NOTE: The article below applies only to Raspian distributions published before April 2022. At that point, the default “pi” user was dropped, for sound security reasons. Subsequent releases include an alternative, and more secure, process for creating a user of your choice (detailed at the above link).
The rest of this article remains online for historical reasons only, and should no longer be used. (author, 6/7/24).
Historical Article
The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.
Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure. This article was last updated on 31st May 2020 and tested with Raspbian (Raspios) Buster release 27/5/2020.
The procedure starts with a Raspberry Pi running the latest Raspbian (Raspio) image (Buster), with no other modifications. It should also work with the older Raspbian versions Stretch and Jessie.
Caution for Jessie users: Changing the name of the “pi” might cause a couple of the features of the raspi-config script to stop working, namely the option 2 to change pi’s password (the “passwd” command can easily be used instead), and option 3 to change the boot environment. It will also prevent menu item “Menu->Preferences->Raspberry Pi Configuration” (the graphical equivalent of raspi-config) from running altogether. If these are important to you, consider not continuing with this procedure.
NOTE: Some procedures on the Internet suggest using the usermod command to just rename the “pi” account. I would not recommend this, because usermod does not update secondary group ownerships, and the Pi user user has many of these. For example, the pi user is able to read the /var/log/syslog file by virtue of being a member of the adm group. Altering the pi user with usermod will break this functionality, as well as other features of the Pi account.
Also, the usermod command will often fail, especially on Raspbian 8 (Jessie), with the error message “usermod: user pi is currently used by process“. This is because user pi owns several system processes by default (in Jessie), and further because you may be logged in as pi and thus own one or more shell processes.
Summary
The “pi” user account has higher privileges than a normal Unix user account. This is so that you can use the “pi” account to manage the system effectively. As well as being enabled for sudo, “pi” user is a member of no less than 15 user groups, whereas a normal Unix user usually has only one or two group memberships. Changing the name of the “pi” user is therefore a little more challenging than changing the name of a normal Unix user.
In this procedure, a temporary user account is created and then used to change the “pi” user name. A sed pipeline performs the edits automatically. Afterwards, the temporary user is deleted.
Create a Temporary User Account
Log into your Pi, directly or from another system. Login as “pi” user.
Create a temporary user account as follows. This account will be used to make changes to the existing “pi” account and to other parts of the system. At the conclusion of this procedure, the temporary account will be deleted. Type following commands.
pi@pi ~ $ sudo useradd -m tempuser -s /bin/bash pi@pi ~ $ sudo passwd tempuser
Type a suitable password for the “tempuser” account.
Add the “tempuser” user to the group “sudo”:
pi@pi ~ $ sudo usermod -a -G sudo tempuser
Check the group file. You should see “temp” user has been added to the sudo group:
pi@pi ~ $ grep sudo /etc/group sudo:x:27:pi,tempuser
Looks good. Now log out of your Raspberry Pi altogether (you are currently logged in as user pi). You should not have any active logins as “pi”. If so, log out of all those sessions.
Login as Temporary User
Login to the Pi again, this time as user tempuser, using the password you created above. I am using SSH from another Linux system, so I do it like this.
othersystem$ ssh -l tempuser <IP address of Pi>
Once the login has completed, check that you are now “tempuser”:
tempuser@pi ~ $ id uid=1001(tempuser) gid=1004(tempuser) groups=1004(tempuser),27(sudo)
That looks correct. NB The numbers 1001, 1004 etc. don’t matter. Yours might be slightly different.
Choose a New Name for the “pi” User
For this example I will change the name of the “pi” user to “frederick”. You should select a different name of your own choosing.
Make sure that your chosen name is not the same as another existing user. Check it with the id command:
tempuser@pi ~ $ id frederick id: ‘frederick’: no such user
If the “id” command returns anything other than “no such user”, then please choose an alternative name, and test it again with “id”, before proceeding.
Files to be Changed
We need to change every reference to “pi” to (say) “frederick” within the files /etc/passwd, group, shadow, gshadow, sudoers, subuid, subgid, aswell as /etc/lightdm/lightdm.conf, /etc/systemd/system/autologin@.service, systemd/system/getty@tty1.service.d/autologin.conf, /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf and, in more recent Raspbian releases, /etc/sudoers.d/010_pi-nopasswd. Twelve files in all.
We could simply edit each file by hand. However it is easier to to the job automatically, especially since /etc/group (for example) contains 14 or more occurrences of “pi”. As well as being tedious, performing the edits manually could lead to errors that might prevent the pi from working properly, or even make it difficult to login at all.
Backup Files
First, take a backup of each file. The following tar command will do it. Enter your password when asked.
tempuser@pi ~ $ cd /etc tempuser@pi /etc $ sudo tar -cvf authfiles.tar passwd group shadow gshadow sudoers subuid subgid lightdm/lightdm.conf systemd/system/autologin@.service sudoers.d/010_pi-nopasswd systemd/system/getty@tty1.service.d/autologin.conf polkit-1/localauthority.conf.d/60-desktop-policy.conf
If you have just seen a couple of error messages about some missing files, eg. lightdm.conf, it probably means you are using a “lite” version of Raspbian. It doesn’t matter though, the command still worked, just carry on with the procedure.
