Raspberry Pi removes default user id, 'Pi'

A background, I really do not like Purism controlling the user name on my Librem 5. I tried renaming it but it does not seem to work very well.

Referring to this article, https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/ and the very reasoning around it, should Purism also not follow similar path and remove the purism user?


They definitely should follow the suit. Especially since Purism does not really control the username on L5. It has just crept in during development and will require work to be made configurable by a user wthout breaking several things at least.

1 Like

More important for the security of your device is that you only allow SSH login with RSA private/public key. In this case brute force will not help much.

I believe it’s something on our to-do list, but a lower priority than other issues since L5 doesn’t ship with SSH enabled by default, so the security risk of having a known username (with an unknown password, unlike the default Pi) is minimal.

Unknown? It was the default two weeks ago, when I got it and no prompt to warn or change disc encryption or password (which both would be a nice addition after setting language etc. at first login).

Oh for some reason I thought the first boot wizard prompted for a user password like it does on the desktop version (you have to realize it’s been a long time now since I’ve been through the first boot wizard on my Librem 5).

Another thing, on selecting the timezone. It should be part of the boot time setup so manual change is not required. That too is a long pending item from the to-do list.

@Kyle_Rankin, how about this part? :slight_smile:

I think it’s inflammatory language designed to elicit an emotional response :smiley:

We obviously do not want to ‘control’ the username, but the default username is simply an artifact of how we originally set things up. I’m sure we’d welcome any MRs that remove those dependencies on that username if someone wants to work on it. Otherwise it’s something I’m sure we will get to at some point, but other things are taking priority.


How about a quick refresher to re-analyze and re-invent: the intro and setup could use some love - specially if more and more less linux savvy users that have less time to learn stuff and study the forum? A walkthrough on how to harden and get most security benefits out of L5 might be useful to all. Something more to the todo-pile…

Currently, we run the first-time setup on an already fully booted and logged in system. Eventually we want to move into using an “installer” like approach that other distros are using that could do things like reencrypt the rootfs and set up user accounts before the actual system is fully booted, but we’re not there yet.

BTW. I don’t think there should be any problems with having the name changed. What may be problematic is renaming an already existing user while retaining its home dir intact, but if you’re willing to start fresh it should all work (if it doesn’t, it’s worth a bug report :))


I am willing to start fresh. I flashed my Librem 5 with noluks option. The maximum disk size is only 3 GB by default. I had to resize it. Next, I used the usermod command to rename it. But it does not work as expected. As you mentioned the home directory name does not change.
Can you share the steps? I will see if it works otherwise will raise a bug.

@dos Is that a bug or is it intentional to cap the default disk size to 3 GB and then resize it?

AFAIK, for non-LUKS image it should get resized to full eMMC size on first boot automatically.

Exactly. It does not work. Period.

It is well-known, by Purism and (some) customers, that it does not work. It has been discussed in this forum before.

Purism may get to it eventually but it is “lower priority”, as stated in their first response above.

If a customer is not using SSH login via asymmetric keys only then … one ‘workaround’ is to configure SSH to allow login only from selected users and by implication disallow login from purism and by implication create the user that you would actually like to have remote access under - so that it won’t make any difference whether the user purism exists or not from that perspective.

There are lots of reasons why making this change retrospectively may be problematic. So it is likely that if and when Purism does make such a change, you will either have to reflash (potentially a large hassle) or you just bodgy in the selected needed changes (which in theory you can do today, but I wouldn’t recommend it unless you know how to recover from software breakage).

I actually agree with you. There should not have been a default username and, if there is one, it is not even logical that it is purism but on a scale of things going wrong in the world today even for me it is “lower priority”. :wink:

I think that is true of the Pi as well.

The real question (on Pi or Librem 5) is whether the installer / first boot process forces the user to change the default password. I believe that on Librem 5 the answer is “no” and this should be looked at, particularly as the number of phones in unsophisticated hands increases. The downside is the support cost of people who immediately lock themselves out by forgetting the password that they just set. So there needs to be a documented recovery process e.g. using Jumpdrive.

Yes, that is exactly right. The non-LUKS image flashed with the ./librem5-flash-image command is able to read the 32GB properly.

But the LUKS images flashed with ./librem5-flash-image --dist byzantium --variant luks option has to be manually resized to see full 32GB disk.

I’m sure there are a few ways to do it, I did it with a simple systemd unit…

Description=Change the default purism username

ExecStart=/bin/bash -c "/usr/sbin/usermod -l loki -d /home/loki -m purism && /usr/sbin/groupmod -n loki purism"


You’d want to change all instances of “loki” to what ever username you want as once the service is enabled, this will change the default username to “loki”, change the home directory and copy the current purism home directory to /home/loki and also rename the purism user group to “loki” on the next boot.

I haven’t noticed any ill effects from changing this, however, I didn’t use the phone very much. I would like to think that anything requiring the default user would reference the user by UID rather than name?


I can test it more. Can I know the exact file where this content can be added or the file to be modified?

Create the file with the above contents and save it in your home directory as change-username.service

Then from within the terminal in your home directory, change ownership of the file to root…

sudo chown root:root change-username.service

Move the file to the systemd service directory (note: the trailing slash is important)…

sudo mv change-username.service /etc/systemd/system/

Then enable the service…

sudo systemctl enable change-username.service

Then reboot. After rebooting, your username, home directory and user group should all be changed. You should then disable the service…

sudo systemctl disable change-username.service

Thanks much for a super detailed response. I will keep you posted on how it works out with normal operations of the phone. Thanks again.