login pi
gets the response
login: Cannot possibly work without effective root
I have created an account Peter according to the instructions in Upton & Halfacree's /Raspberry Pi User Guide/, page 54
login Peter
gets the same response as above.
Because it needs root privileges to set up a specific user's execution environment, the login(1) binary must run with the "effective" userid of root. That means that either root runs login, or something that becomes root (like sudo) runs login.
The message you get ("Cannot possibly work without effective root") tells you that the login process that /you/ launched does not have root privileges.
login(1) is normally run automatically by getty(1), which (in turn) is launched by your init service (init or systemd or whatever) in a root context.
As to what to do here, I guess it depends somewhat on what Upton & Halfacree told you to do.
Assuming nothing special, start your Pi, go to the terminal session, and type your username and password in response to the normal prompts.
If you already have a command line, then you can use sudo to execute login(1) as root. If you do this at a bare terminal (rather than at a terminal emulation in the GUI environment) be prepared to be logged off as the user you currently are. OTOH, if you do this in a GUI terminal emulation, you /should/ get prompt for the new user's password (after the prompt, if any, for the password for sudo), followed by (on success) the new user's commandline.
HTH
-- Lew Pitcher "In Skills, We Trust" PGP public key available upon request
Is login not setuid in Raspbian then ? It's not something I use a lot but I've always expected it to be setuid.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
No, not unless they've changed it since Jessie. On Raspbian Jessie, it is -rwxr-xr-x 1 root root 42876 May 17 2017 /bin/login
-- Lew Pitcher "In Skills, We Trust" PGP public key available upon request
Hello ray!
06 Jul 18 15:31, you wrote to All:rc> You log into the 'pi' account and then (assuming the created user is rc> 'peter' you do 'su peter' not 'login peter'.
In this case it would be better to log out of the pi account and then at the login prompt login to the new account.
It would the also be wise to tor of the autologin in the raspberry configuration.
Kees
Since we don't have access to the book, can you tell us what you're trying to do?
There's almost no time when someone would run the login(1) program from the shell.
My guess would be that the use of 'login' is things you're supposed to enter at the prompt that comes up on boot, like this:
or, much less likely, a GUI prompt like this:
Theo
Turns out that older versions of the book are still online. It appears that the authors are trying to recommend that the default "pi" logon not be used for learning purposes, and show how to create /additional/ logons on the RPi, in order to support both the reader and /other/ users.
[Quote] While it?s certainly possible for you to use the pi account, it?s better if you create your own dedicated user account. Further accounts can also be created, for any friends or family members who might want to use the Pi. [/Quote]Agreed.
Agreed.
[snip]-- Lew Pitcher "In Skills, We Trust" PGP public key available upon request
I'm trying, first, to login to the pre-existing account pi. Then I'm trying to login to an account I've created.
I, too, agree! It seems strange to me that the book tells the reader how to create an account, but not how to login to it.
You log into the 'pi' account and then (assuming the created user is 'peter' you do 'su peter' not 'login peter'.
The Raspi boots into the PIXEL gui.
The book is rather poor, though I should remark that I am quite unqualified to comment on it.
That's one way to do it. That will leave a shell running as the "pi" user, and start a second shell as the "peter" user. It will not change the utmp, so who(1) will still report "pi" as logged on, and not "peter". If the OP wants the "peter" shell to use all the "peter" login settings (home directory, etc), the command should be su -l peter In either case, when the OP exit's the "peter" shell, he'll return to the "pi" shell.
OTOH, he could also sudo login peter and answer two password prompts (one for the root password, from sudo, and one for "peter"s password, from login). This will also leave a shell running as the "pi" user, and start a second shell as the "peter" user. However, it will /add/ a utmp entry for the "peter" login, and who(1) will report both "pi" and "peter" logged on. Like before, when the OP exit's the "peter" shell, he will return to the "pi" shell.
Finally, the OP could just, at the console "Login" prompt, enter "peter" instead of "pi", and respond to the "Password" prompt with peter's password, and be logged in as "peter", without the intermediary "pi" login.
HTH
-- Lew Pitcher "In Skills, We Trust" PGP public key available upon request
What is the root password? My expectation was that when I first logged in as root I would be asked to nominate (and confirm) a password. What happens is, I'm asked for root's password and I don't know what it is.
Thank you. Things are slowly becoming clearer! I'd still like to know root's password, even if I have no use for the root account.
On a sunny day (Fri, 6 Jul 2018 18:24:33 +0100) it happened Peter Percival wrote in :
As root, (after using su) set the root password to anything you like by typing: passwd
that will ask you for a new password
If you are well, I just changed the freaking pie into something useful by editing /etc/password changing the entry for 'pi' #pi:x:1000:1000:,,,:/home/pi:/bin/bash pi:x:0:0:,,,:/root:/bin/bash
Now pi has root permissions. I always say, you do not drive your car from the passenger seat !
But then, if you want to hop over for steering all the time ..
I remember Linus (from Linux) saying something along those lines too not so long ago. Way too much root fear, and silly warnings.
OK you may wipe out your pie some day, that is why real men make backups, elsewhere say on a PC dd if=/dev/sdb of=my_raspi_when_it_was_still_working_image.
But is DOES require you to be aware what you type, and understand the system in depth. Same for driving. So whatever you think you can handle.
blah blah bla
obladi oblada?
Whatever
To avoid that do
exec su -l peter
Which replaces pi's shell with peter's.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
There may well not be one, blocking root login by not having a valid password for root is quite common practice these days.
I suggest logging in as pi then run sudo passwd andset a root password that you and nobody else knows.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
This is indeed the case, and has been since the very first Raspbian release.
Agreed, having a root account that can't be logged into makes a lot of sense on servers owned by a business and maintained by several people because using sudo provides an audit trail of who did what with root permissions.
When it's your own box then the only reason not to be root is to reduce the scope for damage from mistakes and malware - these are good enough reasons to make using root rare.
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
Log in as pi and then run 'sudo su -' (no quotes) at the pi prompt, and give pi's password, to get to a root prompt. 'exit' goes back to user pi
That way direct root login is still impossible.
see also : man sudo and man su
-- Chris Elvidge, England
The usual practice anywhere root logins are not supported is to also prevent sudo su - and indeed to lock down sudoers quite carefully. sudo su - is just a backdoor root login.
Why is that desirable on a personal system where there is only one person to blame ?
-- Steve O'Hara-Smith | Directable Mirror Arrays C:\>WIN | A better way to focus the sun The computer obeys and wins. | licences available see You lose and Bill collects. | http://www.sohara.org/
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.