Edit Files
Now issue the following commands to make the changes. There are two sed commands here. Be very careful to get both absolutely as written, including every slash, star, backslash and character, (except that you should replace the word “frederick” with your chosen name):
tempuser@pi ~ $ cd /etc tempuser@pi /etc $ sudo sed -i.$(date +'%y%m%d_%H%M%S') 's/\bpi\b/frederick/g' passwd group shadow gshadow sudoers subuid subgid systemd/system/autologin@.service sudoers.d/010_pi-nopasswd systemd/system/getty@tty1.service.d/autologin.conf polkit-1/localauthority.conf.d/60-desktop-policy.conf tempuser@pi /etc $ sudo sed -i.$(date +'%y%m%d_%H%M%S') 's/user=pi/user=frederick/' lightdm/lightdm.conf
The long “sed” commands change the word “pi” to “frederick” in each of the named files files. But before any changes are made, another backup copy of each file is created, just in case something went wrong or you ever want to undo the change. Having two backups isn’t really needed, it just provides some extra assurance in case the procedure does not work. NB. Raspbian Lite users might see a few messages about missing files again (“No such file or directory“). It doesn’t matter, the command still worked, just carry on.
Check that the changes were made as follows. Replace “frederick” with your chosen name. You should see many matches, as shown.
tempuser@pi ~ $ grep frederick /etc/group adm:x:4:frederick dialout:x:20:frederick cdrom:x:24:frederick sudo:x:27:frederick,tempuser audio:x:29:frederick video:x:44:frederick plugdev:x:46:frederick games:x:60:frederick users:x:100:frederick input:x:101:frederick netdev:x:108:frederick frederick:x:1000: spi:x:999:frederick i2c:x:998:frederick gpio:x:997:frederick
Every occurrence of “pi” in the /etc/group file has been changed to “frederick”.
Change the Name of the Pi Home Directory
Rename the “pi” user’s home directory.
tempuser@pi /etc $ sudo mv /home/pi /home/frederick
Then create a soft link as follows.
tempuser@pi /etc $ sudo ln -s /home/frederick /home/pi
The purpose of the soft link is to correctly resolve any broken references to the old “pi” home directory. For example, it prevents menu items such as “Python Games” from disappearing. Menu entries are controlled by files (under /usr/share/raspi-ui-overrides/applications), which refer to “/home/pi/<whatever>”. Creating the soft link allows the reference to resolve and is a common practice in this kind of situation.
Change the Name of the Crontab File
Rename the “pi” user’s crontab file. Remember to replace “frederick” in the following command with your chosen user name.
tempuser@pi /etc $ sudo [ -f /var/spool/cron/crontabs/pi ] && sudo mv -v /var/spool/cron/crontabs/pi /var/spool/cron/crontabs/frederick '/var/spool/cron/crontabs/pi' -> '/var/spool/cron/crontabs/frederick'
If the cron tab file called “pi” exists, it will be renamed to “frederick”. If it does not exist, the above command has no effect and nothing is printed. The cron file will exist only if you have previously set up cron jobs for execution under the “pi” user. Those jobs will now continue to be active for user “frederick”, in this example.
Change the Name of the Mail File
If you have ever used email as user “pi”, then a mail file will exist for the user, and it’s name should now be updated.
tempuser@pi /etc $ sudo [ -f /var/spool/mail/pi ] && sudo mv -v /var/spool/mail/pi /var/spool/mail/frederick '/var/spool/mail/pi' -> '/var/spool/mail/frederick'
If the mail file called “pi” exists, it will be renamed to “frederick”. Emails that were previously sent or received by user “pi” are now available for user “frederick”, in this example. If the file does not exist, the above command has no effect and no message is printed.
Completion
That completes the renaming of the “pi” user. The “pi” user no longer exists, as such. It has been renamed to “frederick”, or whatever name you have chosen. From now on you should log in with the new name. Any operations that were possible with the “pi” user will also be possible with your renamed user.
Test the New User
In another window on a remote system, try to login to the Pi as your new user.
othersystem $ ssh -l frederick <IP address of pi>
Use the same password as previously used for the “pi” user.
Alternatively, if you are using the Pi desktop (the GUI), you could simply logout (Menu->Shutdown->Logout), and then login again with your new user name.
Any data that previously belonged to the “pi” user now belongs to your renamed user (“frederick” in this case), including the pi home directory and everything in it. Check it now:
frederick@pi ~ $ cd frederick@pi ~ $ ls -al total 24 drwxr-xr-x 2 frederick frederick 4096 Dec 15 21:16 . drwxr-xr-x 4 root root 4096 Dec 17 12:11 .. -rw------- 1 frederick frederick 773 Dec 17 11:52 .bash_history -rw-r--r-- 1 frederick frederick 220 Nov 21 20:32 .bash_logout -rw-r--r-- 1 frederick frederick 3512 Nov 21 20:32 .bashrc -rw-r--r-- 1 frederick frederick 675 Nov 21 20:32 .profile ...and so on
Change the User Password
If your user password is still the same as the factory default (perhaps because you never changed it for “pi” user), change it to something more secure now:
frederick@jessie:/etc $ passwd frederick Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Remove the Temporary User
Finally, once you are satisfied that the renamed “pi” account (“frederick” above) is working correctly, delete tempuser as follows. If you have any sessions logged into the pi as tempuser, log them out first.
It might be a good idea to delay this step for a few days, after you have logged into the Pi several times as your renamed user, and you are sure the renamed user is operating correctly.
frederick@pi ~ $ sudo userdel tempuser
NB. If you see a message like “userdel: user tempuser is currently used by process 1776“, it means that some processes belonging to the user (tempuser) are still running. Stop them as follows:
$ sudo pkill -u tempuser
Then repeat the userdel, and tempuser will be successfully removed:
$ sudo userdel tempuser
A Systemd Feature
Incidentally, if you are wondering why tempuser still owned running processes even after logout, it is a bug/feature of systemd. The processes are left running so that users can continue tasks from where they left off after logging in, with tools like screen and tmux. The “bug” was removed in systemd release 230 in 2016, then replaced, and made a configerable feature, following complaints from users of screen/tmux. Configuration is controlled by /etc/systemd/logind.conf, as explained in the bug report.
