How to Rename the Default Raspberry Pi User

The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.

Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure.

The procedure starts with a Raspberry Pi 2 running the latest Raspbian image (Jessie), with no other modifications. It should also work with the older Raspbian Wheezy. UPDATE 3rd Dec 2016: the procedure has been modified to work with the latest Raspbian update of 25th Nov 2016.

Caution: Changing the name of the “pi” user will cause a couple of the features of the raspi-config script to stop working, namely the option 2 to change pi’s password (the “passwd” command can easily be used instead), and option 3 to change the boot environment. If these are important to you, consider not continuing with this procedure.

NOTE: Some procedures on the Internet suggest using the usermod command to just rename the “pi” account. I would not recommend this, because usermod does not update secondary group ownerships, and the Pi user user has many of these. For example, the pi user is able to read the /var/log/syslog file by virtue of being a member of the adm group. Altering the pi user with usermod will break this functionality, as well as other features of the Pi account.

Also, the usermod command will often fail, especially on Raspbian 8 (Jessie), with the error message “usermod: user pi is currently used by process“. This is because user pi owns several system processes by default (in Jessie), and further because you may be logged in as pi and thus own one or more shell processes.

Summary

The “pi” user account has higher privileges than a normal Unix user account. This is so that you can use the “pi” account to manage the system effectively. As well as being enabled for sudo, “pi” user is a member of no less than 15 user groups, whereas a normal Unix user usually has only one or two group memberships. Changing the name of the “pi” user is therefore a little more challenging than changing the name of a normal Unix user.

In this procedure, a temporary user account is created and then used to change the “pi” user name. A sed pipeline performs the edits automatically. Afterwards, the temporary user is deleted.

Create a Temporary User Account

Log into your Pi from another system. Login as “pi” user.

Create a temporary user account as follows. This account will be used to make changes to the existing “pi” account and to other parts of the system. At the conclusion of this procedure, the temporary account will be deleted. Type following commands.

pi@pi ~ $ sudo useradd -m tempuser
pi@pi ~ $ sudo passwd tempuser

Type a suitable password for the “tempuser” account.

Add the “tempuser” user to the group “sudo”:

pi@pi ~ $ sudo usermod -a -G sudo tempuser

Check the group file. You should see “temp” user has been added to the sudo group:

pi@pi ~ $ grep sudo /etc/group
sudo:x:27:pi,tempuser

Looks good. Now log out of your Raspberry Pi altogether (you are currently logged in as user pi). You should not have any active logins as “pi”. If so, log out of all those sessions.

Login as Temporary User

Login to the Pi again, this time as user tempuser, using the password you created above. I am using SSH from another Linux system, so I do it like this.

othersystem$ ssh -l tempuser <IP address of Pi>

 

Once the login has completed, check that you are now “tempuser”:

tempuser@pi ~ $ id
uid=1001(tempuser) gid=1004(tempuser) groups=1004(tempuser),27(sudo)

That looks correct. NB The numbers 1001, 1004 etc. don’t matter. Yours might be slightly different.

Rename “pi” User

For this example I will change the name of the “pi” user to “frederick”. You should select a different name of your own choosing.

We need to change every reference to “pi” to (say) “frederick” within the files /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow, /etc/sudoers, /etc/lightdm/lightdm.conf, /etc/systemd/system/autologin@.service, /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf and, in more recent Raspbian releases, /etc/sudoers.d/010_pi-nopasswd. We could simply edit each file separately. However it is easier to use the following command, especially since /etc/group (for example) contains 14 or more occurrences of “pi”. As well as being tedious, performing the edits manually could lead to errors that might prevent the pi from working properly, or even make it difficult to login at all.

