user (see below), it has access to root user privileges (aka root permissions) by using the sudo command (sudo). The pi user has sudo privileges because it is part of the sudo group (see later).
Sudo command
Sudo (sudo) stands for either “substitute user do” or “super user do“. The sudo command allows user accounts with sudo privileges (e.g. the pi user) to be temporarily elevated to have root privileges. Sudo privileges are gained by being part of the sudo group (see later).
An example of a sudo command would be:
sudo reboot
The reboot command is an administrative command.
Logging in as a user
Depending on the distribution and the setup of the Raspberry Pi OS, the first user (pi) may be already logged in (typically when booting to the GUI) or needs to be logged in manually (typically when booting to the Linux terminal).
Root user
Apart from the first user, another important user created by the Raspberry Pi OS is the root user (also called the administrative user or superuser).
The root user account is traditionally reserved for the system administrator. This user can do anything and has access to everything on the system. In other words, the root user has root privileges or permissions — giving it access to all user privileges including administrative or superuser tasks.
Commands that require root permissions include reboot, shutdown, raspi-config, update, upgrade and apt-get install.
The root user’s home directory is /root and has access to the uppermost (/ or root) directory where all the other user’s home directories are situated in.
On the Raspberry Pi OS, the first user automatically has access to the root privileges by using the sudo command.
Although the root user account has no password, it can also be accessed through the pi user using sudo. Root user login through SSH is disabled by default.
On Debian-based operating systems it is considered safer to perform superuser tasks using a user that has sudo privileges than to log in as the root account.
Additional users
Apart from the first user, additional users can also be added to the Raspberry Pi OS. These will be normal users. Additional user accounts are added (and can later be removed) if the Raspberry Pi OS is shared between multiple users and each needs its own home directory.
Each normal user will have access to their own home directory, files and configurations.
Adding and removing users are done using administrative commands, so root privileges are required.
New users will not automatically have sudo privileges.
Adding a new user
Additional users can be created by using the adduser command. To create a new user named ‘john’, the following terminal command can be used:
sudo adduser john
To create a new user on the Raspberry Pi OS/Raspbian the adduser command is used. In this case, ‘john’ was added as a new user.
User names and user passwords are case-sensitive.
The adduser command will continue to create the new user, the user group and the user’s home directory (e.g. john, john and /home/john).
A password for the new user can be given when prompted. The password field can be left blank if no password is required (not recommended).
Removing a user
Users can only be removed from a different user account with root privileges. To remove a user, the userdel terminal command can be used:
sudo userdel -r john
The -r part of the command will also delete the user’s folder.
Add/remove sudo privileges to a user
Sudo privileges are gained by adding a user to the sudo group. This action needs to be performed by another user who already has root or sudo privileges (e.g. pi).
To see what user(s) are already added to the sudo group, the grep terminal command can be used:
grep 'sudo' /etc/group
which will give the following result:
sudo:x:27:pi
To see what group(s) the user john is currently part of, the groups terminal command can be used:
groups john
which will give the following result:
john : john
To add the user john to the sudo group, the adduser sudo terminal command can be used:
sudo adduser john sudo
After the user john has been added to the sudo group, the output for the grep command will look as follow:
sudo:x:27:pi,john
and the output of the groups terminal command will look as follow:
john : john sudo
To remove the user john from the sudo group the deluser or gpasswd commands can be used.
sudo deluser john sudo
Users that are removed using the deluser terminal command will be automatically removed from the sudo group.
System users
Apart from the root user and normal users, the Raspberry Pi OS also has system users. These users are used by applications and running processes and are, for example, used for background and/or automated tasks.
To see a list of all the users registered, the cat terminal command can be used:
cat /etc/passwd
The privileges of system users are dependent on their tasks.
Listing users
Different terminal commands can be used to list users. The command used will depend on the types of users to list.
The following command will list all users, including system users:
cat /etc/passwd
To list users with home directories (i.e. mainly normal users), the following command can be used:
cat /etc/passwd | grep home
To list only usernames:
awk -F ":" '/home/ {print $1}' /etc/passwd | sort
Switching between users
The Raspberry Pi OS allows switching between two users. The new user can either be opened in a new (temporary) shell or as a replacement shell.
Temporary switching between users
The idea of switching between users using a temporary shell is to run commands as needed and then exit back to the original user shell.
To temporarily switch between users, for example pi to john, using a new shell, the su terminal command can be used:
su - john
where john is the user to switch to. The user will be prompted for the password of the user which is switched too (i.e. john).
To remain in the current directory structure when switching between users the - of the previous command needs to be omitted:
su john
The su command can also be used to temporarily switch to the root user account:
sudo su
By default, the root user has no password set, so there will be no prompt for it.
To switch back to the current user (i.e. pi), the logout or exit terminal command can be used:
logout
or
exit
Permanently switching between users
To switch to a different user using a replacement shell, the exec su terminal command can be used. This will log the current user out of the first account and into the second user account:
exec su - john
where john is the user to switch to. The user will be prompted for the password of the user which is switched to (i.e john).
To remain in the current directory structure when switching between users the - of the previous command needs to be omitted:
exec su john
Logging out of the current user account
To log out of the current account the exit terminal command can be used:
exit
Changing a user’s password
User passwords often need to be changed, especially for the pi user.
While the user is logged in, its password can be changed by using the passwd terminal command. For the default user (pi), the user password can also be changed by using the Change User Password menu item from the Raspi-config tool.
passwd
The Raspi-config tool requires sudo privileges to access:
sudo raspi-config
Both these processes will include confirming the current user password and typing the new user password. User passwords are case-sensitive.
To remove a user’s password (not recommended), the passwd -d terminal command can be used:
passwd -d [username]
e.g. the following command will remove the password for the john user:
passwd -d john
Changing the root password
By default, there is no password set for the root user on the Raspberry Pi OS. Although the Raspberry Pi OS does not allow login as the root user, its password can be changed.
To change the root user password, the passwd command needs to be used while logged in as root — which can be done using the following terminal command:
sudo su
The following terminal command is used to change the root user’s password using the passwd command:
passwd root
Note that passwords are case-sensitive.
To remove the root password the passwd -l terminal command can be used:
sudo passwd -l root
or
sudo passwd --lock root
This will expire the password, disallowing root logins again.
Conclusion
The Raspberry Pi OS use the principle of user accounts (each with its own user name and user password) to identify and manage access to the system.
The user types that are automatically installed include the root user, the first user and system users. Additional users can also be added and removed and passwords can be changed.
This post also covered how to change user passwords and give users root permissions.