HOME      Other material for programmers   Pi? Arduino? Other?
(Parent page for this and other small getting started with Raspberry Pi tutorials)

I have notes for translators, if you would add a translation.


Passwords on a Raspberry Pi

filename: pt0FirstPasswords.htm

Passwords. Can't live without them. Not always a joy living with them.

Using a Raspberry Pi involves more passwords than you might initially realise. (Partly because, at least in August 2018, the default install of Raspbian does a lot to hide passwords. Too much, in my view.)

You should, at the very least, have a password on your user. Initially, you will be using the Pi as user "pi"... and I'd resist changing that for a while, if I were you.

But.. put a password on your user account. Something better than "123". The easiest way to do that is to use the GUI.

Don't be too freaked out when you find that you can assign a new password to your user without having to enter the user's old password... even though you have a password after an initial install. ("raspberry"... initial password on user "pi".)

Don't worry for now... (a)- differnt user

These pages are by a Pi beginner, for Pi beginners. I will return to the question of passwords in a moment, but first I will touch on some related matters.

Any serious OS today has a system of users and permissions associated with those users. And Raspbian very much qualifies as a "serious OS" on those grounds.

But, for now, and maybe even after you put your Pi online as a webserver, the advice seems to be: Stick to working via user "pi", the default user. Seems odd to me, but I keep getting further confirmation that "this is the way to go."

By all means change user "pi"s password from the default "raspberry" to something more secure. By all means change the hostname of the Pi. Those two are simple in consequenses and to do.

A little more complex: Put a password on all "sudo" operations, if you can. It is a "nuisance" to enter the password each time you do a sudo, of course. Not half the nuisance of an unauthorized sudo command being executed. Compromise? (Bad one, but better than no password in sudo ops: A simple password. ((I qWILL TRY TO GET TO A PAGE ABOUT REQUIRING A PASSWORD FOR SUDO OPS))

Don't worry for now... (b)- "becoming" root user

Another "don't try to go down that route- bad idea, and/or unnecessary" idea: Becoming the root user of your Pi.

The "ordinary" user is "pi", as I said. That implies that there is an "un-ordinary" user. And indeed there is: the "root" user.

But, apparently (to my novice Pi eyes, after reading pages from "the experts"), it is neither a good idea, nor necessary to "become" user "root"... except in a limited way, by using the sudo command.

I've read conflicting information on the question of the root user's password. For now- leave it alone! (Putting a password on the use of the sudo command is, I think, a separate issue. Head aching yet? Mine is!)

Re-cap, and extension....

So.... my conclusion: I should stick to being user "pi". And I can put a password on the "pi" user account. (Via the GUI... we will come back to that.

There's a way to put a password on using the sudo command. That should more properly be described as "make user re-enter his/ her user password each time use of sudo is attempted." Thus the right password can be different for different users (if you have more than one set up on your Pi.) But the system is a little weak... if you've gotten past the authentication to "become" a sudo-empowered user, there are no further barriers to your use of sudo. (It does, at least, protect sudo from people taking advantage of a moment when a logged in user steps away from his/ her desk.)

And, though you may or may not have come to it yet, once you start using Samba (to share files (and printers?) across your LAN, that has another, separate password. (Of course, some people set the same password for both their use of their user account, and for using Samba. Makes life simpler... but also less secure.

Dealing with your "user" password

A detail: I quite like my early experiences with the Raspbian authentication environment. In the configuration I've stumbled along to, I do have to put my password in fairly frequently (which is my preference)... but not endlessly. When I've just put it in for something, and want to do that again, the OS doesn't always ask for it again, at that point.

Dealing with the password for using your user account (i.e... probably... user "pi"...) brings us to some interesting- to- some arcanae. They may apply in some ways to the management of other passwords. I don't know.

As I said long ago, you can change the password of whatever user you are logged in as from the GUI. Click The Menu raspberry, from the dropdown click on Preferences/ Raspberry Pi Configuration. That should bring you to the "Raspberry Pi Configuration" dialog. You may or may not have to enter your password along the way. If you do, I think you enter the password for whatever user account you are currently using.

That dialog has four tabs. You want the first: System. On that, there's a "Change Password" button. Click it, change your password. Job done!

Using the GUI to change your password will allow you to set a dangerously simple password, "x", say. Bad Idea... but who hasn't, at least "temporarily" done that? By the way- I read something that made me think that trying to set a user password to just "*" would be a Bad Idea. (However, you can... probably should... use things other than letters in passwords. Digits are good. At least "%^&" are okay.) (If you use the CLI sudo passwd command, it requires you to have a "better" password. It won't allow you to make the password just "x".)

Passwords are case sensitive. ("kitcat" won't do, if the password is "KitKat")

When entering a password in a CLI situation, nothing appears on the screen, not even "*"s, as you enter the password. The backspace key works, if you make a mistake, and realize before pressing the enter key.

You can't change a password to nothing via the GUI.

To remove a password from a user

To remove a password from a user... making it impossible to get into that user's space and privileges!... you need permission to use sudo, and you need to go into the CLI. If you, as user "pi" wanted to remove the password for user "alice", you would issue the following command... THINK before you do it... will you have a way to UN-do it? Don't remove the password from your own user account, especially if your user account (probably "pi" is the only user account that has been set up. (What follows is for making EXTRA users unuseable, and you have be warned that making extra users is not a good idea.)

sudo passwd -d alice

... would make it impossible to log in as user "alice".

However... even if you are user "pi", using sudo to To Things to user alice's Pi experience, there are better approaches. Either remove user alice (and all her files, etc, etc), or "lock" her account. Sort of like making it inaccessible by removing the password, but Better.

Maybe I shouldn't even have strted any of that? Sorry. If you have an appetite for detail, try, in the CLI, man passwd. It will give you the MANual entry for the passwd command.

The more I looked at the advice on the web about how you can have a user that can be accessed with no password, the more I came to the conclusion that it Just Isn't A Good Thing for a novice to attempt! (It can be done, but if you don't get setting it up right, there will be painful Uninteded Consequences.)

You may come across discussions of putting a password on the root account, on user "root". I won't be touching that until I know a LOT more about Raspbian. I don't think I can get into root at the moment. I can use "sudo" to do stuff as if I were user "root".

Hope that helped?

I hope that was helpful. Getting started is always so tedious. This page was just "a sidebar" off of my main "Getting started with Raspberry Pi" page. Feel free to contact me (see below) with comments, suggestions, questions... save the next reader being confused by something? Please cite this page's URI, if you do: qSUPPLY.




Footer

Please remember that this material is copyright. (TK Boyd, 2018) There are further notes in this page's parent page.




   Search this site or the web      powered by FreeFind

Site search Web search
Site Map    What's New    Search

The search engine is not intelligent. It merely seeks the words you specify. It will not do anything sensible with "What does the 'could not compile' error mean?" It will just return references to pages with "what", "does", "could", "not".... etc.

This page is a "sidebar" to my main discussion of Getting Started with the extraordinary Raspberry Pi.




To email this page's editor, Tom Boyd.... Editor's email address. Suggestions welcome!



Valid HTML 4.01 Transitional Page WILL BE tested for compliance with INDUSTRY (not MS-only) standards, using the free, publicly accessible validator at validator.w3.org. Mostly passes. There were two "unknown attributes" in Google+ button code. Sigh.

Why does this page cause a script to run? Because of the Google panels, the code for the search button, etc. Why do I mention scripts? Be sure you know all you need to about spyware.

....... P a g e . . . E n d s .....