UPDATED December 2017 for Rasbian Stretch. The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.
Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure.
The procedure starts with a Raspberry Pi running the latest Raspbian image (Stretch), with no other modifications. It should also work with the older Raspbian versions Jessie and Wheezy.
Caution: Changing the name of the “pi” user will cause a couple of the features of the raspi-config script to stop working, namely the option 2 to change pi’s password (the “passwd” command can easily be used instead), and option 3 to change the boot environment. It will also prevent menu item “Menu->Preferences->Raspberry Pi Configuration” (the graphical equivalent of raspi-config) from running altogether. If these are important to you, consider not continuing with this procedure.
NOTE: Some procedures on the Internet suggest using the usermod command to just rename the “pi” account. I would not recommend this, because usermod does not update secondary group ownerships, and the Pi user user has many of these. For example, the pi user is able to read the /var/log/syslog file by virtue of being a member of the adm group. Altering the pi user with usermod will break this functionality, as well as other features of the Pi account.
Also, the usermod command will often fail, especially on Raspbian 8 (Jessie), with the error message “usermod: user pi is currently used by process“. This is because user pi owns several system processes by default (in Jessie), and further because you may be logged in as pi and thus own one or more shell processes.
The “pi” user account has higher privileges than a normal Unix user account. This is so that you can use the “pi” account to manage the system effectively. As well as being enabled for sudo, “pi” user is a member of no less than 15 user groups, whereas a normal Unix user usually has only one or two group memberships. Changing the name of the “pi” user is therefore a little more challenging than changing the name of a normal Unix user.
In this procedure, a temporary user account is created and then used to change the “pi” user name. A sed pipeline performs the edits automatically. Afterwards, the temporary user is deleted.
Create a Temporary User Account
Log into your Pi from another system. Login as “pi” user.
Create a temporary user account as follows. This account will be used to make changes to the existing “pi” account and to other parts of the system. At the conclusion of this procedure, the temporary account will be deleted. Type following commands.
pi@pi ~ $ sudo useradd -m tempuser -s /bin/bash pi@pi ~ $ sudo passwd tempuser
Type a suitable password for the “tempuser” account.
Add the “tempuser” user to the group “sudo”:
pi@pi ~ $ sudo usermod -a -G sudo tempuser
Check the group file. You should see “temp” user has been added to the sudo group:
pi@pi ~ $ grep sudo /etc/group sudo:x:27:pi,tempuser
Looks good. Now log out of your Raspberry Pi altogether (you are currently logged in as user pi). You should not have any active logins as “pi”. If so, log out of all those sessions.
Login as Temporary User
Login to the Pi again, this time as user tempuser, using the password you created above. I am using SSH from another Linux system, so I do it like this.
othersystem$ ssh -l tempuser <IP address of Pi>
Once the login has completed, check that you are now “tempuser”:
tempuser@pi ~ $ id uid=1001(tempuser) gid=1004(tempuser) groups=1004(tempuser),27(sudo)
That looks correct. NB The numbers 1001, 1004 etc. don’t matter. Yours might be slightly different.
Rename “pi” User
For this example I will change the name of the “pi” user to “frederick”. You should select a different name of your own choosing.
We need to change every reference to “pi” to (say) “frederick” within the files /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow, /etc/sudoers, /etc/lightdm/lightdm.conf, /etc/systemd/system/autologin@.service, /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf and, in more recent Raspbian releases, /etc/sudoers.d/010_pi-nopasswd. We could simply edit each file separately. However it is easier to use the following command, especially since /etc/group (for example) contains 14 or more occurrences of “pi”. As well as being tedious, performing the edits manually could lead to errors that might prevent the pi from working properly, or even make it difficult to login at all.
First, take a backup of each file. The following tar command will do it.
tempuser@pi ~ $ cd /etc tempuser@pi /etc $ sudo tar -cvf authfiles.tar passwd group shadow gshadow sudoers lightdm/lightdm.conf systemd/system/autologin@.service sudoers.d/* polkit-1/localauthority.conf.d/60-desktop-policy.conf
If you have just seen a couple of error messages about some missing files, eg. lightdm.conf, it probably means you are using a “lite” version of Raspbian. It doesn’t matter though, the command still worked, just carry on with the procedure.
Now issue the following commands to make the changes. Be very careful to get it absolutely as written, including every slash, star, backslash and character, (except that you should replace the word “frederick” with your chosen name):
tempuser@pi ~ $ cd /etc tempuser@pi /etc $ sudo sed -i.$(date +'%y%m%d_%H%M%S') 's/\bpi\b/frederick/g' passwd group shadow gshadow sudoers lightdm/lightdm.conf systemd/system/autologin@.service sudoers.d/* polkit-1/localauthority.conf.d/60-desktop-policy.conf
The long “sed” command changes every occurrence of the word “pi” in each of the files to “frederick”. Before the change is made however, another backup copy of each file is created, just in case something went wrong or you ever want to undo the change. Having two backups isn’t really needed, it just provides some extra assurance in case the procedure does not work. NB. Raspbian Lite users might see a few messages about missing files again. It doesn’t matter, the command still worked, just carry on.
