{"id":6843,"date":"2020-09-15T21:15:40","date_gmt":"2020-09-16T01:15:40","guid":{"rendered":"https:\/\/alt-fw.org\/public\/?p=6843"},"modified":"2020-09-15T22:55:17","modified_gmt":"2020-09-16T02:55:17","slug":"building-the-community-computer-lab-file-and-web-server","status":"publish","type":"post","link":"https:\/\/alt-fw.org\/public\/?p=6843","title":{"rendered":"Building the Community Computer Lab \u2013 File Server"},"content":{"rendered":"<figure id=\"attachment_6823\" aria-describedby=\"caption-attachment-6823\" style=\"width: 300px\" class=\"wp-caption alignleft\"><a href=\"https:\/\/www.raspberrypi.org\/products\/raspberry-pi-4-model-b\/\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6823\" data-permalink=\"https:\/\/alt-fw.org\/public\/?attachment_id=6823\" data-orig-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?fit=1090%2C522&amp;ssl=1\" data-orig-size=\"1090,522\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"rpi-sales-slide\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;The Raspberry Pi&lt;\/p&gt;\n\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?fit=640%2C306&amp;ssl=1\" class=\"wp-image-6823 size-medium\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?resize=300%2C144&#038;ssl=1\" alt=\"Raspberry-Pi sales slide\" width=\"300\" height=\"144\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?resize=300%2C144&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?resize=150%2C72&amp;ssl=1 150w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?resize=768%2C368&amp;ssl=1 768w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/rpi-sales-slide.png?w=1090&amp;ssl=1 1090w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-6823\" class=\"wp-caption-text\">The Raspberry Pi Intro <a href=\"https:\/\/youtu.be\/sajBySPeYH0\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/youtu.be\/sajBySPeYH0<\/a><\/figcaption><\/figure>\n<p><span style=\"color: #993300;\"><strong>CAVEAT: The information provided herein is most likely exactly correct, HOWEVER use it at your own risk:\u00a0<\/strong><\/span><span style=\"color: #993300;\"><strong>we assume no risk or liability. Do your own evaluation and make your own choices.<\/strong><\/span><\/p>\n<p>In previous articles we have shared how we decided on the design of our public computer lab, selected and assembled the parts, installed the GNU\/Linux and Microsoft operating systems, and configured the computers for security and some automatic things to make our lab fairly pain free to manage and maintain.<\/p>\n<p>A large part of this automation is an amazingly inexpensive and easily <!--more-->configured device, the Raspberry Pi computer. We will share how we selected this tiny $35 computer instead of a $750 PC server, and how we made and programmed all the simple but very helpful things that it does to keep our lab looking snazzy, high tech, and mostly sparing us much effort in keeping it all running.<\/p>\n<h2>Selection<\/h2>\n<p>WikiPedia describes the RPi in this way:<\/p>\n<figure id=\"attachment_6825\" aria-describedby=\"caption-attachment-6825\" style=\"width: 300px\" class=\"wp-caption alignright\"><a href=\"http:\/\/one.laptop.org\/\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6825\" data-permalink=\"https:\/\/alt-fw.org\/public\/?attachment_id=6825\" data-orig-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?fit=744%2C565&amp;ssl=1\" data-orig-size=\"744,565\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"olpc-2\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;OLPC in Nepal. For the story see http:\/\/one.laptop.org\/&lt;\/p&gt;\n\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?fit=640%2C486&amp;ssl=1\" class=\"size-medium wp-image-6825\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?resize=300%2C228&#038;ssl=1\" alt=\"\" width=\"300\" height=\"228\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?resize=300%2C228&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?resize=150%2C114&amp;ssl=1 150w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-2.png?w=744&amp;ssl=1 744w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-6825\" class=\"wp-caption-text\">OLPC in Nepal. For the story see <a href=\"http:\/\/one.laptop.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/one.laptop.org\/<\/a><\/figcaption><\/figure>\n<p>The\u00a0<b>Raspberry Pi<\/b>\u00a0(<span class=\"rt-commentedText nowrap\"><span class=\"IPA nopopups noexcerpt\"><a title=\"Help:IPA\/English\" href=\"https:\/\/en.wikipedia.org\/wiki\/Help:IPA\/English\">\/<span title=\"'p' in 'pie'\">p<\/span><span title=\"\/a\u026a\/: 'i' in 'tide'\">a\u026a<\/span>\/<\/a><\/span><\/span>) is a series of small\u00a0<a title=\"Single-board computer\" href=\"https:\/\/en.wikipedia.org\/wiki\/Single-board_computer\">single-board computers<\/a>\u00a0developed in the\u00a0<a title=\"United Kingdom\" href=\"https:\/\/en.wikipedia.org\/wiki\/United_Kingdom\">United Kingdom<\/a>\u00a0by the\u00a0<a title=\"Raspberry Pi Foundation\" href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi_Foundation\">Raspberry Pi Foundation<\/a>\u00a0to promote teaching of basic\u00a0<a title=\"Computer science\" href=\"https:\/\/en.wikipedia.org\/wiki\/Computer_science\">computer science<\/a>\u00a0in schools and in\u00a0<a class=\"mw-redirect\" title=\"Developing countries\" href=\"https:\/\/en.wikipedia.org\/wiki\/Developing_countries\">developing countries<\/a>.