Notes
You should find that pressing ctrl-alt-F1 to exit from the graphical desktop into the console works as before, and you can use ctrl-alt-F2 to switch back. This was achieved when the systemd/system/autologin@.service file was changed. However, console switching is a bit old fashioned, and the preferred solution is to edit your GUI/console preferences with the raspi-config “Boot Options” sub menu.
The udisksctl should also continue to work, if you are a user of that. Changes made to the file 60-desktop-policy.conf switched control of that command from the “pi” user to your new user name.
Conclusion
I hope that this procedure has been useful. Thanks to Simon Blake, Sam Roberts and Nicolas from moodlebox.net and Dooley for file updates (see below). 20/6/19 – Thanks also to Phillipe for his advice on updating the procedure for Raspbian 9.9 (alterations to the way that lightdm.conf is edited). 14/4/20 – Thanks to Johannes for adding subuid and subgid files. 31/5/20 Thanks to Billy for the tip on file /etc/systemd/system/getty@tty1.service.d/autologin.conf.
Thanks for a very helpful procedure. Much improves security on the home network. Next step just has to be changing the hostname from ‘raspberrypi’ to something shorter and much less obvious.
Thanks so much for your help! I will test my new user and I will post any situation…
Cheers guys, glad it helped.
Hi Jim,
I have googled tons of tutorials explaining how to change the default user, and this is by far the most well written guide I have found. And not to mention up-to-date as well.
I totally agree on your concerns changing the pi account using the usermod command. Not all privileges will remain the same.
One consideration – using raspi-config after following your guide, the config utility still belives the default user is pi. Wouldn’t it be advisable to update the lightdm.conf and raspi-config script with the new username?
Once again, excellent guide!
Thanks, Michael
Thank you Michael. UPDATE: I have modified the procedure to include changes to /etc/lightdm/lightdm.conf, so autologin will continue to function with the new user name,
Raspi-config does assume the name “pi” for a couple of its functions, eg. the password change and the boot environment configuration. Unfortunately, raspi-config is a large script that has the name “pi” hardwired throughout, so there is no easy way to change that. Even if there were, the changes would bw overwritten by the next update of the script. Of course users can still change passwords with the “passwd” command.
Sorry Jim, I should have been more precise. I was in fact referring to the same problem as Simon describes.
Besides the ability of changing the user password (of pi) in raspi-config, under Boot Options (option 3 as I recall) you can choose to autologin into either console or desktop. I don’t actually use autologin myself, but testing this feature before changing the default user, I haven’t noticed any problems, and the feature actually worked quite well in Jessie.
This might be of interest: http://raspberrypi.stackexchange.com/questions/12538/boot-into-the-gui-after-changing-default-user
Hi Michael. Yes, I am aware of the Boot Options/autologin on raspi-config. UPDATE: The article has now been updated to preserve the autologin functionality.
Note that your stackexchange link refers to a question asked 2 years ago, predating the release of Raspbian Jessie. The information in the page is therefore presumably aimed at Wheezy.
This is great – thanks.
One thing I noticed after this, though, is that my new user doesn’t automatically login as user pi used to. Is there an easy way to solve that?
Simon
Hi Simon. UPDATE: The article has been updated so that autologin functionality is preserved with the new user name. /etc/lightdm/lightdm.conf was added to the list of files that are modified.
Thanks, Jim
I (mostly) solved my problem by editing
/etc/lightdm/lightdm.conf
and changing the line autologin-user=pi to match my new user name.
This left me with an oddity that, although it auto-logged in to LXDE quite happilly, if I pressed Control-Alt-F1 to get back to the command line, it reported authentication failure. Looking more closely, I noticed it was still trying to log in there as user pi.
More searching suggested I should edit
/etc/system/systemd/autologin@.service
to change the line
ExecStart=-/sbin/agetty –autologin pi –noclear %I $TERM
to match my new user name.
That didn’t help much until I also created the directory /etc/systemd/system/getty@tty1.service.d
and, in that directory, created file autologin.conf to include:
[Service]
ExecStart=
ExecStart=-/sbin/agetty –autologin display –noclear %I 38400 linux
(where the user name I am using is display – obviously, change yours to match whatever you’re using!)
Now it auto-logs in to both LXDE and the hidden CLI screen you can access via Control-Alt-F1
Hi Simon
UPDATE: The procedure has been modified so that ctrl-alt-F1 behaviour is preserved under the new user name. The file “autologin@.service” was added to the list of files that are changed. Thanks for the information.
In my own testing, I didn’t have to create a “getty@tty1.service.d” file for it to work, so that isn’t in the procedure.
Jim
There is a reference to the user “pi” in the file /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf
That seems to control the ability to issue the udisksctl mount command to get udisks2 to mount block devices. I had to change that occurrence of pi to my alternate user name otherwise when I try to use udisksctl I get prompted to authenticate as root instead of as my user name.
Hi Sam. That’s great information and I have updated the article to take care of it. The file “60-desktop-policy.conf” now gets modified, which should restore udisksctl functionality.
Great Article. Thank you very much
Thanks Sakthivel.
Hi Jim,
I tried to ask this question earlier, but it doesn’t look like it was posted.
I followed your instructions to change the name from pi to a new name (oilwatcher), but now I cannot login. I get two errors:
1) If I try to login via the Remote Desktop Connection I get the following message:
connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait…
xrdp_mm_preocess_login_response: login successful for display
started connecting
connecting to 127.0.0.1 5912
top connected
security level (1=none, 2=standard)
password failed
error – problem connecting
If I use an incorrect password I just get:
connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait…
xrdp_mm_process_login_response: login failed
The password is correct, and I even changed it to try that as a solution, but it still won’t let me use it for login. It does recognize the change though.
