GuiPoM
Posts: 11
Joined: Sat Aug 08, 2015 9:20 pm

Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 11:22 am

Hello !

I am not a linux expert but I was using some scripts I always have used successfully in the past to create my devices ...
I always write the image on my USB device, then create a new secured user in sudoers, then delete the default pi user so that my next steps are safe ..

Doing so:

Code: Select all

sudo useradd newuser-m
sudo passwd newuser
sudo adduser newuser sudo
sudo deluser -remove-home pi
I am for the first time creating an install based on stretch. My commands are working fine, but my new user has no coloring in term, no command completion, no keyboard key navigation (printing ^[[A^[[C instead).

I am pretty sure this is a standard linux "'issue" and that I am (now) missing an extra step somewhere. I tried to copy the .bashrc from user pi to my newuser, but no improvement.
What should I do to get a user configure "like" the standard pi user ?

Thanks!

User avatar
RaTTuS
Posts: 10406
Joined: Tue Nov 29, 2011 11:12 am
Location: North West UK

Re: Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 12:06 pm

do it like

Code: Select all

sudo adduser fred
How To ask Questions :- http://www.catb.org/esr/faqs/smart-questions.html
WARNING - some parts of this post may be erroneous YMMV

1QC43qbL5FySu2Pi51vGqKqxy3UiJgukSX
Covfefe

n67
Posts: 938
Joined: Mon Oct 30, 2017 4:55 pm

Re: Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 12:19 pm

This is one of those things where, yes, if you mess around with it enough, you can, eventually, get it to work. I'm sure it has something to do with either the default shell or which files (.profile, .bash*, etc) you get copied over to the new user. Like I said, if you mess with it long enough, you'll get it to work.

The first thing I would check is what the shell is for the new user (check the last field in /etc/passwd). At least in the old days, this always defaulted to either blank (i.e., the line ends with a : ) or /bin/sh - both of which mean the same thing - which means that you get ordinary sh (no bash fancy stuff). Note that this is true even if /bin/sh is, in fact, running the same code as /bin/bash.

But, the overriding point here is: Why do this? Yes, I know the answer is "because something I read on the net says I should". Obviously, I don't think those net-writers are right. They may have been at one time, but no more. The way I look at it is: Once you've finally gotten the mynewuser user to work as well as the original pi users did, what you will have done is essentially cloned the pi user. This means that whatever security risk there was attached to using the original pi user now attaches to the mynewuser user, because, as stated, the newuser will be a clone of the original one.

People will object to this statement, but that can be ignored.

My view is that if you want to harden up the system, make the pi user have no password (N.B.. this is not the same thing as making it so that you can login just by pressing Enter at the password prompt. "No password" means that you can't login via a password at all). You can accomplish this via the "lock" option in the "passwd" program ("man passwd" for the details). Once this is done, you can, of course, still get access via these two methods (the only methods that you should be using anyway):

1) Via the system's autologining you in on the Desktop (if you are using the Desktop).
2) Via public key authentication with ssh (if you are using ssh).
Last edited by n67 on Thu Dec 20, 2018 1:25 pm, edited 1 time in total.
"L'enfer, c'est les autres"

G fytc hsqr rum umpbq rm qyw rm rfc kmbq md rfgq dmpsk:

Epmu Sn!

J lnacjrw njbruh-carppnanm vxm rb mnuncrwp vh yxbcb!

n67
Posts: 938
Joined: Mon Oct 30, 2017 4:55 pm

Re: Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 12:21 pm

Oh, and one more thing. I think you should be using adduser instead of useradd. According to the man pages, adduser is the high level interface to the low level useradd.
"L'enfer, c'est les autres"

G fytc hsqr rum umpbq rm qyw rm rfc kmbq md rfgq dmpsk:

Epmu Sn!

J lnacjrw njbruh-carppnanm vxm rb mnuncrwp vh yxbcb!

spl23
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 375
Joined: Fri Dec 26, 2014 11:02 am

Re: Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 12:46 pm

In case it helps, this is the script I use to create new users - there are a lot of things you need to configure to have a user which is identical to the pi user in terms of groups, permissions etc :

Code: Select all

#!/bin/sh

# create the user
sudo adduser $1

# add to the same groups as pi
sudo adduser $1 adm
sudo adduser $1 dialout
sudo adduser $1 cdrom
sudo adduser $1 sudo
sudo adduser $1 audio
sudo adduser $1 video
sudo adduser $1 plugdev
sudo adduser $1 games
sudo adduser $1 users
sudo adduser $1 input
sudo adduser $1 netdev
sudo adduser $1 spi
sudo adduser $1 i2c
sudo adduser $1 gpio

# add to policykit
sudo sed /etc/polkit-1/localauthority.conf.d/60-desktop-policy.conf -i -e "s/;unix-user:0/;unix-user:$1;unix-user:0/" 

# add to no-password
echo "$1 ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers.d/010_pi-nopasswd


GuiPoM
Posts: 11
Joined: Sat Aug 08, 2015 9:20 pm

Re: Create a new user to replace defaut pi: no completion, color, .. in term

Thu Dec 20, 2018 8:24 pm

n67 wrote:
Thu Dec 20, 2018 12:19 pm
The first thing I would check is what the shell is for the new user (check the last field in /etc/passwd). At least in the old days, this always defaulted to either blank (i.e., the line ends with a : ) or /bin/sh - both of which mean the same thing - which means that you get ordinary sh (no bash fancy stuff). Note that this is true even if /bin/sh is, in fact, running the same code as /bin/bash.
This is what I was looking for ! But I will have a close look to all the advices and tips you shared with me because this raspberry will be internet facing, so I want it to be configured as secured as possible !

Thanks !

Return to “Raspbian”