<sup id=\"cite_ref-13\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-13\">[13]<\/a><\/sup><sup id=\"cite_ref-14\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-14\">[14]<\/a><\/sup><sup id=\"cite_ref-15\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-15\">[15]<\/a><\/sup>\u00a0The original model became far more popular than anticipated,<sup id=\"cite_ref-1000x_16-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-1000x-16\">[16]<\/a><\/sup>\u00a0selling outside its\u00a0<a title=\"Target market\" href=\"https:\/\/en.wikipedia.org\/wiki\/Target_market\">target market<\/a>\u00a0for uses such as\u00a0<a title=\"Robotics\" href=\"https:\/\/en.wikipedia.org\/wiki\/Robotics\">robotics<\/a>. It is now widely used even in research projects, such as for weather monitoring<sup id=\"cite_ref-17\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-17\">[17]<\/a><\/sup>\u00a0because of its low cost and portability. It does not include peripherals (such as\u00a0<a class=\"mw-redirect\" title=\"Keyboard (computing)\" href=\"https:\/\/en.wikipedia.org\/wiki\/Keyboard_(computing)\">keyboards<\/a>\u00a0and\u00a0<a class=\"mw-redirect\" title=\"Mouse (computing)\" href=\"https:\/\/en.wikipedia.org\/wiki\/Mouse_(computing)\">mice<\/a>) or\u00a0<a title=\"Computer case\" href=\"https:\/\/en.wikipedia.org\/wiki\/Computer_case\">cases<\/a>. However, some accessories have been included in several official and unofficial bundles.<sup id=\"cite_ref-1000x_16-1\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi#cite_note-1000x-16\">[16]<\/a><\/sup><\/p>\n<figure id=\"attachment_6824\" aria-describedby=\"caption-attachment-6824\" style=\"width: 300px\" class=\"wp-caption alignleft\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"6824\" data-permalink=\"https:\/\/alt-fw.org\/public\/?attachment_id=6824\" data-orig-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?fit=620%2C345&amp;ssl=1\" data-orig-size=\"620,345\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"olpc-1\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;OLPC in Nagorno Karabakh and Armenia http:\/\/one.laptop.org\/&lt;\/p&gt;\n\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?fit=620%2C345&amp;ssl=1\" class=\"size-medium wp-image-6824\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?resize=300%2C167&#038;ssl=1\" alt=\"\" width=\"300\" height=\"167\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?resize=300%2C167&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?resize=150%2C83&amp;ssl=1 150w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/olpc-1.png?w=620&amp;ssl=1 620w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><figcaption id=\"caption-attachment-6824\" class=\"wp-caption-text\">OLPC in Nagorno Karabakh and Armenia <a href=\"http:\/\/one.laptop.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/one.laptop.org\/<\/a><\/figcaption><\/figure>\n<p>Preparing the way for the RPi was the <a href=\"https:\/\/en.wikipedia.org\/wiki\/One_Laptop_per_Child\" target=\"_blank\" rel=\"noopener noreferrer\">One Laptop Per Child<\/a> (OLPC) project, which was intended &#8220;to enable a $100 laptop, which would enable constructionist learning, would revolutionize education, and would bring the world&#8217;s knowledge to all children&#8221;. OLPC developed a way to create a very affordable and child-rugged laptop computer so well thought out and constructed that it would remain reliably in service even in remote villages possibly with no Internet and no electricity.<\/p>\n<figure style=\"width: 200px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.arduino.cc\/\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/3\/38\/Arduino_Uno_-_R3.jpg\" alt=\"\" width=\"200\" height=\"200\" \/><\/a><figcaption class=\"wp-caption-text\">The Arduino Uno &#8211; a very popular SBC (single board computer) using the ARM chipset<\/figcaption><\/figure>\n<p>OLPC was deemed a failure by the project team because its goal was a laptop cost of $100 and they did not achieve that: the final cost was a few dollars more, yet the reverberations of the design shattered the $1,500 &#8211; $2,000USD retail price then common for laptop and notebook computers. Today we can find notebooks on sale starting for around $350USD, and <a href=\"https:\/\/www.google.com\/chromebook\/chrome-os\/\" target=\"_blank\" rel=\"noopener noreferrer\">Chrome Books<\/a> or OLPC notebooks for around $200USD at some retailers. Knowledge is power, and in my opinion OLPC was a success, because it demonstrated that we can do better, and it inspired us to so do.<\/p>\n<p>The Arduino and The Raspberry Pi (RPi) project came soon after OLPC. The <a href=\"https:\/\/en.wikipedia.org\/wiki\/Arduino\" target=\"_blank\" rel=\"noopener noreferrer\">Arduino Project<\/a> started in 2005 and has a price point around $25USD, however it&#8217;s use is rather technical, and it is not intended to be powerful enough to serve as a desktop computer but rather as an aid in Performing Arts. In year 2012, a group developed the RPi for use in teaching school students the rudiments of computer programming and (I think) to inspire them to pursue careers in Science, Technology, Engineering, and Math (STEM). The price point was low for a desktop computer. The <a href=\"https:\/\/www.arduino.cc\/\" target=\"_blank\" rel=\"noopener noreferrer\">Arduino<\/a> does not have an O\/S suitable for non-technical users, while the RPi O\/Ses &#8211; there are many &#8211; provide a very familiar look and feel from GNU\/Linux to Windows 10.<\/p>\n<p>Our decision to try the RPi was based upon its long running popularity and technical capacity that\u00a0 intersect with our social goals as a public charity dedicated to improving the life of our community, including our global community . RPi&#8217;s are available today from many retailers, starting at about $35USD for the board alone, or more for kits containing the RPi board plus some additional parts needed to actually use it. We purchased a kit assembled by <a href=\"https:\/\/vilros.com\/collections\/raspberry-pi-kits\" target=\"_blank\" rel=\"noopener noreferrer\">Vilros<\/a>, the <a href=\"https:\/\/www.newegg.com\/p\/1HD-005N-00082?Item=9SIAHUBA2T7836\" target=\"_blank\" rel=\"noopener noreferrer\">Vilros Raspberry Pi 4 Complete Kit with Clear Transparent Fan Cooled Case (4GB)<\/a>, for which we paid $99.99USD\u00a0 at <a href=\"http:\/\/newegg.com\" target=\"_blank\" rel=\"noopener noreferrer\">Newegg.com<\/a>. Vilros looks to be a big vendor with many products, but there are many other vendors available. We decided on the RPi 4B with 4GB of RAM.