General
Make sudo require password
sudo require passwordsudo visudo /etc/sudoers.d/010_pi-nopasswdChange this line
pi ALL=(ALL) NOPASSWD: ALLTo
pi ALL=(ALL) PASSWD: ALLThe pi entry can be changed to whatever user should be the target.
User management
To add a new user
sudo adduser newusernameSeveral prompts will now appear. The new user will now have a directory at /home/newusername.
To add them to the sudo group and give them all necessary permissions do
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi newusernameCheck all permissions are in place with
sudo su - newusernameIf it runs successfully, the new user is now in the sudo group.
Locking / Expiring an account
Expiring an account completely in order to prevent any type of login can be done with
chage -E 0 usernameWhich can be undone with
chage -E -1 username
# consider changing the password after thisLast updated