2) If I login directly to the RPi touchscreen I get:
GDBus: Error.org.freedesktop.PolicyKit1. Error.Failed: User of caller and user of subject differs.
I’ve tried all day to log back into the Pi with the new username and have all of the files that I have on my Pi load to the desktop as usual, but I cannot get it to work. All of my files under the new username can be found within the FileManager if I put /home in the top bar. When I look at the files there is a /home/oilwatcher/pi file that has all my old desktop folders/files. I can open them, but I can’t move them.
Tried various things with settings but no luck.
Can you please, please tell me how to fix it?
After trying all online solution with no luck, I’m just going to have to reformat the SD card and rebuild the programs.
Maybe there’s an issue with Raspbian Jessie, or maybe I just did something wrong. Either way, this is an issue that can cause data to be lost, so user’s should take all precautions backing up files.
Hi Stewart. Your setup is not straightforward – you are using remote desktop software to access the Pi, for example, and you have a touch screen also. Without actually being in front of your Pi, and looking closely at your whole setup, it is difficult to say how these factors might be affecting the situation or what the problem is.
At any rate, at the end of the procedure, there is always the “tempuser” account, which should continue to work and is intended as a safety back stop. Could you have used that to access the Pi? It should not be removed until you are happy that your renamed user is working properly. If you can see files but not move them, it implies you are not the owner of the files and do not have write rights.
Thanks for coming back and sorry it did not work out as intended.
Thank you very much , works perfect, at least a excellent tutorial. TOP.
Cheers Tobo.
Everything is perfect!
EXCEPT
My main menu is empty, with Run & Shutdown as the only two options.
I tried to edit the “Main Menu Editor” . But nothing changed. Its still the same. Empty.
HELP
p.s. I was only able to delete the tempuser after reboot.
Hi Mieke, I am not sure why your menu is affected in this way. Without actually being there, it is difficult to say what has happened. Deleting the tempuser is something that should have been done only after you were happy that everything had worked okay. Anyway, sorry I can’t be more helpful. Perhaps you could create the tempuser again, the log out, then login again as tempuser – and see if things look okay.
Great instructions. Exactly what I was looking for. Worked like a charm.
Thanks a lot!
Cheers Casual.
Thanks for these instructions, very useful for my MoodleBox project (moodlebox.net).
There is now a new reference to the user “pi” in file /etc/sudoers.d/010_pi-nopasswd (raspbian version of 2016-09-23).
You could update your instructions to cope with this change
Cheers Nicolas. Just downloaded the latest Raspbian (the full version – it is not in the Lite version) and checking it now…
…well that’s odd. Looking at the Raspbian 2016-09-23 release now. there is no file of that name. The only file in /etc/sudoers is the “README” file. I checked both versions (Jessie with PIXEL and Jessie Lite).
What does your file 010_pi-nopasswd contain, if you can answer that without compromising security ?
This file was pushed out in one of the October upgrades and is now in the 11.25.16 release. If you are using the 9.23.16 release and run an upgrade command, or start from a fresh 11.25.16 release, you will be asked for a password when using the sudo command in a fresh terminal. Once you update the pi reference in /etc/sudoers.d/010_pi-nopasswd the sudo command will no longer ask for the password.
p.s. this is a great tutorial and is by far the best I was able to find specifically for the Pi. Much appreciated!
Thanks for coming back Nicolas. I ran the upgrade (and phew does it take a long time). Yes it is there now: they moved the “pi” elevation line into a sub directory. Article updated accordingly. And an acknowledgement has been added to the end.
To prevent errors being generated with older Raspbian versions that don’t have the file, I covered it with a wildcard in the sed and tar commands (sudoers.d/*). It’s tested and seems to work fine.
Cheers, Jim.
Thanks for the blog!
how would you compare your suggestion against the one outline in the beginning of this article?
https://mattwilcox.net/web-development/setting-up-a-secure-home-web-server-with-raspberry-pi
I am quite new to this but his way seems a bit more straightforward (less trouble on the newby side), is this because he is starting from a clean install and running the updates and upgrades while the PI user is deleted?
Is it that your way will keep ALL the PI user “higher privileges” and the linked method will not?
I hope I make sense 🙂
Appreciate your comment 🙂
Hi ame. The linked article describes how to delete the “pi” user, after creating another user with similar privileges. It is a good, well written procedure I think, for doing as its title suggests: “Setting up a (reasonably) secure home web-server”.
The article was written in 2013, and predates the release of Raspbian 8, applying instead to Raspbian 7, which had far fewer dependencies on the “pi” user. In Raspbian 8, there are more things to change.
The procedure above won’t really keep more of the Pi user privileges than the linked method. They both do that. But it will keep the system functioning better, in that it also changes the many files which reference the “pi” user in Raspbian 8, for example /etc/sudoers and /etc/lightdm/lightdm.conf. But if you are just setting up a test server and are not too bothered about every small thing working fully, wither method will do.
Thanks again!
I actually end up trying both methods and they gave me the same result as far as I could see.
1-In the GUI i could not access anymore to the configuration (no really a problem as I can run Raspi-Config on terminal
2-Also from the GUI i cannot shutdown or reboot. Is asking me the password and it does not take neither the old Pi user pasword nor the new user one.
3- Now I need to type the user password everytime I use the sudo command.
The project I am working on is running a live cam that i can access remotely (RPi-Cam-Web-Interface ) so I can check the view, there are very beautiful sunsets at the location by the sea Then trigger my dslr remotely either for photos or for timelapse with Camera-Toolbox.
Thanks for the blog!
Cheers Ame.