<\/p>\n<div class=\"jetpack-video-wrapper\"><iframe loading=\"lazy\" title=\"Vilros Raspberry Pi 4 Model B Complete Starter Kit with Clear Transparent and Built in Fan\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/ghfB2eV7h8A?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<h2>UnBoxing, Assembly, and Desktop Setup<\/h2>\n<p>Setup instructions are available from the Raspberry Pi organization at <a href=\"https:\/\/projects.raspberrypi.org\/en\/projects\/raspberry-pi-setting-up\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/projects.raspberrypi.org\/en\/projects\/raspberry-pi-setting-up<\/a>.<\/p>\n<figure style=\"width: 210px\" class=\"wp-caption alignright\"><a href=\"https:\/\/projects.raspberrypi.org\/en\/projects\/raspberry-pi-setting-up\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/projects-static.raspberrypi.org\/projects\/raspberry-pi-setting-up\/15cbdc65a6cca58478df85d8469b6722bf74380b\/en\/images\/pi-plug-in.gif?resize=210%2C150&#038;ssl=1\" alt=\"\" width=\"210\" height=\"150\" \/><\/a><figcaption class=\"wp-caption-text\">Please see &#8220;Setting up your Raspberry Pi&#8221; at https:\/\/projects.raspberrypi.org\/en\/projects\/raspberry-pi-setting-up for help setting up your RPi.<\/figcaption><\/figure>\n<p>If you unbox your RPi and it is not immediately clear to you exactly how it fits together, you can always look at the pictures in the book. The circuit board fits into the plastic case only one way, the heat sinks stick to the top of the chips (see the picture in the book to know <em>which<\/em> chips), the HDMI cable plugs into\u00a0your screen and the first HDMI port (beside the power port), the power plugs into the power port and the wall outlet, the provided micro SD chip plugs into the micro SD slot, your keyboard and mouse into the USB slots. When first you turn it on the RPi <em>New Out Of the Box Software, hereafter <span style=\"color: #ff0000;\"><strong>NOOBS<\/strong><\/span><\/em>, will prepare the SD chip, then ask you several questions about how you want to use your RPi. After you type in your time zone and such you&#8217;re ready to use it as a desktop. Just like that.<\/p>\n<p><em><strong><span style=\"color: #800080;\">One could deploy these instead of desktop PCs<\/span><\/strong>, <\/em>for example in a public housing setting dedicated to improving the economic sustainability and self sufficiency of the patrons by teaching computer job skills and facilitating access to on-line job searches and communications: <span style=\"color: #800080;\">1) they are cheap enough<\/span> to buy several even on a limited budget, <span style=\"color: #800080;\">2) they make for a contemporary modern atmosphere<\/span> to inspire job seekers through having them use something nice to look for work, and 3) they are small enough to be easily collected and stored for the night should there be concerns. <span style=\"color: #800080;\">A better option<\/span> for this need is the <a href=\"https:\/\/www.google.com\/chromebook\/shop\/\" target=\"_blank\" rel=\"noopener noreferrer\">Chrome Book<\/a> notebook PC, which grew out of the <a href=\"http:\/\/one.laptop.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">OLPC project<\/a>: 1) <a href=\"https:\/\/www.google.com\/chromebook\/shop\/\" target=\"_blank\" rel=\"noopener noreferrer\">Chrome Books<\/a> are one piece and very non-technical staff will have almost no learning setting them up, and 2) ChromeBooks sell in a ready-to-use configuration out of the box<a href=\"https:\/\/www.google.com\/chromebook\/device\/lenovo-n23-chromebook\/\" target=\"_blank\" rel=\"noopener noreferrer\"> starting at $179 from Google Store<\/a>, while an RPi at $99.99 still needs a monitor, a keyboard, and a mouse.<\/p>\n<p><strong><span style=\"color: #800080;\">As an internal file server, the RPi works very well<\/span><\/strong>, and once programmed it has no need for a monitor, keyboard, or mouse. The RPi was <span style=\"color: #800080;\">designed for lab learning<\/span> and it has the <span style=\"color: #800080;\">GPIO bus exposed<\/span> where students can easily connect their inventions to the RPi and experiment. In an environment where the computer lab may also be used <span style=\"color: #800080;\">for S.T.E.M. youth classes<\/span>, the RPi would be a better choice than the Chrome Book.<\/p>\n<h2>Getting your hands dirty<\/h2>\n<p>Creating new user accounts and installing software packages using GNU\/Linux command line instructions (CLI) might feel a bit new if you are using Raspbian, because it involves typing commands instead of clicking things, but it is very do-able. If you are only using the RPi as a desktop replacement, you won&#8217;t need to bother with such details. Stop here.<\/p>\n<p><strong><span style=\"color: #800080;\">If you purpose to build your own file or web servers you probably already are comfortable with the GNU\/Linux command line instructions.<\/span><\/strong> The GNU\/Linux type server is the most common server on the planetary World Wide Web, and Debian is a <span style=\"color: #ff0000;\"><strong><em>very<\/em><\/strong><\/span> popular flavor of GNU\/Linux, and <span style=\"color: #800080;\">Raspbian<\/span> is a flavor of <span style=\"color: #800080;\">Debian<\/span>, as are Ubuntu and Mint.<\/p>\n<p><strong><span style=\"color: #800080;\">If you are familiar with any kind of Debian GNU\/Linux servers you will immediately grasp configuring the RPi<\/span><\/strong>. Even most of the software packages go by the same name, the one exception that I encountered during setup of the web server was MySQL which is called MariaDB under Raspbien. SSH, UFW, GUFW, fail2ban, iptables, php, curl, wget, apache2, make, apt, apt-get &#8212; they are all there with the same look and feel, in the same locations and works the same way it always has in bigger hardware. Yes, they also have systemctl but at least you are allowed to choose between using classic understandable &#8220;eth0&#8221; and the &#8220;new and better predictable enp2s0&#8221; for ethernet port names.