back to article Raspberry Pi OS update beefs up security

An update to the Debian Bullseye-based Raspberry Pi OS is being rolled out with both quality-of-life improvements and one very important tweak: an overdue departure of the default user. Previously, all installs of the Raspberry Pi OS (formerly known as Raspbian) had a default user called "pi". This was handy for quick setups …

  1. VoiceOfTruth

    Linux and security

    -> an overdue departure of the default user

    If this was a Windows install the penguins would have been howling like banshees about the lack of security by having a default user. But as it's Linux, let's put on our blinkers and pretend it didn't exist for years.

    1. gerdesj Silver badge
      Childcatcher

      Re: Linux and security

      Hello Administrator

      1. VoiceOfTruth

        Re: Linux and security

        Administrator (or root in UNIX terms) is not the same as having a default user. If you don't know the difference between having a root account and an OS automatically creating a default user, I can point you to some tutorials. Beginner level stuff.

        1. Anonymous Coward
          Anonymous Coward

          Re: Linux and security

          On a pi the default user is 'pi' and 'pi' has sudo capability. QED.

          1. dafe

            Re: Linux and security

            Unlike using Administrator as default account, sudo still requires a password for becoming root.

            Of course if you use the default password, that doesn't matter.

            1. doublelayer Silver badge

              Re: Linux and security

              No, it doesn't, at least with the previous default config. The setup was that Pi could automatically elevate to root without password using sudo. That was one of the things on every list of how to harden the default config.

              1. VoiceOfTruth

                Re: Linux and security

                Somebody understands it.

          2. VoiceOfTruth

            Re: Linux and security

            Say it ain't so, Joe.

            Play for today...

            Windows installation creates a default user pi with password pi, in the admin role.

            Penguins: Yaa boo, look how insecure Windows is. Tut tut tut.

            Linux distro creates a default user pi with password pi, in the admin role.

            Penguins: Nothing to see here, move along. We know how to make things secure by default.

            1. steelpillow Silver badge
              Facepalm

              Re: Linux and security

              FFS!

              I never heard anybody claim that Raspbian was especially secure, and I never met a default user on any other distro.

              OTOH, I never met a Windows box without all that shite.

            2. werdsmith Silver badge

              Re: Linux and security

              Raspberry Pi OS is for the home users, learners etc and it's designed to get people up and running.

              Creating a new user and deleting the pi user is a trivial exercise for anyone else and a useful exercise for learners.

        2. dafe

          Re: Linux and security

          I've seen many Windows boxen where Administrator was the only user account, used for everything. And many applications that refused to install for any other user.

          But that was a long time ago. I'm sure thingschave improved since then.

    2. Gene Cash Silver badge

      Re: Linux and security

      Nope. People have bitched loudly about this for a while.

      Apparently you've been so far up the Windows hole you haven't been listening.

      1. John Brown (no body) Silver badge

        Re: Linux and security

        I agree that the pi/pi default credentials should have been dealt with a long time ago but on the other hand, the Pi was designed as a cheap educational toy. It's growed and growed since that early concept in what back then were undreamed of production levels and use case.

    3. oiseau Silver badge
      WTF?

      Re: Linux and security

      If this was a Windows install ...

      Don't be daft, eh?

      No, today being Friday is not an excuse.

      O.

  2. Adrian 4 Silver badge

    "..now-compulsory setup wizard to create a user."

    How does that work on headless setups ?

    1. Tom 7 Silver badge

      Given the standard ISO does not have SSH enabled it would work exactly like current standard headless setups: either you just copying one youve set up with a new user or your booting the standard install ISO on something with keyboard and screen before sending it of headless into the world like a rich politician.

      1. lostinspace

        SSH can be enabled by mounting a newly imaged sdcard and editing a config file on the boot partition..it's documented on their website. Hopefully something similar for specifying the user?

        1. Tom 7 Silver badge

          I'd imagine when you try and login via ssh for the first time it will do that. But you've already got past the 'headless' if you're modifying the iso. I have about a dozen of the little buggers so I tend to set up one new sd and set all the things I want on it like SSH and VNC and a host of other things and then copy and dd that to other sdcards but for some reason I used etcher and it didnt drop its access to the sd until just long enough before I took it out for the system to mount the drives and now the bloody card wont even show on /dev so I'm trying to work out how to bring it back to life (along with about 10 others I've managed to bugger!

          1. Andrew Yeomans

            Failing micro SD card

            You can try blkdiscard to reset to factory setting, though even this might be difficult if the card is not in /dev. Try on another machine?

    2. A.P. Veening Silver badge

      How does that work on headless setups ?

      Reportedly (haven't tried it myself yet) very well, you will have to create a small file named userconf or userconf.txt in the boot partition of the SD card with a single line of text, consisting of username:encrypted- password – so your desired username, followed immediately by a colon, followed immediately by an encrypted representation of the password you want to use. The Raspberry Pi Imager tool will do that automagically for you.

