5

I'm using BerryBoot as my bootloader and newest Raspbian as my OS. In order to make things more secure, I've created new root user using this tutorial: LINK and then I changed my auto login username with this thread's help: Another LINK.

When I rebooted all seemed to work just fine, I was logged as my new user. In the end, I wanted to get rid of pi user once for all so I ran sudo deluser -remove-home pi command. It deleted the user but returned error (8 if I recall correctly) so I've checked running processes and I saw few processes running on Pi, even if it seemed that I am logged on new user on each reboot.

So I rebooted the Pi once more and after BerryBoot all I saw was a black screen. Something went wrong and I think and I am not sure at which point. Any solutions?

Community
  • 1
Radziu
  • 61
  • 2
  • 1
    Do you have a command line? If so what happens if you type startx? check the home directory for a file called .xsession-errors.old (note the leading . which indicates a hidden file to view it type ls -la). For future reference you would have been better off disabling pi logins until you are sure everything still works. Did you make the new user a member of all the groups that Pi was. did you make edits to the /etc/sudoers file to give the new user sudo privileges? – Steve Robillard Dec 16 '15 at 22:21
  • @Steve I used sudo useradd -m somename -G sudo command to create new user and I also changed autologin in rapi-config using nano, and I also changed it in /etc/rc.local . As I mentioned in OP the new user, his sudo privilages and autologin worked just fine, but somehow PI user was also being logged in. I'm guessing that I missed autologin somewhere else so both newaccount and Pi were being logged in after OS startup, which might caused OS failure after deleting Pi. – Radziu Dec 16 '15 at 22:30
  • 1
    It may not be what you want to hear, but it maybe easier to reflash the SD Card and start from scratch - consider it paying your dues for learning Linux system administration. – Steve Robillard Dec 16 '15 at 22:31
  • The pi user may not be logged in but it may be the owner of a start up script or the owner who runs a process. You can disable the pi user, but the system seems unstable and the type of thing you could be chasing down for months as strange things creep up. – Steve Robillard Dec 16 '15 at 22:33
  • @SteveRobillard well. I am okay with reflashing OS, but I want to make my PI secure enough and changing Pi login (by creating new one and deleting old one) seemed fairly easy, but it the end it wasnt, so I'd like to know where I made a mistake. – Radziu Dec 16 '15 at 22:33
  • So, in that case its better to set up fairly strong password to Pi user and leave it be a default (and well known by everyone, including potential attackers) username ? – Radziu Dec 16 '15 at 22:35
  • I would suggest starting small change the default pi password. Then create a new super user with sudo privileges etc.) next instead of deleting the pi user disable their interactive login by sudo usermod -s /bin/false tom. To be avoid being locked out keep an ssh session open as pi. then expand security from there UFW (uncomplicated firewall etc.) http://raspberrypi.stackexchange.com/questions/1247/what-should-be-done-to-secure-raspberry-pi – Steve Robillard Dec 16 '15 at 22:37
  • a strong password should be the first thing done. The advantage of creating a new superuser is that an attacker will only need one piece of info not two (namely they only need the password, since they know the username). It is extra security but you may still be leaking that info without being aware of it (things like git commits, emails, webserver errorsetc.). – Steve Robillard Dec 16 '15 at 22:42
  • Thanks, I'll try it out tommorow when I get faster microsd card. Right now I was just 'fooling around' on temporary class 4 card. I'll post results as soon as I try your suggestions. – Radziu Dec 16 '15 at 22:43

1 Answers1

2

As I can't tell what else happened to the system I'd recommend you to first reflash the sdcard. Secondly create new user and add it to sudoer group and then lock the pi user. 

passwd pi -l

Then reboot the system. It should work, check the running processes what user they use

ps aux

If everything checks out and no process is running with pi user, then go ahead and delete the user, but leave home directory intact. And then reboot again and lastly remove the home directory of the user. If anything fails along those steps you'll know what step did crash the system and you can investigate more.

Bungee75
  • 121
  • 4
  • Problems can arise with uid maps if you plan to transfer files to/from the raspberry after changing the pi user (or locking it). Why? By default, the pi user gets uid=1000 (which just happens to be what your uid is if you also set up other Linux boxes you ssh/rsync into the raspberry with). An alternative is to rename the pi account with usermod -l newuser pi (after enabling the root account). You also need to rename /home/pi to /home/newuser and update /etc/passwd with usermod -d /home/newuser newuser after the change. – David C. Rankin Jan 10 '17 at 09:30