I have one additional item to add. If you like any of the Python games that are included in Raspbian, you will notice that the menu item for “Python Games” is missing. The problem is that the launcher is located in the re-named home directory and the desktop file sis still pointing the the “pi” directory. To get the Python Games menu item back you will need to do the following:
Navigate to the directory ” /usr/share/raspi-ui-overrides/applications”
Once there, open the the desktop file called “python-games.desktop” with your favorite editor and update the line “TryExec=/home/pi/python_games/launcher.sh” by changing the reference “pi” to the new user name. After updating, the menu item will be back! ;D
Good spot Dooley. At the moment I don’t have access to a Pi running the UI, but will check it later on.
Okay, a step has been added to the procedure. After the “pi” home directory is moved, a soft link is created so that /home/pi/… references continue to resolve, including the one in python-games.desktop. The “Python Games” menu is preserved and the games work.
A quick search found similar references in timidityinstall.sh and several node.js and sonic-pi scripts. Not important but they will resolve too.
Hey thanks! This worked perfectly!
Good news Anurada.
Hi there and thanks for the clear and detailed instructions.
I had one problem:
lightdm seems to require the installation of accountsservice .
Without accountsservice, lightdm doesn’t authenticate the user and autologin fails, presenting just a black screen with flashing cursor.
(NOTE: login is still possible via ssh or ctrl-alt-F2)
A simple apt-get install accountsservice fixes this.
I believe it should be an optional requirement
Hi Gary, whoops I seemed to overlook your question so this reply is a bit late. You say that autologin was broken. What release and version of Raspbian were you using ?
This scripts of rename default pi worked charmingly. However, I noticed that not only the password change with raspi-config did not working as Jim mentioned, the Menu -> Preferences -> GUI of raspberry configuration was not able to open as well, still stating that it needs ‘pi’ and ‘Device Tree’ needs to be enabled. I checked around found out that the /usr/bin/raspi-config file still called ‘pi’ user in many scripts within. Even I corrected it with my new user. The GUI part is still not work. So scripts missed updating the ‘pi’ somewhere for the GUI part (although it is not critical. many console commands can run the same thing).
Hi spausnavy01. Yes, after the name of the “pi” user is changed, the raspi-config program can no longer be used to do certain things, such as changing the “pi” password (option 2) and the boot environment (option 3). This is explained at the start of the procedure. As you point out, the Menu->Preferences->Rasperry Pi Configuration item does not run. Menu item “Raspberry Pi Configuration” calls a program called rc_gui, a graphical version of raspi-config. rc_gui does not run because it does a pre-check, discovers that there is no longer a user called “pi” and exits at that point. However, as you say,this should not be such a drawback because the command line can be used instead to perform operations not possible with rc_gui or raspi-config. NB. I have added a note to the procedure about rc_gui not running.
namely the option 2 to change pi’s password (the “passwd” command can easily be used instead), and option 3 to change the boot environment. I as explained in the procedure, such as
thanks for the detailed instsructions. Works like a charm!
Good stuff wimpel.
Thanks for the great and thorough write-up of this procedure. Worked like a charm.
Cheers Alex.
It is more easy to rename all pi as create tempuser:
Log in as root and rename the pi group on the name you whant:
groupmod –new-name NEW_GROUP_NAME OLD_GROUP_NAME
Hi Bingo Bingo,
I am not sure how renaming the primary user group of the Pi account will help. It is likely to have the same disadvantages as the “usermod” command, as discussed in the first part of the procedure.
Very useful tip, it worked very well for me and I have learned some practical skills. Thank you Fredrick!
Cheers Raymond.
Thanks so much for this. Seems to be working fine on latest release ‘scratch’.
Cheers Jeffrey. And thanks for confirming it works on Debian 9 (I think it is called “stretch”), I hadn’t tested that yet.
Wow this is the best way to do this and the only one that works!
thanks so much for doing this.
Cheers Ace!
Hi Jim,
I used to applied the above method on the RPi Jessie and its working fine but until today i refresh with RPi Stretch its stop me on the “new user” login box after logout from GUI. After reboot the RPi in blank screen can’t see any GUI. Is ok for you to try it out?
Many thanks.
Hi CW. I haven’t tried the procedure on Debian 9 (Stretch) personally, but it has been confirmed as working by Jeffrey – see his comment on October 3, 2017 at 1:38 am. Stretch handles users slightly differently, see the release notes for a bit more info… https://www.raspberrypi.org/blog/raspbian-stretch/ (“better handling of other user names). Perhaps this helps.
thanks Jim!
Hey Jim,
I followed your steps and have successfully renamed the pi user. However, when I insert a pendrive I get an error saying the particular directory is not valid. ‘/media/NewPi/C5F4-698A’ is not valid. Would be great to know what’s going on here.
Hi Sanjay, I just tested the procedure on Raspbian (Stretch), inserting a pen drive before and after changing the user name. It worked fine in both cases. I am not sure what has happened on your system. Didyou remember to rename the pi home directory to /home/NewPi ?
Hi
Great article…. easy and simple to follow…
Im quite the beginner when it comes any flavor of unix. im a windows dude..
But i think there might e an additional step missing, atleast thats what i have found – i think…. its crontab… i know i added an entry before i renamed the user… as the script wasnt executed.. so when i looked again with crontab -e it was not there.. so i enabled logging and restarted cron… when i found this in the log
Nov 26 13:40:01 xxxx cron[234]: (pi) ORPHAN (no passwd entry)
Nov 26 13:42:01 xxxx CRON[4328]: (CRON) info (No MTA installed, discarding output)
but after adding the job again, it seem to work – but perhaps there is something missing or floating?
Just thought i would give a heads up.
btw – if you are using the lite version of raspbian, at least thats what i hope is causing this… the following two files were not there – in fact lightdm folder does not exists at all, havnt checked the polkit stuff
lightdm/lightdm.conf
polkit-1/localauthority.conf.d/60-desktop-policy.conf
Hi Stig, sorry for the delay in replying. Yes, the procedure did not take account of any cron jobs that might have been set up. (It is intended for newly installed Pis, after all). The crontab file remained in the old user’s name and was therefore orphaned, causing the first of those log messages. The second message is in respinse to crin trying to send an email. It can’t, because Raspbian Lite has no email software installed by default.
