What changed in Raspberry Pi OS sudo?

Raspberry Pi OS has ended its “open-door” approach to sudo.

In the newest version, using sudo now requires a password by default. The key detail is that the behavior change applies only to new installs—existing Raspberry Pi OS setups are not altered, meaning current devices should keep working as before.

Why this matters

This is a security hardening move aimed at reducing the risk that anyone with local access can immediately elevate privileges without authentication. Requiring a password for sudo is a straightforward control that makes it harder for casual physical access, shared-device scenarios, or misconfigurations to turn into full system compromise.

What users should do

If you’re provisioning new Raspberry Pis, expect an interactive prompt the first time you use sudo. If you manage headless systems or automated provisioning scripts, you may need to adjust workflows so they provide the appropriate sudo credentials.

Because the story specifies the change is limited to new installations, the immediate operational impact should be contained to fresh installs and images—not fleets already running the previous OS.

Bottom line

The upgrade is a direct shift toward better privilege hygiene: less convenience for local privilege escalation, more protection against unauthorized administrative access. Existing installations remain unaffected, so the risk of sudden breakage is lower.