First, take a backup of each file. The following tar command will do it.

tempuser@pi ~ $ cd /etc
tempuser@pi /etc $ sudo tar -cvf authfiles.tar passwd group shadow gshadow sudoers lightdm/lightdm.conf systemd/system/autologin@.service sudoers.d/* polkit-1/localauthority.conf.d/60-desktop-policy.conf

Now issue the following commands to make the changes. Be very careful to get it absolutely as written, including every slash, star, backslash and character, (except that you should replace the word “frederick” with your chosen name):

tempuser@pi ~ $ cd /etc
tempuser@pi /etc $ sudo sed -i.$(date +'%y%m%d_%H%M%S') 's/\bpi\b/frederick/g' passwd group shadow gshadow sudoers lightdm/lightdm.conf systemd/system/autologin@.service sudoers.d/* polkit-1/localauthority.conf.d/60-desktop-policy.conf

The long “sed” command changes every occurrence of the word “pi” in each of the files to “frederick”. Before the change is made however, another backup copy of each file is created, just in case something went wrong or you ever want to undo the change. Having two backups isn’t really needed, it just provides some extra assurance in case the procedure does not work.

Check that the changes were made as follows. Replace “frederick” with your chosen name. You should see many matches, as shown.

tempuser@pi ~ $ grep frederick /etc/group
adm:x:4:frederick
dialout:x:20:frederick
cdrom:x:24:frederick
sudo:x:27:frederick,tempuser
audio:x:29:frederick
video:x:44:frederick
plugdev:x:46:frederick
games:x:60:frederick
users:x:100:frederick
input:x:101:frederick
netdev:x:108:frederick
frederick:x:1000:
spi:x:999:frederick
i2c:x:998:frederick
gpio:x:997:frederick

This shows that every occurrence of “pi” in the file /etc/group has been changed to “frederick”.

Change the Name of the Pi Home Directory

Rename the “pi” user’s home directory.

tempuser@pi /etc $ sudo mv /home/pi /home/frederick

Then create a soft link as follows.

tempuser@pi /etc $ sudo ln -s /home/frederick /home/pi

The purpose of the soft link is to correctly resolve any broken references to the old “pi” home directory. For example, it prevents menu items such as “Python Games” from disappearing. Menu entries are controlled by files (under /usr/share/raspi-ui-overrides/applications), which refer to “/home/pi/<whatever>”. Creating the soft link allows the reference to resolve and is a common practice in this kind of situation.

That completes the renaming of the “pi” user. The “pi” user no longer exists, as such. It has been renamed to “frederick”, or whatever name you have chosen. From now on you should log in with the new name. Any operations that were possible with the “pi” user will also be possible with your renamed user.

Test the New User

In another window on a remote system, try to login to the Pi as your new user.

othersystem $ ssh -l frederick <IP address of pi>

Use the same password as previously used for the “pi” user.

Alternatively, if you are using the Pi desktop (the GUI), you could simply logout (Menu->Shutdown->Logout), and then login again with your new user name.

Any data that previously belonged to the “pi” user now belongs to your renamed user (“frederick” in this case), including the pi home directory and everything in it. Check it now:

frederick@pi ~ $ cd
frederick@pi ~ $ ls -al
total 24
drwxr-xr-x 2 frederick frederick 4096 Dec 15 21:16 .
drwxr-xr-x 4 root      root      4096 Dec 17 12:11 ..
-rw------- 1 frederick frederick  773 Dec 17 11:52 .bash_history
-rw-r--r-- 1 frederick frederick  220 Nov 21 20:32 .bash_logout
-rw-r--r-- 1 frederick frederick 3512 Nov 21 20:32 .bashrc
-rw-r--r-- 1 frederick frederick  675 Nov 21 20:32 .profile
...and so on

Change the User Password

If your user password is still the same as the factory default (perhaps because you never changed it for “pi” user), change it to something more secure now:

frederick@jessie:/etc $ passwd frederick
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Remove the Temporary User

Finally, once you are satisfied that the renamed “pi” account (“frederick” above) is working correctly, delete tempuser as follows. If you have any sessions logged into the pi as tempuser, log them out first.

frederick@pi ~ $ sudo userdel tempuser

It might be a good idea to delay this step for a few days, after you have logged into the Pi several times as your renamed user, and you can therefore be sure the renamed user is operating correctly.

