Wheezy GPIO Permissions
Raspbian Wheezy is missing a udev rule that grants members of the gpio group read/write access to the device node /dev/gpiomem. Librpip include a file to fix this. From the source directory copy the ./distro/raspbian/99-wheezy-librpip.rules to /etc/udev/rules.d
After a reboot the device node should look like this:
$ ls -l /dev/gpiomem crw-rw---T 1 root gpio 244, 0 Jan 1 1970 /dev/gpiomem
PWM Access Group
Unlike the other peripherals, Raspbian does not have a group for PWM access. This is easily fixed by add a system group that will be used to manage access to the PWM’s, and then add yourself and any other accounts to it
$ sudo groupadd pwm $ sudo usermod -a -G pwm <acccount>
Additional (Optional) Configuration
Here are some additional configuration steps that improve the security of Raspbian.
Firstly, bring the rPi up to date
sudo apt-get update sudo apt-get upgrade
Secondly run raspi-config and configure the internationalisation properly. Pick the UTF8 variant of the locale.
Create a User for Yourself
The default pi/raspberry user is far to well known, so first step is to create a user and give it the necessary rights.
Grant the User Rights
sudo usermod -a -G sudo,adm <username> sudo usermod -a -G audio,cdrom,video,input <username> sudo usermod -a -G spi,i2c,gpio,dialout <username>
If you want to use PWM‘s now is a good time to create the group and add yourself to it.
sudo groupadd pwm sudo usermod -a -G pwm <acccount>
Test User Setup Correctly
Logout from the rPi and log in as yourself
Test you can sudo, this should prompt you for a password and then return root
Disable PI User
Open /etc/shadow and star out pi’s password to make the account inoperable. It should resemble this (actual numbers following the encrypted password may vary, leave them alone)
Disable PI’s Passwordless sudo to Root
Open /etc/sudoers and Comment out pi’s passwordless setup so that it looks like this
#pi ALL=(ALL) NOPASSWD: ALL
Disable Ctrl-Alt-Del = Reboot
sudo rm /lib/systemd/system/ctrl-alt-del.target sudo ln -s /dev/null /lib/systemd/system/ctrl-alt-del.target sudo systemctl daemon-reload
Disable Automatic login
Run raspi-config and select option 3 (Enable Boot to desktop) then select ‘Console Text console, requiring login (default)’.
Interestingly text console is default for Wheezy but graphical desktop (with automatic login) is default for Jessie.
Enable Package Update ‘Nagging’
By default the rPi is pretty quiet about updates. You can run the following command at any time to get a list of updates available.
sudo apt-get upgrade
However if you are familiar with mail systems you can install and configure ‘apticron’ to check automatically and send out an email with the list. This bit is not for the faint hearted. A badly configured mail server can cause all sorts of havoc including having your internet connection suspended by your ISP. So if in doubt just skip this bit.
Firstly install apticron and all required dependancies:
sudo apt-get install apticron
Next you need to reconfigure EXIM so that it can send mail externally. If you don’t know what the questions mean then stop right now.
Next edit the /etc/apticron/apticron.conf and change the email to one you use
# set EMAIL to a space separated list of addresses which will be notified of # impending updates # EMAIL="firstname.lastname@example.org"
Finally update /etc/cron.d/apticron with a sensible nag interval. Man crontab for details. I run mine once a day.
14 3 * * * root if test -x /usr/sbin/apticron; then /usr/sbin/apticron --cron; else true; fi