<\/p>\n<p>I was very impressed.<\/p>\n<h2>File server setup<\/h2>\n<p>I&#8217;m anticipating at this point that if you are intending to make a File Server or a Web Server that you either already have done this in different computers or you are technically inclined enough that you have no issue with learning a bit about Debian Linux using web searches. Online documentation is readily available.<\/p>\n<p>If you haven&#8217;t purchased or made your NOOBS SD chip yet, make your chip. Select a Micro SD chip large enough (16GB -&gt; 2TB is fine, 8GB will actually work but it&#8217;s a bit tight) for your file server disk, preferably a class 10 or faster. The Raspberry Pi organization recommends that first time users use their <a href=\"https:\/\/www.raspberrypi.org\/downloads\/\">Raspberry Pi Imager<\/a>.<\/p>\n<blockquote><p>We recommend that beginners start with\u00a0<a href=\"https:\/\/www.raspberrypi.org\/downloads\/\">Raspberry Pi Imager<\/a>, an easy way to install Raspberry Pi OS and other operating systems to an SD card ready to use with your Raspberry Pi.<\/p><\/blockquote>\n<p>If you want to do it yourself then stick the micro SD into your GNU\/Linux PC, create a MSDOS file system on the chip, then create a FAT-32 (ext) partition using the whole chip. NOOBS will re-size this partition and create others while you watch. GParted is what I use but it doesn&#8217;t matter how you do it, you can use fdisk or something else.<\/p>\n<div class=\"tiled-gallery type-rectangular tiled-gallery-unresized\" data-original-width=\"640\" data-carousel-extra='{&quot;blog_id&quot;:1,&quot;permalink&quot;:&quot;https:\\\/\\\/alt-fw.org\\\/public\\\/?p=6843&quot;,&quot;likes_blog_id&quot;:51180469}' itemscope itemtype=\"http:\/\/schema.org\/ImageGallery\" > <div class=\"gallery-row\" style=\"width: 640px; height: 304px;\" data-original-width=\"640\" data-original-height=\"304\" > <div class=\"gallery-group images-1\" style=\"width: 445px; height: 304px;\" data-original-width=\"445\" data-original-height=\"304\" > <div class=\"tiled-gallery-item tiled-gallery-item-large\" itemprop=\"associatedMedia\" itemscope itemtype=\"http:\/\/schema.org\/ImageObject\"> <a href=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?ssl=1\" border=\"0\" itemprop=\"url\"> <meta itemprop=\"width\" content=\"441\"> <meta itemprop=\"height\" content=\"300\"> <img decoding=\"async\" class=\"\" data-attachment-id=\"6906\" data-orig-file=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png\" data-orig-size=\"781,531\" data-comments-opened=\"\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot at 2020-08-22 13-23-25\" data-image-description=\"\" data-medium-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?fit=300%2C204&#038;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?fit=640%2C435&#038;ssl=1\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?w=441&#038;h=300&#038;ssl=1\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?w=781&amp;ssl=1 781w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?resize=300%2C204&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?resize=150%2C102&amp;ssl=1 150w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-23-25.png?resize=768%2C522&amp;ssl=1 768w\" width=\"441\" height=\"300\" loading=\"lazy\" data-original-width=\"441\" data-original-height=\"300\" itemprop=\"http:\/\/schema.org\/image\" title=\"Screenshot at 2020-08-22 13-23-25\" alt=\"Screenshot at 2020-08-22 13-23-25\" style=\"width: 441px; height: 300px;\" \/> <\/a> <\/div> <\/div> <!-- close group --> <div class=\"gallery-group images-2\" style=\"width: 195px; height: 304px;\" data-original-width=\"195\" data-original-height=\"304\" > <div class=\"tiled-gallery-item tiled-gallery-item-small\" itemprop=\"associatedMedia\" itemscope itemtype=\"http:\/\/schema.org\/ImageObject\"> <a href=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?ssl=1\" border=\"0\" itemprop=\"url\"> <meta itemprop=\"width\" content=\"191\"> <meta itemprop=\"height\" content=\"185\"> <img decoding=\"async\" class=\"\" data-attachment-id=\"6905\" data-orig-file=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png\" data-orig-size=\"611,593\" data-comments-opened=\"\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screenshot at 2020-08-22 13-25-00\" data-image-description=\"\" data-medium-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?fit=300%2C291&#038;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?fit=611%2C593&#038;ssl=1\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?w=191&#038;h=185&#038;ssl=1\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?w=611&amp;ssl=1 611w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?resize=300%2C291&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/Screenshot-at-2020-08-22-13-25-00.png?resize=150%2C146&amp;ssl=1 150w\" width=\"191\" height=\"185\" loading=\"lazy\" data-original-width=\"191\" data-original-height=\"185\" itemprop=\"http:\/\/schema.org\/image\" title=\"Screenshot at 2020-08-22 13-25-00\" alt=\"Screenshot at 2020-08-22 13-25-00\" style=\"width: 191px; height: 185px;\" \/> <\/a> <\/div> <div class=\"tiled-gallery-item tiled-gallery-item-small\" itemprop=\"associatedMedia\" itemscope itemtype=\"http:\/\/schema.org\/ImageObject\"> <a href=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?ssl=1\" border=\"0\" itemprop=\"url\"> <meta itemprop=\"width\" content=\"191\"> <meta itemprop=\"height\" content=\"111\"> <img