Notes

You should find that pressing shift-ctrl-F1 to exit from the graphical desktop into the terminal works as before, with your new user name being auto logged into the terminal. This was achieved when the systemd/system/autologin@.service file was changed.

The udisksctl should also continue to work, if you are a user of that. Changes made to the file 60-desktop-policy.conf switched control of that command from the “pi” user to your new user name.

Conclusion

I hope that this procedure has been useful. Thanks to Simon Blake, Sam Roberts and Nicolas from moodlebox.net and Dooley for file updates (see below).

38 thoughts on “How to Rename the Default Raspberry Pi User

  1. Thanks for a very helpful procedure. Much improves security on the home network. Next step just has to be changing the hostname from ‘raspberrypi’ to something shorter and much less obvious.

  2. Hi Jim,

    I have googled tons of tutorials explaining how to change the default user, and this is by far the most well written guide I have found. And not to mention up-to-date as well.

    I totally agree on your concerns changing the pi account using the usermod command. Not all privileges will remain the same.

    One consideration – using raspi-config after following your guide, the config utility still belives the default user is pi. Wouldn’t it be advisable to update the lightdm.conf and raspi-config script with the new username?

    Once again, excellent guide!

    Thanks, Michael

    • Thank you Michael. UPDATE: I have modified the procedure to include changes to /etc/lightdm/lightdm.conf, so autologin will continue to function with the new user name,

      Raspi-config does assume the name “pi” for a couple of its functions, eg. the password change and the boot environment configuration. Unfortunately, raspi-config is a large script that has the name “pi” hardwired throughout, so there is no easy way to change that. Even if there were, the changes would bw overwritten by the next update of the script. Of course users can still change passwords with the “passwd” command.

      • Sorry Jim, I should have been more precise. I was in fact referring to the same problem as Simon describes.

        Besides the ability of changing the user password (of pi) in raspi-config, under Boot Options (option 3 as I recall) you can choose to autologin into either console or desktop. I don’t actually use autologin myself, but testing this feature before changing the default user, I haven’t noticed any problems, and the feature actually worked quite well in Jessie.

        This might be of interest: http://raspberrypi.stackexchange.com/questions/12538/boot-into-the-gui-after-changing-default-user

        • Hi Michael. Yes, I am aware of the Boot Options/autologin on raspi-config. UPDATE: The article has now been updated to preserve the autologin functionality.

          Note that your stackexchange link refers to a question asked 2 years ago, predating the release of Raspbian Jessie. The information in the page is therefore presumably aimed at Wheezy.

  3. This is great – thanks.

    One thing I noticed after this, though, is that my new user doesn’t automatically login as user pi used to. Is there an easy way to solve that?

    Simon

    • Hi Simon. UPDATE: The article has been updated so that autologin functionality is preserved with the new user name. /etc/lightdm/lightdm.conf was added to the list of files that are modified.

      • Thanks, Jim

        I (mostly) solved my problem by editing
        /etc/lightdm/lightdm.conf
        and changing the line autologin-user=pi to match my new user name.

        This left me with an oddity that, although it auto-logged in to LXDE quite happilly, if I pressed Control-Alt-F1 to get back to the command line, it reported authentication failure. Looking more closely, I noticed it was still trying to log in there as user pi.

        More searching suggested I should edit
        /etc/system/systemd/autologin@.service
        to change the line
        ExecStart=-/sbin/agetty –autologin pi –noclear %I $TERM
        to match my new user name.

        That didn’t help much until I also created the directory /etc/systemd/system/getty@tty1.service.d
        and, in that directory, created file autologin.conf to include:

        [Service]
        ExecStart=
        ExecStart=-/sbin/agetty –autologin display –noclear %I 38400 linux

        (where the user name I am using is display – obviously, change yours to match whatever you’re using!)

        Now it auto-logs in to both LXDE and the hidden CLI screen you can access via Control-Alt-F1

        • Hi Simon
          UPDATE: The procedure has been modified so that ctrl-alt-F1 behaviour is preserved under the new user name. The file “autologin@.service” was added to the list of files that are changed. Thanks for the information.

