I recently installed L4T 28.1 on jetson tx1. When I installed using Jetpack, it created a secondary user with the username ‘nvidia’. I cannot delete this account because whenever I try I get a warning that:
userdel: user nvidia is currently used by process 1116
Then if I try to kill that process it instantly respawns.
My question is is this user account some special thing required by the Jetson? Why can I not delete this user?
Thanks
It’s recommended to migrate to using the ‘nvidia’ account, as opposed to the default ‘ubuntu’ user of old, for potential security issue of many IoT platform having ‘ubuntu’ user active. Of course, more secure yet would be to make your own user. The nvidia user is in the video group (see here), which may explain the running process.
Thanks for the response.
If I do make my own user (not nvidia or ubuntu) can I safely delete this nvidia user? Possibly by removing that user from the video group?
To my knowledge the nvidia user isn’t critical to the function of the Jetson, if you still have problems deleting it after removing from the user group, you may want to track down which process it is that would still be running, or check it’s .bashrc or similar for it.
This is not directly what you are asking, but perhaps you may find useful…
You can lock accounts without deleting them. Then the system won’t allow login, but any part of the system needing to execute suid will still work. As an example, I unlike my Jetsons’ root account (via sudo from “ubuntu”), add a password (via sudo from “ubuntu”), run my ssh key copy to that to enable logging in by key, then re-lock the account. As a result I can remote login via key, but otherwise only the original “sudo -s” or “sudo su” works to get to the account (which is nice because my scp or sftp no longer requires a prompt when I have the correct keys on my host, yet all password logins to root are squashed).
Unlocks are done via:
sudo passwd -u <username>
Locks are done via:
sudo passwd -l <username>
As for account names consider that the user ID (UID) and group ID (GID) are what matter for any given functionality tied to that user. User “ubuntu” is always UID/GID 1000/1000. If you rename this account, but keep that UID and GID, then any attempt to login to “ubuntu” will fail…you’d have to use the new name, but the new name would otherwise be 100% exactly matching in behavior to the original “ubuntu” name. Applications using name “ubuntu” would fail, but software depending on the result of commands originally run from “ubuntu”, when run from the new name, would succeed. I prefer just renaming the Ubuntu account on a system, but in the case of a Jetson there might (or might not) be some software you run into which is an add-on looking for user name “ubuntu” instead of just using “sudo”.
Before you try to delete account “nvidia” you might log in as “ubuntu” and see what happens if you lock the account and reboot. This probably won’t risk breaking anything.
If you want some minor addition to security on the “ubuntu” account you might just rename it. See “man usermod” and “man groupmod” when doing this after the account already exists…on a new Ubuntu install you might just start with an alternate name…it’ll still end up UID/GID 1000/1000. User nvidia is UID/GID 1001/1001.
Consider that if you delete a user, then all files on the system with that UID/GID still exist. Those files suddenly have “dangling” ownership, which causes their display to show numeric owners instead of actual names, and can present as a security issue. This may not be an issue if the files are not part of the operating system, but it is something to consider.