decoding=\"async\" class=\"\" data-attachment-id=\"6907\" data-orig-file=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png\" data-orig-size=\"417,243\" data-comments-opened=\"\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"terminal\" data-image-description=\"\" data-medium-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?fit=300%2C175&#038;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?fit=417%2C243&#038;ssl=1\" src=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?w=191&#038;h=111&#038;ssl=1\" srcset=\"https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?w=417&amp;ssl=1 417w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?resize=300%2C175&amp;ssl=1 300w, https:\/\/i0.wp.com\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/terminal.png?resize=150%2C87&amp;ssl=1 150w\" width=\"191\" height=\"111\" loading=\"lazy\" data-original-width=\"191\" data-original-height=\"111\" itemprop=\"http:\/\/schema.org\/image\" title=\"terminal\" alt=\"terminal\" style=\"width: 191px; height: 111px;\" \/> <\/a> <\/div> <\/div> <!-- close group --> <\/div> <!-- close row --> <\/div>\n<p>Download the NOOBS file archive from the RaspberryPI project at <a href=\"https:\/\/www.raspberrypi.org\/downloads\/noobs\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/downloads\/noobs\/<\/a>. Follow the Windows, Mac, or GNU\/Linux instructions on the Raspberri Pi Org web site to prepare the chip, or extract the archive to the fixed disk then copy the NOOBS files to the SD chip you formated with the FAT-32 partition. Un-mount \/ &#8220;eject&#8221; the SD chip, put it into the SD slot on the RPi, connect the RPI to your screen etc, and power up the RPI.<\/p>\n<div style=\"width: 640px;\" class=\"wp-video\"><video class=\"wp-video-shortcode\" id=\"video-6843-1\" width=\"640\" height=\"360\" poster=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/IMG_1210-1.jpg\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/output.mp4?_=1\" \/><a href=\"https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/output.mp4\">https:\/\/alt-fw.org\/public\/wp-content\/uploads\/2020\/08\/output.mp4<\/a><\/video><\/div>\n<h3>Raspbien Install<\/h3>\n<p>When the RPi is powered up for the first time with this SD chip, NOOBS proceeds to arrange things to its liking. Eventually the device is ready for initial configuration. The screens I see immediately after clicking Next ask for details, such as the location.<\/p>\n<p>Enter the country, such as United States, language, and time zone. When you click next there should be a pause as the RPi fetches time data and you should see the clock in the upper right of the screen update to the correct time.<\/p>\n<p>Enter a new password for the default &#8216;pi&#8217; user account.\u00a0 Write it down until you are done.<\/p>\n<p>If you will be using the wireless network interface, select the correct SSID from the list and fill in the appropriate credentials. Wireless should connect when you click next.<\/p>\n<p>System software will now be checked for available updates. This didn&#8217;t work the first time I did it but it has always worked subsequent times, on various RPi&#8217;s. I have deduced that 2:00PM EDT is optimal for updating from the RPi repo as evenings the repo throws errors. This may be a good time to take a personal break while the RPi is busy. Eventually you should see a box that says &#8220;System is up to date&#8221; and click OK.<\/p>\n<p>The next screen should say that installation is complete and you may restart now or later. Restart now and we can proceed with setting up the server aspects of our little RPi. In theory you could clone the SD chip at this point to make several &#8220;clean&#8221; chips ready to put into however many RPi&#8217;s.<\/p>\n<h3>Desktop Orientation<\/h3>\n<p>The task bar is across the top. If you want it across the bottom, right click the task bar and on the pop up menu click Panel Settings. Under the first group which is named Edge, see the Radio Button &#8220;Top&#8221; is selected, click Bottom. Changes are immediate. You can put it back the same way.<\/p>\n<p>The Desktop background may be set in the usual way, right click the desktop, choose Desktop Preferences, and configure. <strong>NOTE<\/strong> If you <strong>insert a USB stick<\/strong> to copy pictures, the <strong>UnMount<\/strong> control <strong>is by the clock<\/strong> as in Microsoft Windows &#8211; there is no right click unmount on the desktop icon or in the file browser.<\/p>\n<h4>Network<\/h4>\n<p><span style=\"color: #800080;\">Network and WiFi<\/span> are visible <span style=\"color: #800080;\">next to the clock<\/span> on the task bar. <span style=\"color: #800080;\">Right click<\/span> the WiFi <span style=\"color: #800080;\">fly swatter<\/span> for a <span style=\"color: #800080;\">pop up menu<\/span>. To select a WiFi SSID click it and enter any relevant credentials. To turn off Wifi click the top item, &#8220;Turn Off WiFi&#8221;. Turning off WiFi replaces the fly swatter with the Up Down arrows to indicate a hardwired Ethernet LAN. Right clicking either the fly swatter or up down arrows opens the pop up menu with &#8220;Wireless &amp; Wired Network Settings&#8221;, which allows you to assign auto, DHCP, or static IP information to either or both interfaces and disable IPv6.<\/p>\n<h4>Preferences, Raspberry Pi Configuration<\/h4>\n<p>The Start Button (Raspberry icon) has an entry <span style=\"color: #800080;\"><strong>Logout<\/strong><\/span> which brings up a <span style=\"color: #800080;\">dialog box<\/span> with <span style=\"color: #800080;\">choices<\/span> <span style=\"color: #800080;\">Shut Down<\/span>, <span style=\"color: #800080;\">Reboot<\/span>, and <span style=\"color: #800080;\">Logout<\/span>. The other thing of note on the <strong><span style=\"color: #800080;\">start menu<\/span><\/strong> is the <strong><span style=\"color: #800080;\">Preferences<\/span><\/strong> entry, which leads to <strong><span style=\"color: #800080;\">Raspberry Pi Configuration<\/span><\/strong> and some other useful things.