The Raspberry Pi OS based on Debian 11 (Bullseye) has undergone some facelift. Most noticeable is the security-related change, which is also very important for the makers of the project: the standard user, which has always been created up to date, is being eliminated. Additional changes should bring simplification to users, such as connecting Bluetooth keyboards and mice. In addition, interested parties can take a look at an early version of Wayland, which developers are currently working on gradually introducing into the Linux distribution.
Goodbye regular users
The standard user, that is, the account that is available on all devices running this operating system, poses a slightly increased security risk. Attackers will only have to guess the password, while the current situation is that a failed login attempt does not allow any conclusions to be drawn as to whether the account exists at all or whether the password was entered incorrectly. Additionally, some countries have enacted laws that prohibit internet-connected devices from performing standard login credentials. The new EU Wireless Equipment Directive requires something like this, among other things.
In order to contain this unnecessary expansion of the attack surface, Raspberry Pi OS maintainers have now made modifications in several places. After first starting up a newly flashed Raspberry Pi, it requires creating a user and password – just as you know it from most current operating systems. The developers have adapted the installation wizard for this. This is used, for example, to set the system language, the password is also requested and can be terminated in the first dialog. The assistant now creates the user account and can no longer be canceled.
Of course, users can still create the user’s pi this way, but they will now receive a warning that this is not a good idea. The situation is similar to the Raspberry Pi OS Lite image which does not require a desktop environment. When you start it for the first time, it asks to create the user account. And the Raspberry Pi Imager does the same when it prepares the installation for a headless operation without a screen and keyboard. You can also use this to create an account that is logged into your desktop when you first start it.
Another way is to create an account on first startup using the userconf or userconf.txt file. To do this, you have to add one line with the extension nutzernamen:verschlüsseltes_passwortHusband included. If necessary, the password encrypts the call echo 'mein_passwort' | openssl passwd -6 -stdin At the station – a distance before echocommand, the call does not end up in the bash log. To make existing installs more secure, the project also created the script to rename the user. This allows renaming an existing account called pi. To do this, administrators must be logged in as pi and sudo rename-user communicate. This leads to a reboot, where the username and password can then be reset. After another restart, the usernames and directory are then modified.
If the software used is programmed correctly, it should work without side effects. However, some programs or projects may use the hard-coded path /home/pi, so this may cause problems. Users should make corrections quickly if necessary.
More improvements
While they were in the process of adapting the installation wizard anyway, the developers also wanted to address an outdated issue. In order to use Bluetooth keyboards and mice, users first had to connect USB peers and pair them with Bluetooth peripherals. It’s much easier now. As long as the wizard remains on the first dialog page, it searches for the Bluetooth devices you wish to pair and connects automatically. In the future, users will just have to put the Bluetooth keyboard and mouse into pairing mode and wait for a short while for the devices on the Raspberry Pi to be used. This works with built-in Bluetooth technology as well as with externally connected Bluetooth devices. These only need to be connected prior to operation.
Raspberry Pi OS maintainers are also switching to Wayland as a replacement for the old X Window system. It should provide more speed and security in the future, but it’s still in the early stages. So, under the Bullseye-based Raspberry Pi OS, they replaced the Openbox window manager with Mutter, which already handles Wayland protocols.
For those who want to get a glimpse into the future of the Raspberry Pi OS now, there is an option to enable experimental Wayland support. After calling from sudo raspi-config You can enable the Wayland option in the advanced settings. After the reboot, the new system is active, but this can not be visually noticeable. At the station, call back echo $XDG_SESSION_TYPE However, clarifying which system is currently working.
In its announcement, the Raspberry Pi project wrote that many things are still not working properly. Among other things, screenshots can’t be created, the screen magnifier doesn’t work, the remote desktop apps don’t work – and the screen resolution adjuster doesn’t work. Also, the Wayland app is not a “pure” version, as the desktop still relies on X features like app connections, which Wayland doesn’t support. The native window manager works like a real Wayland app, but everything else runs under XWayland. At its core is the implementation of X that Wayland uses to render graphics.
Those interested can download the updated images from the Raspberry Pi project download page. To update existing systems, you can simply open Terminal and enter:
sudo apt update sudo apt full-upgrade
However, this does not automatically install the user rename script on a Lite installation. Users can do this using
sudo apt install userconf-pi
repeat. The command will help those who want to install Wayland demo in the current installation
sudo apt install rpi-wayland
tracking.
Update 11/04/2022 1:50 PM: Added that the space before the command prevents it from appearing in the bash log where thieves might be able to find a plaintext version of the password.
(DMK)
Lifelong foodaholic. Professional twitter expert. Organizer. Award-winning internet geek. Coffee advocate.