Minimal configuration

Enable root account

As root account is disabled by default on raspbian, we need to activate it. But before doing that, mount / in read-write mode.

  # mount -o remount,rw /
  # passwd root

And then enter the new password you want.

  $ su root

Rename user

  # usermod -l acdsn pi
  # usermod -m -d /home/acdsn acdsn

Set a password to the user

  # passwd acdsn

Rename group

  # groupmod --new-name acdsn pi

Rename hostname

  # vi /etc/hostname

Replace the existing hostname by the new one.

SSH connection

Generate ssh keys

  $ ssh-keygen -t rsa -b 2048

Add your public key to the server eG file (/home/acdsn/.ssh/eG).

sshd_config file

  # vi /etc/ssh/sshd_config
  
  #ListenAddress 0.0.0.0 -> ListenAddress 127.0.0.1
  #PermitRootLogin prohibit-password -> PermitRootLogin no
  #PubkeyAuthentication yes -> PubkeyAuthentication yes
  #PasswordAuthentication yes -> PasswordAuthentication no

Allow connection from the server

Create the /home/acdsn/.ssh/authorized_keys file and add the server public key.

Turn off usb ports power

uhubctl is utility to control USB power per-port on smart USB hubs. Smart hub is defined as one that implements per-port power switching.
In order to install it, follow the following steps:

  $ git clone git://github.com/mvp/uhubctl.git

Install uhubctl dependency:

  # apt install libusb-1.0-0-dev

Compile the source code:

  $ make

Once the program is compiled, turn off usb ports power. But first, let's check usb ports ids.

   # ./uhubctl
   Current status for hub 1-1 [0424:9514, USB 2.00, 5 ports]
     Port 1: 0503 power highspeed enable connect [0424:ec00]
     Port 2: 0100 power
     Port 3: 0100 power
     Port 4: 0103 power
     Port 5: 0100 power

Now, you have identified the usb ports ids. Turn off their power.

   # ./uhubctl -a on -p 2

After some tests, I figured out that the port 2 is the only that enables/disables all usb port

Add the last command to your crontab table.

  @reboot /home/acdsn/git/uhubctl/uhubctl -a off -p 2

References

https://github.com/mvp/uhubctl
https://www.raspberrypi.org/forums/viewtopic.php?t=217858#p1339349

Change timezone

For me, the default timezone was London. To change it, type:

# dpkg-reconfigure tzdata

Crontabs

Since /var/spool in mounted on tmps, crontab files don't exist and so, crontab will fail. To solve this, move/add crontab files for the user you want.

# vi /etc/cron.d/<username>

0/5 * * * * <username> <command>

Make sure you have the following file rights:

  drwxr-xr-x  2 root root 4096 May  6 11:13
  drwxr-xr-x 89 root root 4096 May  6 11:05 ..
  -rw-r--r--  1 root root  102 Oct  7  2017 .placeholder
  -rw-------  1 root root 1862 May  6 10:41 <username>

The root user MUST be the owner of /etc/cron.d/<username>

Disable bash history

Since /etc/profile is only read by interactive shells (login) and we connect to raspberry pi using acdsn acount, when loging into root acount using su command, the system won't read that file. We could directly modify /etc/bash.bashrc but it could be erased by an update.

acdsn

# vi /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh

#! /bin/bash
 
history -c
set +o history
 
export HISTFILESIZE=0
export HISTSIZE=0
unset HISTFILE

# chmod a+x /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh

# ln -s /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh ./etc/profile.d/noHistory.sh

root

# mv /etc/bash.bashrc /home/acdsn/git/fw-rules/<port number>/etc/
# mv /home/acdsn/git/fw-rules/<port number>/etc/.bashrc /home/acdsn/git/fw-rules/<port number>/etc/bashrc.root
# ln -s /home/acdsn/git/fw-rules/3780/bashrc.root .bashrc

Import noHistory.sh into .bashrc

if [ -r /etc/profile.d/noHistory.sh  ]; then
    . /etc/profile.d/noHistory.sh
fi

Reference: http://www.linuxfromscratch.org/blfs/view/stable/postlfs/profile.html

Bolay's Wiki

Table of Contents