General

Make `sudo` require password

sudo visudo /etc/sudoers.d/010_pi-nopasswd

Change this line

pi ALL=(ALL) NOPASSWD: ALL

pi ALL=(ALL) PASSWD: ALL

The pi entry can be changed to whatever user should be the target.

To add a new user

sudo adduser newusername

Several prompts will now appear. The new user will now have a directory at /home/newusername.

To add them to the sudo group and give them all necessary permissions do

sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi newusername

Check all permissions are in place with

sudo su - newusername

If it runs successfully, the new user is now in the sudo group.

Expiring an account completely in order to prevent any type of login can be done with

chage -E 0 username

Which can be undone with

chage -E -1 username
# consider changing the password after this

Last updated 3 years ago