Raspberry Pi user management

Raspberry Pi user management
Published: by
Categories
Raspberry Pi

The Raspberry Pi OS creates a user called ‘pi’. What does this mean and what privileges does this user have? This post discusses user management on a Raspberry Pi.

Introduction to Raspberry Pi user management

Linux operating systems (including the Raspberry Pi OS) use the principle of user accounts to identify and manage access to the system. User accounts (representing an actual person, or user) consist of a user name which is protected by a user password.

When logged in, each user has their own directory in the home directory of the operating system. The contents of the user’s home directory can only be accessed by the user itself or the administrator.

After a fresh install, the Raspberry Pi OS (formerly called Raspbian) creates various user types. Many of these users are system users and will not be discussed in detail here.

The two types of users that are important are the first user and the root user. Most Raspberry Pi users will be familiar with the first user. Additional users can also be added.

This post will also show how to remove additional users, change user passwords and give users root permissions.

Remember that the Raspberry Pi OS is a Debian-based operating system. Many commands and principles used here can be used on other Linux distributions and vice versa.

The Raspberry Pi experience

The Raspberry Pi is often used as a single-user computer which does not need user management. Even so, it might be important to understand the basics of user accounts and the default user.

The pi user account is most often the only user account that is used. This account has access to its own home directory (/home/pi) and can be used to execute administrative commands using the sudo command.

Sponsored links

Please support us by using these links they come at no additional cost to you, but we get a little commission each time they are used. These and others are available from Amazon.com and BangGood.

We have tested most of these products ourselves. Other selection criteria include affordability, quality, availability and average user rating and popularity by other buyers.

Links will open in a new window.
(Dead or old links can be reported in the comments section below.)

Catda Raspberry Pi 4B Starter Kit
Catda Raspberry Pi 4B Starter Kit
2019 Model B, 4GB RAM
1.5GHz 64-bit quad-core CPU & 4GB RAM, Gigabit Ethernet, Wi-Fi, Bluetooth, USB 2.0/3.0, headphone jack and duel Micro HDMI (4K). Kit includes power supply, MicroSD, USB MicroSD card reader, a case with heatsink and fan, mini-HDMI cable and USB-C PiSwitch.
Available from BangGood
iUniker Raspberry Pi 4B 8GB Starter Kit
iUniker Raspberry Pi 4B 8GB Starter Kit
2019 Model B, 8GB RAM
1.5GHz 64-bit quad-core CPU & 8GB RAM, Gigabit Ethernet, Wi-Fi, Bluetooth, USB 2.0/3.0, headphone jack and duel Micro HDMI (4K). Kit includes power supply, MicroSD, USB MicroSD card reader, a case with heatsink and fan, mini-HDMI cable and USB-C PiSwitch.
Available from Amazon.com
iUniker Raspberry Pi 4B 4GB Starter Kit
iUniker Raspberry Pi 4B 4GB Starter Kit
2019 Model B, 4GB RAM
1.5GHz 64-bit quad-core CPU & 4GB RAM, Gigabit Ethernet, Wi-Fi, Bluetooth, USB 2.0/3.0, headphone jack and duel Micro HDMI (4K). Kit includes power supply, MicroSD, USB MicroSD card reader, a case with heatsink and fan, mini-HDMI cable and USB-C PiSwitch.
Available from Amazon.com

First user

On the Raspberry Pi OS, the default username is pi with the default password of raspberry. The pi user is created automatically as the first user of the operating system.

Note: When installing newer versions of the Raspberry Pi OS there is an option to set the username and password for the first (default) user. If this step is omitted, the default username and password will be used.

The first user is an example of a normal user. More normal users, each with their own username and password, can be created.

The home directory of the first user is /home/pi.

Although the first user is not the root user (see below), it has access to root user privileges (aka root permissions) by using the sudo command (sudo). The pi user has sudo privileges because it is part of the sudo group (see later).

Sudo command

Sudo (sudo) stands for either “substitute user do” or “super user do“. The sudo command allows user accounts with sudo privileges (e.g. the pi user) to be temporarily elevated to have root privileges. Sudo privileges are gained by being part of the sudo group (see later).

An example of a sudo command would be:

sudo reboot

The reboot command is an administrative command.

Logging in as a user

Depending on the distribution and the setup of the Raspberry Pi OS, the first user (pi) may be already logged in (typically when booting to the GUI) or needs to be logged in manually (typically when booting to the Linux terminal).

Root user

Apart from the first user, another important user created by the Raspberry Pi OS is the root user (also called the administrative user or superuser).

The root user account is traditionally reserved for the system administrator. This user can do anything and has access to everything on the system. In other words, the root user has root privileges or permissions — giving it access to all user privileges including administrative or superuser tasks.

Commands that require root permissions include reboot, shutdown, raspi-config, update, upgrade and apt-get install.

The root user’s home directory is /root and has access to the uppermost (/ or root) directory where all the other user’s home directories are situated in.

On the Raspberry Pi OS, the first user automatically has access to the root privileges by using the sudo command.

Although the root user account has no password, it can also be accessed through the pi user using sudo. Root user login through SSH is disabled by default.

On Debian-based operating systems it is considered safer to perform superuser tasks using a user that has sudo privileges than to log in as the root account.

Additional users

Apart from the first user, additional users can also be added to the Raspberry Pi OS. These will be normal users. Additional user accounts are added (and can later be removed) if the Raspberry Pi OS is shared between multiple users and each needs its own home directory.

