As you may know, on Raspberry Pi OS, you get only the pi user by default
It’s not an administrator account for the Raspberry Pi, so you can’t configure things directly with this user.
For example, you can’t use the commands “reboot” or “shutdown” directly
Why? How it works? How to disable this? We’ll see everything in this post.
The command “sudo su” allows switching from the current user to an administrator terminal. Sudo won’t be required anymore after that.
But I don’t recommend it.
In this post, I’ll explain what is the sudo command, and why Raspberry Pi OS developers add this and disable the root user.
And then I’ll show you how to do things as root on Raspberry Pi.
By the way, if you are really interested in improving your skills on Raspberry Pi, I highly recommend to check out my e-book here. It’s a 30-days challenge from beginner to master, with step-by-step tutorials and many projects to practice along the way.
I want to start with some reminders about Linux systems.
If you start on Linux with your fresh new Raspberry Pi, this could help you understand better.
What is “root”?
On Linux operating systems, “root” is the administrator user.
On Windows, you have the “Administrator” account (and most of the time anyone is admin), on Linux it’s “root”.
This user has all permissions on the system.
If you want to create files in /etc, reboot the system, change the network configuration, you need root privileges.
At the beginning of the Linux history, you got root access directly after the installation.
But developers have changed this by asking to create a standard user in the installation process, with no direct privileges.
Why did Debian developers hide it?
Before this, everyone used root, and mainly only root.
So it was easy to break something, and also as everyone logs as root, you can’t know who change something, it’s only “root”.
So Debian developers have changed this to force the creation of the first user in the installation process and then giving this user a way to elevate his privileges like an administrator: sudo.
The main goal was to give everyone only needed privileges to work, but a possibility to get more temporarily if needed.
The sudo command
Let’s see now what’s sudo and how to use it.
Sudo is a prefix command used to run any command with root permissions.
When you put “sudo” just before your command, you get administrator privileges for this command.
The system can ask your password the first time you use it.
How to use sudo
Here is an example:
pi@raspberrypi:~ $ shutdown -h 20:00
Failed to set wall message, ignoring: Interactive authentication required. Failed to call Schedule
Shutdown in logind, proceeding with immediate shutdown: Interactive authentication required.
pi@raspberrypi:~ $ sudo shutdown -h 20:00
Shutdown scheduled for Mon 2018-12-31 20:00:00 GMT, use 'shutdown -c' to cancel.
You need root privileges to stop your Raspberry Pi.
So the first command failed with “authentication required”, but the second is ok.
Switch to root on Raspberry Pi OS
If you are on a project, which need you to run 50 commands as root, maybe it’ll be boring to think about adding sudo before each one.
There is a way to switch from your user to root user:
su is a command to switch user, if you are root, it allows you switch to another user:
su - <username>
Without a parameter, it gives you the root terminal, but you need sudo to run this command.
Here is an example:
pi@raspberrypi:~ $ sudo su root@raspberrypi:/home/pi#
As you see, in the second line I get a # terminal, beginning by root@raspberrypi.
So I’m ready to run all my commands as root.
Use “exit” to come back to the pi user terminal.
We just saw how to use sudo with the default pi user.
But if you created other users, is it the same?
By default, the new users can’t use sudo.
- root: direct access to administrator privileges for any command
- pi: administrator privileges if needed through the sudo command
- Other users: no administrator privileges
But if you need sudo on other users, it’s possible.
We’ll see the procedure just after.
Allow a user to use sudo
To allow a user to run commands with sudo, add this user to the sudo group like this:
sudo adduser <username> sudo
Switch to this user account and try:
sudo su - <username>
On the first access you’ll get a warning message like this:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
But then it’s ok, you’re ready-to-use sudo with this user account.
Login with root remotely
I don’t recommend allowing remote access for the root user.
But it can be useful sometimes, for automated connections for examples (scripts), so I give you the procedure here.
Create a password for root
The first thing to do is to create a password for the root user.
As you want to access it directly, the pi user password wouldn’t help.
The easiest way to do this is to use this command:
This may ask your password, and then the new password for root.
Here is an example of what you should get:
pi@raspberrypi:~ $ sudo passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Allow SSH access for root
The root user has now a password set, but it’s not enough to access your Raspberry Pi with this account directly.
You need to edit the SSH server configuration file to allow root to log in:
- Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Find this line:
- Replace by this one:
We remove the # to enable this option (# = comment).
And then change the value to “yes” to allow direct login with password.
- Save and exit (CTRL+O, CTRL+X)
- Restart SSH:
sudo service ssh restart
- Try again, it should be ok now
If you want to automate this process in a script, you need to connect with an SSH key.
I explain how to do this in the last paragraph of this article if you need help.
How to know who may use sudo? In this article we gave the sudo permission to a new user, but I don’t remember which user. To find it use this command:
$ grep 'sudo' /etc/group
It gives you the group name, the group id, and then all members of the group separated by commas.
How to remove the sudo right to someone? Now to remove the user “foo” from the sudo groups and then deny root privileges for this user, run this command:
$ sudo gpasswd -d foo sudo
Removing user foo from group sudo
Run the previous command to check it’s ok. It may require a new session to apply (disconnect/reconnect).
That’s the end of this post about the root user on a Raspberry Pi.
I hope it helps you to well understand how it works.
Don’t forget that the root user is most of the time useless, sudo should be enough to do everything you need.
You can also create new users for any apps or person who don’t need administrator privileges (for your kids for example).
As you know:
With great power comes great responsibilityPeter Parker 🙂