  3. Pete 2 Silver badge

    > Previously, all installs of the Raspberry Pi OS (formerly known as Raspbian) had a default user called "pi".

    Speaking of, what about all the other default users:

    root, daemon, bin. sys

    sync, games, man

    lp, mail. news

    uucp, proxy, www-data

    backup, list, irc

    gnats, nobody, systemd-timesync

    systemd-network, systemd-resolve

    _apt

    Or don't they count as every Un*x system has a lot of them hard-wired in.

    ('pollies for the whitespace. Blame someone else's CSS for that!)

    1. Tom 7 Silver badge

      And audio.

      I've just trashed my microSD setting up a new install so cant check this without wandering next door and I cant be bothered but are these not set to local access only? You cant log into them unless you are on the machine or you have set them to be externally accessible?

    2. VoiceOfTruth

      Alas you expose your lack of UNIX knowledge here. Most of those accounts cannot log in at all.

      Of course, I can see you are using a UNIX knock-off, AKA Linux, as evidenced by the horror show of systemd. But on a true UNIX-derived OS, FreeBSD, here is an example:

      root /bin/csh

      daemon /usr/sbin/nologin

      operator /usr/sbin/nologin

      bin /usr/sbin/nologin

      tty /usr/sbin/nologin

      kmem /usr/sbin/nologin

      games /usr/sbin/nologin

      news /usr/sbin/nologin

      man /usr/sbin/nologin

      sshd /usr/sbin/nologin

      smmsp /usr/sbin/nologin

      mailnull /usr/sbin/nologin

      bind /usr/sbin/nologin

      unbound /usr/sbin/nologin

      proxy /usr/sbin/nologin

      _pflogd /usr/sbin/nologin

      _dhcp /usr/sbin/nologin

      uucp /usr/local/libexec/uucp/uucico

      pop /usr/sbin/nologin

      auditdistd /usr/sbin/nologin

      www /usr/sbin/nologin

      ntpd /usr/sbin/nologin

      _ypldap /usr/sbin/nologin

      hast /usr/sbin/nologin

      tests /usr/sbin/nologin

      nobody /usr/sbin/nologin

      1. Tom 7 Silver badge

        I think almost any linux I've played with over the last 20 years had those set.

    3. Joe W Silver badge
      FAIL

      Those have no login shells.... (if they do: find the person responsible and apply a clue-by-four).

    4. Anonymous Coward
      Anonymous Coward

      These aren't "users" in the logging in sense.

      Do you really think it's a good idea for all system processes to run with root privileges, even when not required? -- or even one process being able to modify another processes data? (This is a common failure where people often run many different service as user "nobody")

      These (and others) are the separate unix accounts used to practice privilege separation.

      They are not available to login to in any way

  4. A.P. Veening Silver badge
    Joke

    Good news, now I need to score a new RPi4B to test this. Anybody any ideas for that?

    1. Tom 7 Silver badge

      Find a local CoderDojo and take a gun.

      1. redpawn

        No joke alert? Well I guess not.

    2. Gene Cash Silver badge

      I got 3 from Mouser... took about 4 weeks instead of their quoted 3-6 months. I didn't need 'em badly so I didn't care when they got here. That's probably key.

      1. A.P. Veening Silver badge

        I ordered one (8GB) on 25-03 and it was delivered five days later. I can recommend this site.

    3. simonlb

      If you want the 8Gb model, place your order back in December last year and expect one to land around the end of November this year, like I did. YMMV, like that delivery date almost certainly will.

    4. werdsmith Silver badge

      Try Mythic Beasts.

  5. 2+2=5 Silver badge

    TITSUP

    Total Inability To Support User 'Pi'

    1. thames Silver badge

      Re: TITSUP

      You can create a user named "pi", the installer just tells you that it's not a good idea.

      1. John Brown (no body) Silver badge

        Re: TITSUP

        Which is odd. The problem is not the username. It's having a default password that is a (now solved) problem. Usernames are commonly easy to guess so having a default username of pi is no less secure than me using "john" as a username.

        1. Fruit and Nutcase Silver badge
          Joke

          Re: TITSUP

          May I suggest user "apple-pi"

  6. thames Silver badge

    I was a bad boy and set my user name to "pi" because I have a complex set of scripts which drive a test system remotely, and I couldn't be bothered to change them at this time.

    When I get the time I'll probably reinstall with a different user name to match the dozen other systems (VMs and another Pi running Ubuntu) so they're all consistent. I don't do anything important with them, just test software via an automated system and then shut them down again.

    Meanwhile however, everything worked fine and it all went without a hitch. I can't see any reason for anyone to not upgrade.

  7. david 12 Silver badge

    Is root the same as Administrator?

    (because I've sometimes wondered).

    On Windows, the name on an account (eg 'Administrator') is just a label. The domain administrator account is 0x000001F4. Knowing the SID, it doesn't really matter what the label is, any sophisticated attack can just use the SID and the password. For this reason, the general advice was always that changing the label on the administrator account to something else was probably pointless.