          In my own testing, I didn’t have to create a “getty@tty1.service.d” file for it to work, so that isn’t in the procedure.

          Jim

  4. There is a reference to the user “pi” in the file /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf

    That seems to control the ability to issue the udisksctl mount command to get udisks2 to mount block devices. I had to change that occurrence of pi to my alternate user name otherwise when I try to use udisksctl I get prompted to authenticate as root instead of as my user name.

    • Hi Sam. That’s great information and I have updated the article to take care of it. The file “60-desktop-policy.conf” now gets modified, which should restore udisksctl functionality.

  5. Hi Jim,

    I tried to ask this question earlier, but it doesn’t look like it was posted.

    I followed your instructions to change the name from pi to a new name (oilwatcher), but now I cannot login. I get two errors:

    1) If I try to login via the Remote Desktop Connection I get the following message:

    connecting to sesman ip 127.0.0.1 port 3350
    sesman connect ok
    sending login info to session manager, please wait…
    xrdp_mm_preocess_login_response: login successful for display
    started connecting
    connecting to 127.0.0.1 5912
    top connected
    security level (1=none, 2=standard)
    password failed
    error – problem connecting

    If I use an incorrect password I just get:

    connecting to sesman ip 127.0.0.1 port 3350
    sesman connect ok
    sending login info to session manager, please wait…
    xrdp_mm_process_login_response: login failed

    The password is correct, and I even changed it to try that as a solution, but it still won’t let me use it for login. It does recognize the change though.

    2) If I login directly to the RPi touchscreen I get:

    GDBus: Error.org.freedesktop.PolicyKit1. Error.Failed: User of caller and user of subject differs.

    I’ve tried all day to log back into the Pi with the new username and have all of the files that I have on my Pi load to the desktop as usual, but I cannot get it to work. All of my files under the new username can be found within the FileManager if I put /home in the top bar. When I look at the files there is a /home/oilwatcher/pi file that has all my old desktop folders/files. I can open them, but I can’t move them.

    Tried various things with settings but no luck.

    Can you please, please tell me how to fix it?

    • After trying all online solution with no luck, I’m just going to have to reformat the SD card and rebuild the programs.

      Maybe there’s an issue with Raspbian Jessie, or maybe I just did something wrong. Either way, this is an issue that can cause data to be lost, so user’s should take all precautions backing up files.

    • Hi Stewart. Your setup is not straightforward – you are using remote desktop software to access the Pi, for example, and you have a touch screen also. Without actually being in front of your Pi, and looking closely at your whole setup, it is difficult to say how these factors might be affecting the situation or what the problem is.

      At any rate, at the end of the procedure, there is always the “tempuser” account, which should continue to work and is intended as a safety back stop. Could you have used that to access the Pi? It should not be removed until you are happy that your renamed user is working properly. If you can see files but not move them, it implies you are not the owner of the files and do not have write rights.

      Thanks for coming back and sorry it did not work out as intended.

  6. Everything is perfect!

    EXCEPT
    My main menu is empty, with Run & Shutdown as the only two options.

    I tried to edit the “Main Menu Editor” . But nothing changed. Its still the same. Empty.

    HELP
    p.s. I was only able to delete the tempuser after reboot.

  7. Hi Mieke, I am not sure why your menu is affected in this way. Without actually being there, it is difficult to say what has happened. Deleting the tempuser is something that should have been done only after you were happy that everything had worked okay. Anyway, sorry I can’t be more helpful. Perhaps you could create the tempuser again, the log out, then login again as tempuser – and see if things look okay.

  8. Thanks for these instructions, very useful for my MoodleBox project (moodlebox.net).

    There is now a new reference to the user “pi” in file /etc/sudoers.d/010_pi-nopasswd (raspbian version of 2016-09-23).

