As you may know, on Raspberry Pi OS, you get only the one normal user by default (it was “pi”, and now it’s the one you create during the first boot). It’s not an administrator account for the Raspberry Pi, so you can’t configure things directly with this user. For example, you can’t use the commands “reboot” or “shutdown” directly. Why? How does it work? How to disable this? We’ll see everything in this post.
There is no way to directly login as root on a fresh Raspberry Pi OS installation, but the command “sudo su” allows switching from the current user to an administrator terminal. From there, a password can be defined to use root as a normal user.
But I don’t recommend it.
In this post, I’ll explain what is the sudo command, and why Raspberry Pi OS developers add this and disable the root user.
And then I’ll show you how to do things as root on Raspberry Pi.
Linux reminders
I want to start with some reminders about Linux systems.
If you start on Linux with your fresh new Raspberry Pi, this could help you understand better.
What is “root”?
On Linux operating systems, “root” is the administrator user.
On Windows, you have the “Administrator” account (and most of the time anyone is admin), on Linux it’s “root”.
This user has all permissions on the system.
If you want to create files in /etc, reboot the system, change the network configuration, you need root privileges.
At the beginning of the Linux history, you got root access directly after the installation.
But developers have changed this by asking to create a standard user in the installation process, with no direct privileges.
Why did Debian developers hide it?
Before this, everyone used root, and mainly only root.
So it was easy to break something, and also as everyone logs as root, you can’t know who change something, it’s only “root”.
So Debian developers have changed this to force the creation of the first user in the installation process and then giving this user a way to elevate his privileges like an administrator: sudo.
The main goal was to give everyone only needed privileges to work, but a possibility to get more temporarily if needed.
The sudo command
Let’s see now what’s sudo and how to use it.
Sudo presentation
Sudo is a prefix command used to run any command with root permissions.
When you put “sudo” just before your command, you get administrator privileges for this command.
The system can ask your password the first time you use it.
Check this tutorial if you want to know how to give the sudo permission to a new user.
How to use sudo
Usage:sudo <command>
Here is an example:
pi@raspberrypi:~ $ shutdown -h 20:00
Failed to set wall message, ignoring: Interactive authentication required. Failed to call Schedule
Shutdown in logind, proceeding with immediate shutdown: Interactive authentication required.
pi@raspberrypi:~ $ sudo shutdown -h 20:00
Shutdown scheduled for Mon 2018-12-31 20:00:00 GMT, use 'shutdown -c' to cancel.
You need root privileges to stop your Raspberry Pi.
So the first command failed with “authentication required”, but the second is ok.
Switch to root on Raspberry Pi OS
If you are on a project, which need you to run 50 commands as root, maybe it’ll be boring to think about adding sudo before each one.
There is a way to switch from your user to root user:sudo su
su is a command to switch user, if you are root, it allows you to switch to another user:su - <username>
Without a parameter, it gives you the root terminal, but you need sudo to run this command.
Here is an example:
pi@raspberrypi:~ $ sudo su root@raspberrypi:/home/pi#
As you see, in the second line I get a # terminal, beginning by root@raspberrypi.
So, I’m ready to run all my commands as root.
Use “exit” to come back to the pi user terminal:exit
New users
We just saw how to use sudo with the default user.
But if you created other users, is it the same?
Default parameters
By default, the new users can’t use sudo.
- root: direct access to administrator privileges for any command
- pi (or first user): administrator privileges, if needed, via the sudo command
- Other users: no administrator privileges
But if you need sudo on other users, it’s possible.
We’ll see the procedure just after.
Allow a user to use sudo
To allow a user to run commands with sudo, add this user to the sudo group like this:sudo adduser <username> sudo
Switch to this user account and try:sudo su - <username>
sudo raspi-config
On the first access, you’ll get a warning message like this:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
But then it’s ok, you’re ready-to-use sudo with this user account.
Login with root remotely
I don’t recommend allowing remote access for the root user.
But it can be useful sometimes, for automated connections for examples (scripts), so I give you the procedure here.
Create a password for root
The first thing to do is to create a password for the root user.
As you want to access it directly, the pi user password wouldn’t help.
The easiest way to do this is to use this command:sudo passwd
This may ask your password, and then the new password for root.
Here is an example of what you should get:
pi@raspberrypi:~ $ sudo passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Allow SSH access for root
The root user has now a password set, but it’s not enough to access your Raspberry Pi with this account directly.
You need to edit the SSH server configuration file to allow root to log in:
- Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config - Find this line:
#PermitRootLogin prohibit-password - Replace by this one:
PermitRootLogin yes
We remove the # to enable this option (# = comment).
And then change the value to “yes” to allow direct login with password.
- Save and exit (CTRL+O, CTRL+X)
- Restart SSH:
sudo service ssh restart - Try again, it should be ok now
If you want to automate this process in a script, you need to connect with an SSH key.
Related questions
What is the default root password on Raspberry Pi OS?
On Raspberry Pi OS, the root account is disabled by default, so there is no default password. The account can be enabled by creating a new password, using sudo to access the administrator session for the first time.
How to know who may use sudo?
In this article, we gave the sudo permission to a new user, but I don’t remember which user. To find it use this command:$ grep 'sudo' /etc/group
sudo:x:27:pi,foo
It gives you the group name, the group id, and then all members of the group separated by commas.
How to remove the sudo right to someone?
To remove the user “foo” from the sudo groups and then deny root privileges for this user, run this command:$ sudo gpasswd -d foo sudo
Removing user foo from group sudo
Run the previous command to check it’s ok. It may require a new session to apply (disconnect/reconnect).
Conclusion
That’s the end of this post about the root user on a Raspberry Pi.
I hope it helps you to well understand how it works.
Don’t forget that the root user is most of the time useless, sudo should be enough to do everything you need.
You can also create new users for any apps or person who don’t need administrator privileges (for your kids, for example).