<\/p>\n<p>The first tab on the <strong><span style=\"color: #800080;\">Raspberry Pi Configuration<\/span><\/strong> dialog box is <strong><span style=\"color: #800080;\">System<\/span><\/strong>. Change the <span style=\"color: #800080;\">Hostname<\/span> to something different from <span style=\"color: #800080;\">RaspberryPi<\/span>. Un-check the <em><span style=\"color: #800080;\">Login as Pi<\/span><\/em> box.<\/p>\n<p>The third tab is Interfaces. <span style=\"text-decoration: underline;\"><span style=\"color: #800080; text-decoration: underline;\"><strong>Turn on SSH<\/strong><\/span><\/span> by clicking the enable next to it. Click OK, and SSH is now on. We will configure it more, later.<\/p>\n<h3>Not Server Pro<\/h3>\n<p>Server Pros, please <span style=\"color: #0000ff;\"><a style=\"color: #0000ff; background-color: white; font-size: 120%;\" href=\"#Server_Pros\">GOTO Server Pros<\/a><\/span> .<\/p>\n<h4>RPi Setup Documentation<\/h4>\n<p>The RaspberryPi organization provides good documentation on how to set up your RPi for various jobs. Before you proceed you should read through <a href=\"https:\/\/www.raspberrypi.org\/documentation\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/<\/a> and learn directly from the Raspberry Pi Documentation.<\/p>\n<p>What follows are in depth instructions.<\/p>\n<h4>Quickly finding how to use Command Line Instructions (CLI)<\/h4>\n<p>Moving forward you can use the <strong>man<\/strong> command to learn what parameters a CLI needs and you can use <strong>apropos<\/strong> to figure out what CLI you want to use. Type <strong>man<\/strong> followed by the CLI you wish to know more about.<\/p>\n<pre><strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span> <span style=\"color: #800080;\">man passwd<\/span><\/strong>\r\nPASSWD(1) User Commands PASSWD(1)\r\n\r\nNAME\r\npasswd - change user password\r\n\r\nSYNOPSIS\r\npasswd [options] [LOGIN]\r\n\r\nDESCRIPTION\r\nThe passwd command changes passwords for user accounts. A normal user may only change the password for his\/her\r\nown account, while the superuser may change the password for any account. passwd also changes the account or\r\nassociated password validity period.\r\n\r\nPassword Changes\r\nThe user is first prompted for his\/her old password, if one is present. \r\n<strong><span style=\"color: black; background-color: white;\">\r\nThis password Manual page passwd(1) line 1 (press h for help or q to quit)<\/span><\/strong><\/pre>\n<p>You can scroll up and down with PgUp and PgDn and the arrow keys. Pressing Space Bar will also PgDn. Pressing Q will quit and return to the CLI.<\/p>\n<p><strong>Apropos<\/strong> is similar: you type <strong>apropos<\/strong> followed by what you are trying to figure out &#8211; kind of a primitive search.<\/p>\n<pre><strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span> <span style=\"color: #800080;\">apropos groups<\/span><\/strong>\r\ncgroups (7) - Linux control groups\r\ngetgrouplist (3) - get list of groups to which a user belongs\r\ngetgroups (2) - get\/set list of supplementary group IDs\r\ngetgroups32 (2) - get\/set list of supplementary group IDs\r\ngroups (1) - print the groups a user is in\r\ngrpconv (8) - convert to and from shadow passwords and groups\r\ngrpunconv (8) - convert to and from shadow passwords and groups\r\ninitgroups (3) - initialize the supplementary group access list\r\nmake (1) - GNU make utility to maintain groups of programs\r\npwconv (8) - convert to and from shadow passwords and groups\r\npwunconv (8) - convert to and from shadow passwords and groups\r\nsetgroups (2) - get\/set list of supplementary group IDs\r\nsetgroups32 (2) - get\/set list of supplementary group IDs\r\nsystemd-cgtop (1) - Show top control groups by their resource usage\r\nsystemd-sysusers (8) - Allocate system users and groups\r\nsystemd-sysusers.service (8) - Allocate system users and groups\r\nsysusers.d (5) - Declarative allocation of system users and groups\r\n<strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span> <\/strong><\/pre>\n<p>Now we are ready to set up the user accounts that we intend to use in the RPi.<\/p>\n<h4>User Accounts and Permits<\/h4>\n<p>GNU\/Linux uses one administrator account, root. Everyone logs in with their &#8220;normal&#8221; user account. When administration is needed one &#8220;shells up&#8221; to root with the <span style=\"color: #800080;\"><strong>su &#8211;<\/strong><\/span> command. But we need to know the password for root to shell to root, and we must be root to add users.<\/p>\n<p>On your RPi, using terminal create a password for root that you know. Since we have no idea what the password, if any, is for root right out of the box, and as such we cannot shell up to root with <span style=\"color: #800080;\"><strong>su &#8211;<\/strong><\/span>, we will use the sudo command to set the password for root to something that we do know. Thereafter this will not impede us from getting work done. Note: passwords do not echo at the command line in GNU\/Linux &#8211; as you type nothing seems to happen until you press ENTER.<\/p>\n<pre><span style=\"color: #339966;\"><strong>pi@raspberrypi:~$<\/strong><\/span> <strong><span style=\"color: #800080;\">sudo passwd root<\/span><\/strong>\r\n<span style=\"color: #339966;\">New password: <span style=\"color: #ff6600;\">(type the new password here - nothing will echo)<\/span><\/span>\r\n<span style=\"color: #339966;\">Retype new password: <span style=\"color: #ff6600;\">(type the new password here again)<\/span>\r\npasswd: password updated successfully\r\n<strong>pi@raspberrypi:~<\/strong>$ <strong><span style=\"color: #800080;\">su -<\/span><\/strong>\r\nPassword:\r\n<strong><span style=\"color: #ff0000;\">root@raspberrypi:~#<\/span><\/strong><\/span><\/pre>\n<h4>User Accounts<\/h4>\n<p>The password for the default &#8216;pi&#8217; account you already changed during installation. We still need this account for now, but will remove it later. We will add accounts for Manager and Walk Up User. One thing I have not found on the RPi out-of-the-box is user management. Adding \/ deleting \/ changing accounts is done from the command line. We will use adduser in this post.