    Is it the same in Linux? Is the name 'root' mostly irrelevant? Or is the string 'root' sort of equivalent to a SID?

    (On Windows, well-known user names ('pi') should not be used for other accounts that are in an Admin group. random users ('pi') just have random SIDs:, but an easily-guessed account name provides useful information to an attack )

    1. John Brown (no body) Silver badge

      Re: Is root the same as Administrator?

      root is UID 0

      User account names start at 1000 and increment as new ones are added. System accounts start from 1 and increment from there.

      If you are logged in, depending on the "hardness" of the OS install, you can just

      cat /etc/passwd

      to see the list. (FreeBSD here. Linux, esp. SystemD based ones, might be different)

    2. Dwarf Silver badge

      Re: Is root the same as Administrator?

      @David12

      Yes, you are right. They are both labels to an underlying ID. As you stated on Windows, Administrator has the relative ID (RID) of 500 (0x1F4 as you stated) and this can't be changed. There's also the administrators group (544). Here's the full list of Windows SID's and RID's

      There are reserved ranges in Windows, so typically user ID's start at 1000. As you stated security tools take advantage of this information, i.e. to find the real name of the admin account, others just use the well known SID's and RID's.

      For extra fun, rename administrator, then create a new account called administrator, with no permissions and set it to be disabled. This will prevent account lockout on the real administrator account and it makes it easy via the logs to see any attempted login by unexpected parties. The new administrator account will have a RID of >1000.

      Finally, there are tools that can display the mapping of users to SID's, there are even powershell cmdlets that give this info, so its always possible to see the mapping.

      Its the same on Linux, root is user ID (UID) 0 and Group ID (GID)=0. The mappings can be found in /etc/passwd and /etc/group

      Linux/Unix also has the same layout of special ID ranges and users start at 1000.

      Apologies for the Wikipedia article but I couldn't easily find a list of the linux reserved ranges, other than a systemd article . Both init and systemd have the same sort of approach.

      There are similarities on reserved ranges for special purposes (0-99).

      The same sort of attacks are possible on Linux for the same reasons.

      Given Unix came first and all OS's need to map friendly names to underlying data structures that are generally based around INT's, its easy to see why all OS's (Linux, Windows, etc) share a lot of common approaches in this regard.

      Like Windows, you *can* rename root, but the level of OS understanding needs to be higher, since some 3rd party tools and scripts check the text, not the ID. This means that generally only larger organisations or those with increase risk profiles and who understand the impacts actually do it.

      1. sreynolds Silver badge

        Re: Is root the same as Administrator?

        No root is a username. Back in the 90s some people thought that renaming root to toor was a cool security feature.

        Administrator is also username that is by default assigned to the Administrators group. In windows you still need to be in the administrators's group to do anything useful, whereas UID has full control on linux and is meant to be used sparingly by noobs.

        Ever since the end of the multiuser days if my shell prompt doesn't have a # in front of it I just log out.

    3. Paul Crawford Silver badge

      Re: Is root the same as Administrator?

      While it is true that all Linux systems have the root/UID=0 account, in most cases now you can't actually log in to that account (you need to setup a password for it if you want to enable it).

      Generally most distributions now have some user created at installation that has 'sudo' rights and that allows exactly the same permissions as root, but you have to know/guess the sudo accounts and their passwords. That is where the Rasbian version was dumb as it had no-password sudo on the 'pi' account and easy to log in if exposed to the internet, etc.

      Also many systems disable SSH as root, so even if you have a root account enabled, you first have to SSH in as someone else (username & password/key) and then 'su' to root to use it.

      If you worry about easy to guess passwords allowing that chain of attack, then you can set SSH to only allow key-pair login, so you have to have added the desired user's public key(s) in to the account's .ssh/authorized_keys file first. That effectively blocks brute-force SSH login, but is someone's machine is compromised they can then use the key to get in, so it is wise to limit login accounts so at least a password is needed to actually do much of note, or to have a password added to the SSH key (which breaks automatic login for checking/backup where key-exchange is usually used for no interaction).

  8. CuChulainn Silver badge
    Happy

    I Hope That Works As Well As It Sounds

    "Whoever put that code in there deserves all the beers since it means one can set up a Pi 4 without reaching for a wired keyboard or mouse."

    That has always been a pet peeve of mine. I like to get my Pis on to the network so I can access them from a single point through VNC.

    Trying to locate a keyboard and mouse (which are still working) to do the initial set up has caught me out more than once, and although that's probably more my fault than anyone else's this sounds like it will make life a little easier.

  9. Dropper

    Ransomware attack causes massive 4 minute outage

    I can imagine the sinking feeling you'd get if your Raspberry Pi was compromised.. especially when the realization hits that trying to find another SD card amongst all the crap in your desk drawer is a complete nightmare.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022