Procedure to drop user pi, and add real users


#1

What is the problem?
For security's sake, I wish to drop user pi, and add the real user monikers in the octoprint (OP) ecosystem.

What did you already try to solve it?

  1. add user and pwd to RPi via kbd and monitor.
  2. thought I read that we also needed to do that in the OP via it's web interface.

No joy.

Additional information about your setup (OctoPrint version, OctoPi version, printer, firmware, octoprint.log, serial.log or output on terminal tab, ...)

Latest as of Sept 12, 2018


#2

So you added a user via the shell. You can log in to that account now? What doesn't work?

The web interface is different, that's the Octoprint interface itself. Your accounts are at [settings]->access control. These two accounts need not match.

Rather than delete the pi user via the terminal, or in addition to it, add your ssh key to authorized_keys and then disable remote password logins:

PermitRootLogin prohibit-password
PermitEmptyPasswords no
PasswordAuthentication no

Want even more security? Install fail2ban and enable it.


#3

It sounds to me like you're confusing octoprint's users with the operating system's users. You cannot simply delete raspbian's "pi" user and expect octoprint to still work as "pi" is the user it's set up to run as.

Operating system users have absolutely nothing at all what so ever to do with your octoprint login users. While I guess it's true you could wipe out the pi user and set up another user under a different name in case anyone tries to gain access to the raspberry pi via the "pi" username, that only "secures" raspbian itself and has zero impact on octoprint's own login/users.

The only reason you would add individual users to raspbian itself is if you wanted to give them the ability to use the operating system for something, like giving your children their own account on a PC with limited access.


#4

The knowledge I lacked was that octoprint has it's OWN user/pwd database, separate from the OS's.