Each normal user will have access to their own home directory, files and configurations.

Adding and removing users are done using administrative commands, so root privileges are required.

New users will not automatically have sudo privileges.

Adding a new user

Additional users can be created by using the adduser command. To create a new user named ‘john’, the following terminal command can be used:

sudo adduser john
Raspberry P adduser
To create a new user on the Raspberry Pi OS/Raspbian the adduser command is used. In this case, ‘john’ was added as a new user.

User names and user passwords are case-sensitive.

The adduser command will continue to create the new user, the user group and the user’s home directory (e.g. john, john and /home/john).

A password for the new user can be given when prompted. The password field can be left blank if no password is required (not recommended).

Removing a user

Users can only be removed from a different user account with root privileges. To remove a user, the userdel terminal command can be used:

sudo userdel -r john

The -r part of the command will also delete the user’s folder.

Add/remove sudo privileges to a user

Sudo privileges are gained by adding a user to the sudo group. This action needs to be performed by another user who already has root or sudo privileges (e.g. pi).

To see what user(s) are already added to the sudo group, the grep terminal command can be used:

grep 'sudo' /etc/group

which will give the following result:

sudo:x:27:pi

To see what group(s) the user john is currently part of, the groups terminal command can be used:

groups john

which will give the following result:

john : john

To add the user john to the sudo group, the adduser sudo terminal command can be used:

sudo adduser john sudo

After the user john has been added to the sudo group, the output for the grep command will look as follow:

sudo:x:27:pi,john

and the output of the groups terminal command will look as follow:

john : john sudo

To remove the user john from the sudo group the deluser or gpasswd commands can be used.

sudo deluser john sudo

Users that are removed using the deluser terminal command will be automatically removed from the sudo group.

System users

Apart from the root user and normal users, the Raspberry Pi OS also has system users. These users are used by applications and running processes and are, for example, used for background and/or automated tasks.

To see a list of all the users registered, the cat terminal command can be used:

cat /etc/passwd

The privileges of system users are dependent on their tasks.

Listing users

Different terminal commands can be used to list users. The command used will depend on the types of users to list.

The following command will list all users, including system users:

cat /etc/passwd

To list users with home directories (i.e. mainly normal users), the following command can be used:

cat /etc/passwd | grep home

To list only usernames:

awk -F ":" '/home/ {print $1}' /etc/passwd | sort

Switching between users

The Raspberry Pi OS allows switching between two users. The new user can either be opened in a new (temporary) shell or as a replacement shell.

Temporary switching between users

The idea of switching between users using a temporary shell is to run commands as needed and then exit back to the original user shell.

To temporarily switch between users, for example pi to john, using a new shell, the su terminal command can be used:

su - john

where john is the user to switch to. The user will be prompted for the password of the user which is switched too (i.e. john).

To remain in the current directory structure when switching between users the - of the previous command needs to be omitted:

su john

The su command can also be used to temporarily switch to the root user account:

sudo su

By default, the root user has no password set, so there will be no prompt for it.

To switch back to the current user (i.e. pi), the logout or exit terminal command can be used:

logout

or

exit

Permanently switching between users

To switch to a different user using a replacement shell, the exec su terminal command can be used. This will log the current user out of the first account and into the second user account:

exec su - john

where john is the user to switch to. The user will be prompted for the password of the user which is switched to (i.e john).

To remain in the current directory structure when switching between users the - of the previous command needs to be omitted:

exec su john

Logging out of the current user account

To log out of the current account the exit terminal command can be used:

exit

Changing a user’s password

User passwords often need to be changed, especially for the pi user.

While the user is logged in, its password can be changed by using the passwd terminal command. For the default user (pi), the user password can also be changed by using the Change User Password menu item from the Raspi-config tool.

passwd

The Raspi-config tool requires sudo privileges to access:

sudo raspi-config

Both these processes will include confirming the current user password and typing the new user password. User passwords are case-sensitive.

To remove a user’s password (not recommended), the passwd -d terminal command can be used:

passwd -d [username]

e.g. the following command will remove the password for the john user:

passwd -d john

Changing the root password

By default, there is no password set for the root user on the Raspberry Pi OS. Although the Raspberry Pi OS does not allow login as the root user, its password can be changed.

To change the root user password, the passwd command needs to be used while logged in as root — which can be done using the following terminal command:

sudo su

The following terminal command is used to change the root user’s password using the passwd command:

passwd root

Note that passwords are case-sensitive.

To remove the root password the passwd -l terminal command can be used:

sudo passwd -l root

or

sudo passwd --lock root

This will expire the password, disallowing root logins again.

Conclusion

The Raspberry Pi OS use the principle of user accounts (each with its own user name and user password) to identify and manage access to the system.

The user types that are automatically installed include the root user, the first user and system users. Additional users can also be added and removed and passwords can be changed.

This post also covered how to change user passwords and give users root permissions.

About the author
Renier busies himself with improving his English writing, creative web design and his websites, photoshopping, micro-electronics, multiple genres of music, superhero movies and badass series.
Behind the Scenes is a free, informative website. If you find value in any of our content, please consider making a donation to our cause, or becoming a Patron for exclusive content.
Donate via PayPal Become a Patron

Save, share & discuss

Your comment is important, but don't be a knob. Keep it constructive and polite.

Leave a Reply

Your email address will not be published. Required fields are marked *

More Raspberry Pi and game related posts