You have fixed the problem by using “crontab -e” as the renamed user, thereby creating a new crontab file in the correct name. Another fix would have been to rename the cron file (/var/spool/cron/crontabs/pi) as part of the procedure. I have added as a section for that, called “Change the Name of the Crontab File”. Another section has been added too, for anyone who has been using email with their Pi. It explains how to change the name of the mail file, which will make “pi” user’s emails, if any, accessible to the renamed user.
Thanks for the feedback, that was pretty well spotted for “windows dude”.
Cheers,
Jim.
PS – Some explanation has also been added about messages relating to missing files under Raspbian Lite. It doesn’t cause a problem with those tar and sed commands, which still run normally on files which are present.
Hi, I noticed that ‘/home/tempuser/’ still exists after following this guide. Is it still needed?
Hi Adam. Once you have removed the “tempuser” account with the userdel command, the directory /home/tempuser is no longer needed.
Thank you!
Thanks!
Love it. This is a great article and the only way you could improve it is by providing a shells script that takes the new user name as an argument, does all that checking status after each step and bailing as needed. Shouldn’t be too hard to write, almost did it myself, but hey, needed it once so did it by hand ;-).
Hi Thumb one. Such a script would need to be very carefully tested indeed, as even a small bug could render the the user unable to log in to their Pi, requiring a complete rebuild. The script would also have to be modified, and retested, for every new Raspbian release, so quite a lot of work would be required. If you want to write a script, I’ll happily link to it from here…
You may look at these lines of an (open source) script I’ve made just for this:
[Github link removed]
Cheers 🙂
PS. I don’t use bash anymore for my project, but Ansible. However, the procedure to change the user is the same: see [Github link removed]
Hi Nicolas. You’ve provided links to a Raspberry Pi setup script which includes lines automating the above procedure, and another link to a YML file that does the same under Ansible. Thank you for your contribution. And thanks for the attribution in the code too. However, I am not directly recommending these scripts to readers of this article, and have removed the links. Reasons as follows. The scripts implement a large Moodlebox server, building a Pi from scratch into a specialized application. They are not directly applicable for someone who just wants to rename the Pi user. Being part of a well tested build, they also do not provide the safety features of the full procedure above (the roll back path provided by the temporary user).
In writing the article, I deliberately tried to make it super-safe, because it will be read by beginners, and because any mistake could lead to a inoperable Pi that would require a full re-image. [More advanced/curious readers can find Nicolas’ bash script, make_moodlebox.sh, by searching “git moodlebox”].
Hi Jim,
I totally understand your point of view: this is not for the faint of art, and you won’t take the responsibility for other’s works, which is fine :-). And indeed, advanced users can find it quite easily my script.
Cheers, Nicolas
PS. Re: your safety concerns, I’m quite confident that Ansible does this very securely (in fact more securely than doing it manually). But this is another story. N.
After following all your instructions I ran into problems to get my autologin working.
System: Linux raspberrypi 4.9.35-v7+ #1014 SMP Fri Jun 30 14:47:43 BST 2017 armv7l GNU/Linux (Jessie)
Machine:Revision : 1a01041 = 2 B
After rebooting there was always a login dialog.
Logging in with my credentials returned the same Message-box again and again.
I could login for tempuser and for root.
Ctl+Alt+F1 was leading to a black screen
Ctl+Alt+F2-F6 allowed me to login either with my account or with tempuser or root and then I could startx
I went through my raspi-config and added some whiptail message-boxes to see the actions and varables.
I found that I needed to change the line (914) from
if id -u pi > /dev/null 2>&1; then
to
if id -u 1000 > /dev/null 2>&1; then
I concluded that the value of $SYSTEMD was 1
and of course changed the line(927) from
sed /etc/lightdm/lightdm.conf -i -e “s/^\(#\|\)autologin-user=.*/autologin-user=pi/”
to
sed /etc/lightdm/lightdm.conf -i -e “s/^\(#\|\)autologin-user=.*/autologin-user=myaccount/”
I checked with systemctl that the subsequent lines had been executed.
But still always a login-box popped up.
Strange thing: in the dropdown my accountname appeared twice!
In auth.log I found
Aug 16 22:21:25 raspberrypi systemd: pam_unix(systemd-user:session): session opened for user myaccount by (uid=0)
The reason:
To test ssh I had created an account with the same username before (without ~directory) and forgot about that!
After deleting the lines with that name and user id 1001 in /etc/passwd and /etc/shadow all was fine
Thanks for your clear tutorial.
PS. You possibly could add a hint to check this first before making all further steps of the tutorial.
Hi Michael,
I understand that after the procedure was executed, auto login stopped working. You traced the cause to the presence of an existing user, having the same name that you were trying to change the “pi” user to. Is that correct?
The result I think would be two entries in /etc/passwd with the same name, which would likely cause problems, including perhaps those experienced with auto-login. As you suggest, I have added a note to the article (“Choose a New Name for the Pi user”) to warn future users of this situation. Cheers, Jim.
Hello Nicolas.
Yes, your assumpyion is correct.
I deleted the one with id 1001 and kept 1000.
I did a search for 1001 in all files to make sure there were no more entries linked to that account.
The system is stable now and I learnt a few extra-lessons.
Thanks again and greetings
Mike
Cheers for that Michael. Glad it is working now. Jim.
Hi Jim.
