As you may know, on Raspbian, you get only the pi user by default
It’s not an administrator account for the Raspberry Pi, so you can’t configure things directly with this user.
For example, you can’t use the commands “reboot” or “shutdown” directly
Why? How it works? How to disable this?
We’ll see this in this post
How to login as root in Raspbian?
By default you’re not able to run commands with root authorizations in Raspbian
You need to use sudo before the command to ask for privileges
If you need it, it’s also possible to switch to the root user with “sudo su”
But I don’t recommend it
In this post, I’ll explain what is the sudo command, and why Raspbian developers add this and disable the root user
And then I’ll show you how to do things as root on Raspberry Pi
I want to start with some reminders about Linux systems
If you start on Linux with your fresh new Raspberry Pi, this could help you understand better
What is “root”?
On Linux operating systems, “root” is the administrator user
On Windows you have the “Administrator” account (and most of the time anyone is admin), on Linux it’s “root”
This user has all rights on the system
If you want to create files in /etc, reboot the system, change the network configuration, you need root privileges
At the beginning of the Linux history, you got root access directly after the installation
But developers have changed this by asking to create a standard user in the installation process, with no direct privileges
Why did Debian developers hide it?
Before this, everyone used root, and mainly only root
So it was easy to break something, and also as everyone log as root, you can’t know who change something, it’s only “root”
So Debian developers have changed this to force the creation of the first user in the installation process and then giving this user a way to elevate his privileges like an administrator: sudo
The main goal was to give everyone only needed privileges to work, but a possibility to get more temporarily if needed
Let’s see now what’s sudo and how to use it
What is sudo?
sudo is a prefix command you need to type to run the following command as root
When you put “sudo” just before your command, you get administrator privileges for this command
The system can ask your password the first time you use it
How to use sudo?
Usage: sudo <command>
Here is an example:
pi@raspberrypi:~ $ shutdown -h 20:00 Failed to set wall message, ignoring: Interactive authentication required. Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: Interactive authentication required. pi@raspberrypi:~ $ sudo shutdown -h 20:00 Shutdown scheduled for Mon 2018-12-31 20:00:00 GMT, use 'shutdown -c' to cancel.
You need root privileges to stop your Raspberry Pi
So the first command failed with “authentication required”, but the second is ok
How to bypass sudo?
If you are on a project, which need you to run 50 commands as root, maybe it’ll be boring to think about adding sudo before each one
There is a way to switch from your user to root user: sudo su
su is a command to switch user, if you are root, it allows you switch to another user: su – <username>
Without a parameter, it gives you the root terminal, but you need sudo to run this command
Here is an example:
pi@raspberrypi:~ $ sudo su root@raspberrypi:/home/pi#
As you see, in the second line I get a # terminal, beginning by root@raspberrypi
So I’m ready to run all my commands as root
Use “exit” to come back to the pi user terminal
We just saw how to use sudo with the default pi user
But if you created other users, is it the same?
By default, the new users can’t use sudo
- root: direct access to administrator privileges for any command
- pi: administrator privileges if needed through the sudo command
- Other users: no administrator privileges
But if you need sudo on other users, it’s possible
We’ll see the procedure just after
Allow a user to use sudo
To allow a user to run commands with sudo, add this user to the sudo group like this:
sudo adduser <username> sudo
Switch to this user account and try:
sudo su - <username>
On the first access you’ll get a warning message like this:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
But then it’s ok, you’re ready-to-use sudo with this user account
I don’t recommend allowing remote access for the root user
But it could be useful sometimes, for automated connections for examples (scripts), so I give you the procedure here
Create a password for root
The first thing to do is to create a password for the root user
As you want to access it directly, the pi user password wouldn’t help
The easiest way to do this is to use this command:
This may ask your password, and then the new password for root
Here is an example of what you should get:
pi@raspberrypi:~ $ sudo passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Allow SSH access as root
The root user has now a password set, but it’s not enough to access your Raspberry Pi with this account directly
You need to edit the SSH server configuration file to allow root to login:
- Open the SSH configuration file
sudo nano /etc/ssh/sshd_config
- Find this line
- Replace by this one
We remove the # to enable this option (# = comment)
And then change the value to “yes” to allow direct login with password
- Save and exit (CTRL+O, CTRL+X)
- Restart SSH
sudo service ssh restart
- Try again, it should be ok now
If you want to automate this process in a script, you need to connect with an SSH key
I explain how to do this in the last paragraph of this article if you need help
How to know who may use sudo? In this article we gave the sudo permission to a new user, but I don’t remember which user. To find it use this command:
$ grep 'sudo' /etc/group sudo:x:27:pi,foo
It gives you the group name, the group id, and then all members of the group separated by commas
How to remove the sudo right to someone? Now to remove the user “foo” from the sudo groups and then deny root privileges for this user, run this command:
$ sudo gpasswd -d foo sudo Removing user foo from group sudo
Run the previous command to check it’s ok. It may require a new session to apply (disconnect/reconnect)
That’s the end of this post about the root user on a Raspberry Pi
I hope it helps you to well understand how it works
Don’t forget that the root user is most of the time useless, sudo should be enough to do everything you need
You can also create new users for any apps or person who don’t need administrator privileges (for your kids for example)
As you now:
With great power comes great responsibility