    You could update your instructions to cope with this change

      • …well that’s odd. Looking at the Raspbian 2016-09-23 release now. there is no file of that name. The only file in /etc/sudoers is the “README” file. I checked both versions (Jessie with PIXEL and Jessie Lite).

        What does your file 010_pi-nopasswd contain, if you can answer that without compromising security ?

        • This file was pushed out in one of the October upgrades and is now in the 11.25.16 release. If you are using the 9.23.16 release and run an upgrade command, or start from a fresh 11.25.16 release, you will be asked for a password when using the sudo command in a fresh terminal. Once you update the pi reference in /etc/sudoers.d/010_pi-nopasswd the sudo command will no longer ask for the password.

          p.s. this is a great tutorial and is by far the best I was able to find specifically for the Pi. Much appreciated!

          • Thanks for coming back Nicolas. I ran the upgrade (and phew does it take a long time). Yes it is there now: they moved the “pi” elevation line into a sub directory. Article updated accordingly. And an acknowledgement has been added to the end.

            To prevent errors being generated with older Raspbian versions that don’t have the file, I covered it with a wildcard in the sed and tar commands (sudoers.d/*). It’s tested and seems to work fine.

            Cheers, Jim.

  9. Thanks for the blog!
    how would you compare your suggestion against the one outline in the beginning of this article?
    https://mattwilcox.net/web-development/setting-up-a-secure-home-web-server-with-raspberry-pi

    I am quite new to this but his way seems a bit more straightforward (less trouble on the newby side), is this because he is starting from a clean install and running the updates and upgrades while the PI user is deleted?

    Is it that your way will keep ALL the PI user “higher privileges” and the linked method will not?
    I hope I make sense 🙂
    Appreciate your comment 🙂

    • Hi ame. The linked article describes how to delete the “pi” user, after creating another user with similar privileges. It is a good, well written procedure I think, for doing as its title suggests: “Setting up a (reasonably) secure home web-server”.

      The article was written in 2013, and predates the release of Raspbian 8, applying instead to Raspbian 7, which had far fewer dependencies on the “pi” user. In Raspbian 8, there are more things to change.

      The procedure above won’t really keep more of the Pi user privileges than the linked method. They both do that. But it will keep the system functioning better, in that it also changes the many files which reference the “pi” user in Raspbian 8, for example /etc/sudoers and /etc/lightdm/lightdm.conf. But if you are just setting up a test server and are not too bothered about every small thing working fully, wither method will do.

      • Thanks again!
        I actually end up trying both methods and they gave me the same result as far as I could see.
        1-In the GUI i could not access anymore to the configuration (no really a problem as I can run Raspi-Config on terminal
        2-Also from the GUI i cannot shutdown or reboot. Is asking me the password and it does not take neither the old Pi user pasword nor the new user one.
        3- Now I need to type the user password everytime I use the sudo command.

        The project I am working on is running a live cam that i can access remotely (RPi-Cam-Web-Interface ) so I can check the view, there are very beautiful sunsets at the location by the sea Then trigger my dslr remotely either for photos or for timelapse with Camera-Toolbox.

        Thanks for the blog!

  10. I have one additional item to add. If you like any of the Python games that are included in Raspbian, you will notice that the menu item for “Python Games” is missing. The problem is that the launcher is located in the re-named home directory and the desktop file sis still pointing the the “pi” directory. To get the Python Games menu item back you will need to do the following:

    Navigate to the directory ” /usr/share/raspi-ui-overrides/applications”
    Once there, open the the desktop file called “python-games.desktop” with your favorite editor and update the line “TryExec=/home/pi/python_games/launcher.sh” by changing the reference “pi” to the new user name. After updating, the menu item will be back! ;D

    • Okay, a step has been added to the procedure. After the “pi” home directory is moved, a soft link is created so that /home/pi/… references continue to resolve, including the one in python-games.desktop. The “Python Games” menu is preserved and the games work.

      A quick search found similar references in timidityinstall.sh and several node.js and sonic-pi scripts. Not important but they will resolve too.

Leave a Reply

Your email address will not be published. Required fields are marked *