<\/p>\n<p>We must be root to create or change accounts, so we shell to root. Type <strong>su &#8211;<\/strong> and enter the root password when prompted. Note there is a dash after the su.<\/p>\n<pre><strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span><\/strong> <strong><span style=\"color: #800080;\">su -<\/span><\/strong>\r\n<span style=\"color: #339966;\">Password:<\/span> \r\n<span style=\"color: #ff0000;\"><strong>root@raspberrypi:~#<\/strong><\/span><\/pre>\n<p><span style=\"color: #ff0000;\"><strong><em>When you are in your normal user account the prompt is a dollar sign (<span style=\"color: #000000;\">$<\/span>) but when you are shelled to root the prompt is a pound sign (<span style=\"color: #000000;\">#<\/span>).<\/em> <\/strong>When you are shelled to root the RPi will do exactly what you tell it to do, whether that is what you intended or not. Type carefully, grasshopper. To drop back down to your normal account you type <span style=\"color: #000000;\"><strong>exit<\/strong><\/span>, but we will stay shelled to root to do some work here.<\/span><\/p>\n<p>Now we can create accounts for <strong>Manager<\/strong>, which will be what we use to maintain the RPi, and <strong>Walk Up User<\/strong> which is for other people who are not administrators, if any.<\/p>\n<pre><strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span> <span style=\"color: #800080;\">su -<\/span><\/strong>\r\nPassword: \r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~#<\/span> <span style=\"color: #800080;\">adduser manager<\/span><\/strong>\r\nAdding user `manager' ...\r\nAdding new group `manager' (1001) ...\r\nAdding new user `manager' (1001) with group `manager' ...\r\nCreating home directory `\/home\/manager' ...\r\nCopying files from `\/etc\/skel' ...\r\n<strong><span style=\"color: #339966;\">New password:<\/span><\/strong> \r\n<strong><span style=\"color: #339966;\">Retype new password:<\/span><\/strong> \r\npasswd: password updated successfully\r\nChanging the user information for manager\r\nEnter the new value, or press ENTER for the default\r\nFull Name []: <strong><span style=\"color: #800080;\">Manager<\/span><\/strong>\r\nRoom Number []: \r\nWork Phone []: <strong><span style=\"color: #800080;\">260.432.0014 x128<\/span><\/strong>\r\nHome Phone []: \r\nOther []: \r\nIs the information correct? [Y\/n] <strong><span style=\"color: #800080;\">Y<\/span><\/strong>\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~#<\/span> <span style=\"color: #800080;\">adduser usr<\/span><\/strong>\r\nAdding user `usr' ...\r\nAdding new group `usr' (1002) ...\r\nAdding new user `usr' (1002) with group `usr' ...\r\nCreating home directory `\/home\/usr' ...\r\nCopying files from `\/etc\/skel' ...\r\n<strong><span style=\"color: #339966;\">New password:<\/span><\/strong> \r\n<span style=\"color: #800080;\"><strong>Retype new password:<\/strong><\/span> \r\npasswd: password updated successfully\r\nChanging the user information for usr\r\nEnter the new value, or press ENTER for the default\r\nFull Name []: <strong><span style=\"color: #800080;\">Walk Up User<\/span><\/strong>\r\nRoom Number []: \r\nWork Phone []: \r\nHome Phone []: \r\nOther []: \r\nIs the information correct? [Y\/n] <strong><span style=\"color: #800080;\">Y<\/span><\/strong>\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~#<\/span> <\/strong><\/pre>\n<p>Now we log out as &#8220;pi&#8221; and log back in over SSH as &#8220;manager&#8221;. I am not neglecting to add Manager to the wheel or sudo group as it is unnecessary in Raspian.<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~#<\/span> <span style=\"color: #800080;\">exit<\/span><\/strong>\r\n<span style=\"color: #339966;\">logout<\/span>\r\n<strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span> <span style=\"color: #800080;\">exit<\/span><\/strong>\r\n<span style=\"color: #339966;\">logout<\/span>\r\n<span style=\"color: #0000ff;\">Connection to 192.168.1.107 closed.<\/span>\r\n<strong><span style=\"color: #3366ff;\">mylogin@my-desktop:~$ <span style=\"color: #ff00ff;\">ssh manager@192.168.1.107\r\n<\/span><\/span><\/strong>\r\n<span style=\"color: #339966;\">manager@192.168.1.107's password:<\/span>\r\nLinux raspberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l\r\n\r\nThe programs included with the Debian GNU\/Linux system are free software;\r\nthe exact distribution terms for each program are described in the\r\nindividual files in \/usr\/share\/doc\/*\/copyright.\r\n\r\nDebian GNU\/Linux comes with ABSOLUTELY NO WARRANTY, to the extent\r\npermitted by applicable law.\r\n<strong><span style=\"color: #339966;\">manager@raspberrypi:~ $<\/span><\/strong><\/pre>\n<p>We will not delete the &#8220;pi&#8221; user here, but <strong><a class=\"username\" href=\"https:\/\/www.raspberrypi.org\/forums\/memberlist.php?mode=viewprofile&amp;u=213466&amp;sid=4418c784b985853056585bc3fd48006f\">Iznogood1<\/a><\/strong> gives the exact steps to remove it without causing a problem. See <a href=\"https:\/\/www.raspberrypi.org\/forums\/viewtopic.php?t=202618#p1429428\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/forums\/viewtopic.php?t=202618#p1429428<\/a> and page down to the answer by <strong><a class=\"username\" href=\"https:\/\/www.raspberrypi.org\/forums\/memberlist.php?mode=viewprofile&amp;u=213466&amp;sid=4418c784b985853056585bc3fd48006f\">Iznogood1<\/a><\/strong> .