After searching in countless sites information on how to change the name of the default user of Raspberry Pi, and not work any (Error usermod: user pi is currently used by the process xx). I found your article by chance. I’m a novice in the use of Raspberry and in it’s my first attempt at programming, and I had serious doubts if I could really get it. With many nerves, but following his indications promptly, I must say that everything worked for me in the first attempt, for which I want to congratulate him for such a perfect explanation, that a novice user managed to make everything work perfectly.
I will recommend your excellent page to all my acquaintances who are starting in the world of Raspberry Pi. Many congratulations, and many, many thanks.
Greetings from Barcelona, Catalunya (Spain)
Vicente Jareño
Hi Vincente,
Glad it worked for you many thanks. Muchas gracias.
Jim.
Awesome, thanks
Cheers Michael.
Worked flawlessly, unlike the latest Raspbian ‘upgrade’. It took me two days the first time I attempted to rename pi, this time it took two minutes using the info on this page. Thank you Jim.
Cheers Billy.
Hello. The raspberry PI and the UNIX language is pretty new to me.. Wouldn’t be simpler just to use the Pixel interface (Settings / System / Hostname and password) ?
Did the job for me… Then I start a shell, the “PI” user is not there anymore…
The hostname is the name of the hardware, the username the name of the user. When you open a terminalwindow your prompt looks like “pi@raspberrypi” or something, in other words “username@hostname”.
Just create a new user and let the pi user untouched (except the pass) until you learned how the usermanagement works. Later you can add you new user to the sudoers list and the groups too, may delete pi after that if all works well.
One bad typo in one of the commands from above and you end in a useless pi account or may not even be able to login again.
Sorry for the bad spelling, hope my english is good enough to describe it^^
Hi Aratosh, regarding your comment:
“One bad typo in one of the commands from above and you end in a useless pi account or may not even be able to login again.”
This is not correct. A temporary user is created, so that in the event of a mistake with the Pi account, the system will still be accessible. Backups are also taken before any files are changed, as explained in the article (did you read it?).
Cheers,
Jim.
Hi Mathieu. The option you describe allows the hostname and password to be changed, but not the name of the Pi user. The article above is specifically about changing the name of the Pi user. Cheers, Jim.
Hi Jim,
Thank you so much for this great tutorial.
However, one suggestion. With Raspbian 9.9 , your command line with “sed” that replace “pi” with “frederick” in lightdm.conf change the line “greeter-session=pi-greeter” with “greeter-session=frederick-greeter”. That breaks the link to pi-greeter.conf that still needed to start the system with lightdm or even logout from a gui session.
A “sudo cat /var/log/lightdm/lightdm.log” in this case give this :
[+0.05s] DEBUG: Seat seat0: Failed to find session configuration frederick-greeter
So i suggest to leave the line “greeter-session=pi-greeter” as it is by default in lightdm.conf.
Cheers
Philippe
Hi Philippe. A great bit of research, thank you. I reproduced the conditions (using Raspbian 9.9 Desktop) and I can see the debug message there in the log file. I didn’t encounter the problem you did with logging in and out of the graphical environment. However, I think you are right about lightdm.conf. The string “greeter-session=pi-greeter” refers not to the “pi” user, but to the “pi” as a system. It should therefore remain unchanged.
The procedure has been modified to leave “pi-greeter” unchanged, as you suggest. The main sed command has been changed, and a new sed command added, so that lightdm.conf is treated differently to other files. You have an acknowledgement in the Conclusion section, also.
Cheers,
Jim.
Hi, thank you very much for updating this tutorial for Raspbian 9.9. Would you be kindly making one for Debian buster based Rasbian lite image?
Hi Parth,
I have just tested the procedure with Raspbian 10 Buster, and it works correctly with no modifications. Cheers, Jim.
Thank you very much Jim. I truly appreciate your detailed articles. Have a wonderful time ahead.
Just used your info on a new ‘Buster’ and it completed 100% flawlessly.
This must be one of the most useful pages in my bookmarks Jim, I’m sure I’ll return for ‘Bullseye’. Thanks for keeping it updated.
Hi Billy, excellent, and cheers for that. Sorry about the lateness of this reply, which has been due to personal illness.
Pretty darned impressed with the “home made wind turbine” at https://www.myintarweb.co.uk/
Sorry to hear you’ve been not well Jim, here’s hoping for a speedy recovery.
Thank you Billy. Better now.
This has saved me a lot of time when updating my Pi’s. It is the first thing I do after booting a new Pi. There is no better guide available. Thanks.
Actually I have used this page so many times, that I decided to automate the task. I am not an experienced bash programmer, but I have created a script that uses your guide to automatically rename the default user.
If interested take a look at https://github.com/pchri/renamepi
Thanks for your hard work. I hope one day this becomes superfluous and we will be allowed the specify the default user at first boot.
Hi Poul, thanks. And thanks again for the attribution on your Github project page. I agree that automating this process is a good idea, especially if it is a thing you do after every Raspbian install. And it looks like a good script. Sooner or later, the Pi guys will add this as an option in raspi-config, which will save us all a bit of time. Cheers again.
Jim.
i like to leave a “thank you and the contributors” here.
A HUGE thanks for the article. I do not like having a ‘default’ user that is not easily renamed. Thanks for making the changes.
Not to be a wet blanket, but I did find something that I can’t quite figure out. I use x2x to allow keyboard and mouse to be used on 2 computers The scripts shown on the manual page for x2x use no longer function. I get an error message “/usr/bin/x2x: No such file or directory” and just typing “x2x” causes “bash: x2x: command not found”. The scripts are correct (see x2x man page) and worked before the default user name was changed. I’ve spent a bit of time on this and no luck.
Thanks,
–Jim
Hi Jim, glad the basic procedure worked for you. About x2x, the message “/usr/bin/x2x: No such file or directory” seems to indicate that x2x is not installed on the system. Or it was installed and has since been removed or deleted.
