“pi” no more: Raspberry Pi OS ditches longtime user account for security reasons
Change could break some software that uses hardcoded directory names.
Since its launch, the Raspberry Pi OS (and most operating systems based on it) has shipped with a default “pi” user account, making it simpler to boot up a Pi and start working without needing to hook up the device to a monitor or go through a multi-step setup process. But as of today, that’s changing—new installs of the Raspberry Pi OS are shedding that default user account for both security and regulatory reasons.
Raspberry Pi Foundation software engineer Simon Long explains the thinking in this blog post.
“[The “pi” user account] could potentially make a brute-force attack slightly easier, and in response to this, some countries are now introducing legislation to forbid any Internet-connected device from having default login credentials,” he writes.
This move will improve the Pi operating system’s security. Before, even if you assigned a good password to the “pi” account, attackers could still assume with a reasonable degree of certainty that most Raspberry Pi boards were using the “pi” username. Many Pi OS-based operating systems also ship with the default “pi” user account enabled and are completely passwordless, requiring extra steps to assign the account a password in the first place.
The flip side is that the change could break some software and scripts, particularly those that are hard-coded to use the “pi” user account and home folder. Well-behaved software will use variables instead of hard-coded folder names, so they’ll work the same way regardless of which user account is being used. But the Pi’s popularity with independent and amateur developers means that you’re likely to run into problems here and there. It’s also possible that distros based on the Pi OS could continue using the “pi” account, choosing not to follow the Pi Foundation’s lead in adopting the new security practices.
Removing the default user account has necessitated a few other changes to the OS and its tools. Like most other operating systems, the Raspberry Pi OS now boots into a dedicated setup mode the first time you start it up instead of running the setup wizard as an app in the normal desktop environment. And that setup wizard now prompts you to create a username and password rather than simply assigning a password to the default “pi” user account. To aid with setup, the wizard can now pair Bluetooth keyboards and mice without requiring you to plug in a USB accessory first.
Many Pi software distributions are run “headless,” without any kind of monitor attached, and the Pi Imager tool makes allowances for that, too. You can create a username and password before you write your operating system to your SD card, allowing the Pi OS to bypass the setup wizard and boot straight to a desktop or command line as it currently does. Creating a text file in the SD card’s boot partition with an encrypted password will accomplish the same thing.
The new version of the Pi OS doesn’t bring many new features, but it does include experimental support for the Wayland display server protocol, which can replace many (but not all) features of the old X window system and “is likely to be the future of desktop Linux,” Long writes. But most people can and should ignore Wayland in the Pi OS for now since it has explicitly been labeled as “experimental,” and “there are many features which are not yet supported under Wayland.”