Check that the changes were made as follows. Replace “frederick” with your chosen name. You should see many matches, as shown.
tempuser@pi ~ $ grep frederick /etc/group adm:x:4:frederick dialout:x:20:frederick cdrom:x:24:frederick sudo:x:27:frederick,tempuser audio:x:29:frederick video:x:44:frederick plugdev:x:46:frederick games:x:60:frederick users:x:100:frederick input:x:101:frederick netdev:x:108:frederick frederick:x:1000: spi:x:999:frederick i2c:x:998:frederick gpio:x:997:frederick
This shows that every occurrence of “pi” in the file /etc/group has been changed to “frederick”.
Change the Name of the Pi Home Directory
Rename the “pi” user’s home directory.
tempuser@pi /etc $ sudo mv /home/pi /home/frederick
Then create a soft link as follows.
tempuser@pi /etc $ sudo ln -s /home/frederick /home/pi
The purpose of the soft link is to correctly resolve any broken references to the old “pi” home directory. For example, it prevents menu items such as “Python Games” from disappearing. Menu entries are controlled by files (under /usr/share/raspi-ui-overrides/applications), which refer to “/home/pi/<whatever>”. Creating the soft link allows the reference to resolve and is a common practice in this kind of situation.
Change the Name of the Crontab File
Rename the “pi” user’s crontab file. Remember to replace “frederick” in the following command with your chosen user name.
tempuser@pi /etc $ sudo [ -f /var/spool/cron/crontabs/pi ] && sudo mv -v /var/spool/cron/crontabs/pi /var/spool/cron/crontabs/frederick '/var/spool/cron/crontabs/pi' -> '/var/spool/cron/crontabs/frederick'
If the cron tab file called “pi” exists, it will be renamed to “frederick”. If it does not exist, the above command has no effect and nothing is printed. The cron file will exist only if you have previously set up cron jobs for execution under the “pi” user. Those jobs will now continue to be active for user “frederick”, in this example.
Change the Name of the Mail File
If you have ever used email as user “pi”, then a mail file will exist for the user, and it’s name should now be updated.
tempuser@pi /etc $ sudo [ -f /var/spool/mail/pi ] && sudo mv -v /var/spool/mail/pi /var/spool/mail/frederick '/var/spool/mail/pi' -> '/var/spool/mail/frederick'
If the mail file called “pi” exists, it will be renamed to “frederick”. Emails that were previously sent or received by user “pi” are now available for user “frederick”, in this example. If the file does not exist, the above command has no effect and no message is printed.
That completes the renaming of the “pi” user. The “pi” user no longer exists, as such. It has been renamed to “frederick”, or whatever name you have chosen. From now on you should log in with the new name. Any operations that were possible with the “pi” user will also be possible with your renamed user.
Test the New User
In another window on a remote system, try to login to the Pi as your new user.
othersystem $ ssh -l frederick <IP address of pi>
Use the same password as previously used for the “pi” user.
Alternatively, if you are using the Pi desktop (the GUI), you could simply logout (Menu->Shutdown->Logout), and then login again with your new user name.
Any data that previously belonged to the “pi” user now belongs to your renamed user (“frederick” in this case), including the pi home directory and everything in it. Check it now:
frederick@pi ~ $ cd frederick@pi ~ $ ls -al total 24 drwxr-xr-x 2 frederick frederick 4096 Dec 15 21:16 . drwxr-xr-x 4 root root 4096 Dec 17 12:11 .. -rw------- 1 frederick frederick 773 Dec 17 11:52 .bash_history -rw-r--r-- 1 frederick frederick 220 Nov 21 20:32 .bash_logout -rw-r--r-- 1 frederick frederick 3512 Nov 21 20:32 .bashrc -rw-r--r-- 1 frederick frederick 675 Nov 21 20:32 .profile ...and so on
Change the User Password
If your user password is still the same as the factory default (perhaps because you never changed it for “pi” user), change it to something more secure now:
frederick@jessie:/etc $ passwd frederick Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Remove the Temporary User
Finally, once you are satisfied that the renamed “pi” account (“frederick” above) is working correctly, delete tempuser as follows. If you have any sessions logged into the pi as tempuser, log them out first.
frederick@pi ~ $ sudo userdel tempuser
It might be a good idea to delay this step for a few days, after you have logged into the Pi several times as your renamed user, and you can therefore be sure the renamed user is operating correctly.
You should find that pressing shift-ctrl-F1 to exit from the graphical desktop into the terminal works as before, with your new user name being auto logged into the terminal. This was achieved when the systemd/system/autologin@.service file was changed.
The udisksctl should also continue to work, if you are a user of that. Changes made to the file 60-desktop-policy.conf switched control of that command from the “pi” user to your new user name.
I hope that this procedure has been useful. Thanks to Simon Blake, Sam Roberts and Nicolas from moodlebox.net and Dooley for file updates (see below).