Cheers,
Jim.
Thank you very very much for this great article.
After a bunch of others, this one worked. Maybe the others haven’t yet been “updated” to buster.
I am very grateful for this wonderful article, thanks again.
Cherrs, Juergen
Hi Jürgen
Thanks! Glad it worked for you. Happy Christmas.
Jim.
Thanks for this very complete and useful guide. Worked well with Raspberry Pi 4B running full Raspbian.
Cheers Joe.
Hello again,
after successfully changing usernames on three pi’s with help of this wonderful tutorial, i would like to suggest a very last step to do:
Once the tempuser is deleted, i found that the home folders “tempuser” and “pi” still exist and i believed it to be a good idea to delete them both with “sudo rm-r /home/tempuser” and “sudo rm -r /home/pi”.
So i did, and the folder tree is not that much confusing now as it was before.
If the idea was not that good, pls. let me know.
Thanks again for this great tutorial.
Best regards, juergen
Hi Jürgen, please do not remove “/home/pi”. It is not a directory, but a soft link created under the section entitled “Change the Name of the Pi Home Directory”. It is there to ensure compatibility with any software packages that have “/home/pi” hardwired into them. I would recommend that you replace the link with the command:
$ sudo ln -s /home/frederick /home/pi
replacing “frederick” with your chosen name.
Regarding tempuser, yes it is fine to remove that. The procedure could be changed to delete the directory automatically, (by changing “userdel” to “userdel -r”), but things are safer without the “-r” option, as it prevents a reader from accidentally removing the wrong directory.
Cheers,
Jim.
Hello Jim,
good to know this, thanks for the advice.
I followed it and replaced the link.
Thanks a lot again!
Best regards, juergen
Cheers Jürgen.
Great for this article, thanks!
Please also include /etc/subgid and /etc/subuid in the script, they were missing.
Thanks a lot
Hi Johannes, well spotted! setuid and gid have been added, with an acknowledgement in the Conclusion.
Great, thanks!
Hi Jim,
I normally don’t do this, but in this case I just had to leave you a big Thank you! Your post is by far one of the best out there. Not only is it very well written, it also mentiones every reason why something is done. There are a lot of “tutorials” out there which are like “I did this and this and afterwards I did this..”. That is not a “tutorial” or “walkthrough”. Your post is! You are like “We have to do this BECAUSE OF that…” and I don’t think that you even know how usefull and reassuring this is, especially if you are not a pro. I really appreciate the effort you put into this and to update this so regularely is just more than top notch. Thank you so much, I learned a lot today thanks to you!
Thanks Felix, that was my aim when writing the article. It is good to know that you found it beneficial. Very complimentary. Cheers, Jim.
Great article. Found another spot to update: /var/lib/systemd/linger
This only applies if ‘loginctl enable-linger’ has been used on the account.
Cheers John. I read about systemd linger and agree it would need to be included in the process, if active. However I’m not going to add it for now, because it isn’t on by default in any Raspbian distribution. I can’t imagine the average user using it, and it isn’t active any of my Pis (and would so take a correspondingly large effort to implement, test and document). Thanks for the suggestion in any event. Jim.
Heyup Jim,
I had to edit ‘/systemd/system/autologin@.service.d/autologin.conf’ too, to login on ctrl+alt+f1 correctly.
Don’t know if this is something new in Buster, but there you have it.
Keep up the good work, I know I’m not the only one that appreciates this page.
All the best – Billy
Hi Billy,
Thanks for coming back. After some testing, I am unable to find the directory /systemd/system/autologin@.service.d. It doesn’t seem to exist either in the lite or full desktop (+recommended software) versions of Raspbian. Adding an external monitor/keyboard and doing ctrl+alt+F1 a number of times didn’t result in the folder being created either.
Finally I searched Google for the full folder name “/systemd/system/autologin@.service.d”. Only two hits:
– this page
– a retropie script on Github
So there doesn’t seem to be much scope for extending the article, unfortunately. Cheers anyway.
I managed to supply the wrong filename Jim, sorry about that.
This is a fresh install of 2020-02-13-raspbian-buster.zip, which was only superseded a couple of days ago.
I double checked the filename, and it is :-
“/etc/systemd/system/getty@tty1.service.d/autologin.conf”
How I managed to quote the wrong filename originally I will have to blame on my advancing years.
It only tries to login as pi in the ctrl+alt+f1, which I guess most people neither know or care about.
Probably not worth the effort to alter your excellent tutorial, but just leaving it here in the comments where anyone interested can find it will suffice.
Cheers.
Hi Josh,
Thanks. The article has been updated to include /etc/systemd/system/getty@tty1.service.d/autologin.conf and tested on Raspian release 27/5/20. I’ve also put an acknowledgement in the Conclusion.
Speaking of Raspbian, we are supposed to start Raspios, seemingly. A new Pi 4 model has just been released with 8 GB of memory. Nice.
Jim
Hello again,
thanks again for this nice tutorial, i now tried it again due to a fresh install and this time i made a mistake:
At the point “Change the Name of the Pi Home Directory” i forgot to replace “frederick” with the correct new username.
I nrepeated this two steps with the right username and now i have no idea how to correct this mistakes. I now have a folder “frederick” and one with the correct username.
Is there a way to repair this”
Thanks again.
Best regards, juergen
Hi Jurgen. Without knowing exactly what commands were executed and in what order, and without being there to see the result, it is difficult to advise.
The first command would have renamed your pi user to “frederick”. At that state, just renaming “frederic” to would have fixed things. (“mv frederick “).
However, two other commands were run and I am not sure what those were. A second and third attempt to rename “pi” to would both have failed because the “pi” home directory no longer existed at that point. Sorry it’s not possible to give more accurate advice. Cheers, Jim.