<\/p>\n<h4>Secure Shell (SSH)<\/h4>\n<p>Most RPi configurations that follow can be more easily handled from your personal workstation than sitting at the RPi. They can be done in terminal from your workstation, whether your workstation is GNU\/Linux, Mac, or Windows 10. To open Terminal in Windows 10, in the search box type cmd and press enter; on Mac in the search box in Finder type Terminal; on GNU\/Linux press CTRL-ALT-T or click the Terminal Icon on your task bar.<\/p>\n<p>Open Terminal on the RPi, by pressing CTRL-ALT-T and on your desktop. We will connect to the RPi from your desktop and use the command line instructions (CLI) to configure the RPi.<\/p>\n<p>Enable SSH on the RPi following instructions on the RPi web site at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/remote-access\/ssh\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/remote-access\/ssh\/<\/a>.<\/p>\n<h4>Determine the RPi&#8217;s IP Address<\/h4>\n<p>In Terminal on the RPi, enter the command <strong>ifconfig<\/strong> and press enter. Note the IP address for LAN interface eth0 or WiFi interface wlan0, whichever you wish to use.<\/p>\n<pre>pi@raspberrypi:~ $ ifconfig\r\neth0: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500\r\ninet <span style=\"text-decoration: underline;\"><strong><span style=\"color: #ff00ff; text-decoration: underline;\">192.168.1.107<\/span><\/strong><\/span> netmask 255.255.255.0 broadcast 192.168.1.255\r\ninet6 fe80::77b4:7e1e:593d:8f6b prefixlen 64 scopeid 0x20&lt;link&gt;\r\nether dc:a6:32:5e:b3:f0 txqueuelen 1000 (Ethernet)\r\nRX packets 4981 bytes 385342 (376.3 KiB)\r\nRX errors 0 dropped 0 overruns 0 frame 0\r\nTX packets 123 bytes 16290 (15.9 KiB)\r\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\r\n\r\nlo: flags=73&lt;UP,LOOPBACK,RUNNING&gt; mtu 65536\r\ninet 127.0.0.1 netmask 255.0.0.0\r\ninet6 ::1 prefixlen 128 scopeid 0x10&lt;host&gt;\r\nloop txqueuelen 1000 (Local Loopback)\r\nRX packets 0 bytes 0 (0.0 B)\r\nRX errors 0 dropped 0 overruns 0 frame 0\r\nTX packets 0 bytes 0 (0.0 B)\r\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\r\n\r\nwlan0: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500\r\ninet <span style=\"text-decoration: underline;\"><strong><span style=\"color: #ff00ff; text-decoration: underline;\">192.168.1.100<\/span><\/strong><\/span> netmask 255.255.255.0 broadcast 192.168.1.255\r\ninet6 fe80::449f:caa8:798b:f852 prefixlen 64 scopeid 0x20&lt;link&gt;\r\nether dc:a6:32:5e:b3:f1 txqueuelen 1000 (Ethernet)\r\nRX packets 397 bytes 76729 (74.9 KiB)\r\nRX errors 0 dropped 0 overruns 0 frame 0\r\nTX packets 67 bytes 11115 (10.8 KiB)\r\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\r\n\r\npi@raspberrypi:~<\/pre>\n<h4>Connect to the RPi from your desktop<\/h4>\n<p>In Terminal on your desktop type <strong>ssh pi@&lt;ip address&gt;<\/strong> where &lt;ip address&gt; is the IP address you noted. Say yes if asked if you want to continue connecting &#8211; this adds the RPi to your list of known systems and it won&#8217;t ask the next time. Enter the new password that you chose for &#8216;pi&#8217; during installation. Note: passwords do not echo at the command line in GNU\/Linux &#8211; as you type, nothing seems to happen, until you press ENTER.<\/p>\n<pre><strong><span style=\"color: #3366ff;\">mylogin@my-desktop:~$<\/span><\/strong> <span style=\"color: #ff00ff;\"><strong>ssh pi@192.168.1.107<\/strong><\/span>\r\nThe authenticity of host '192.168.1.107 (192.168.1.107)' can't be established.\r\nECDSA key fingerprint is SHA256:kwzNgavpzNyYoGkBwYoxFqieC33LDpBcKZXjfmfbU50.\r\n<span style=\"color: #339966;\"><strong>Are you sure you want to continue connecting (yes\/no)?<\/strong><\/span> <strong><span style=\"color: #ff00ff;\">yes<\/span><\/strong>\r\nWarning: Permanently added '192.168.1.107' (ECDSA) to the list of known hosts.\r\n<span style=\"color: #339966;\"><strong>pi@192.168.1.107's password: <\/strong><\/span>\r\nLinux raspberrypi 5.4.51-v7l+ #1333 SMP Mon Aug 10 16:51:40 BST 2020 armv7l\r\n\r\nThe programs included with the Debian GNU\/Linux system are free software;\r\nthe exact distribution terms for each program are described in the\r\nindividual files in \/usr\/share\/doc\/*\/copyright.\r\n\r\nDebian GNU\/Linux comes with ABSOLUTELY NO WARRANTY, to the extent\r\npermitted by applicable law.\r\nLast login: Sat Aug 22 15:20:13 2020\r\n<strong><span style=\"color: #339966;\">pi@raspberrypi:~ $<\/span><\/strong><\/pre>\n<p>Now you are literally working inside the RPi. SSH provides a fully encrypted connection across the room or across the globe. We will configure many more things concerning SSH in a few minutes, but this will do for now.<\/p>\n<h3 id=\"Server_Pros\">Server Pros<\/h3>\n<h4>Users<\/h4>\n<p>Set up any needed user accounts via <strong>adduser<\/strong> for admin and normal users, then edit \/etc\/group and add the admin account on every group to which the account &#8220;pi&#8221; is added. The admin account for this missive is &#8220;manager&#8221;. If there are other accounts that will have access to the file server, in example for file storage, set up an user account on the server for each of those accounts also.<\/p>\n<h4>Determine the RPi&#8217;s IP Address<\/h4>\n<p>In Terminal on the RPi, use <strong>ifconfig<\/strong> learn the IP address for LAN interface eth0 or WiFi interface wlan0, whichever you wish to use.<\/p>\n<h4>SSH<\/h4>\n<p>In the manager account on one workstation, generate a set of ssh keys with <strong><span style=\"color: #800080;\">ssh-keygen<\/span><\/strong> and then write the public key to the server with <strong><span style=\"color: #800080;\">ssh-copy-id<\/span><\/strong>. You can use ed25519 keys. In example if 192.168.1.123 is the IP of the server:<\/p>\n<pre>ssh-keygen -t ed25519 -f .ssh\/id_ed25519\r\nssh-copy-id -i .ssh\/id_ed25519 manager@192.168.1.123<\/pre>\n<p><strong>REMEMBER PERMITS<\/strong> on the <span style=\"color: #800080;\">.ssh folder<\/span> must be <span style=\"color: #800080;\">0700<\/span> and the <span style=\"color: #800080;\">private files<\/span> in it (including authorized_keys and known_hosts) must be <span style=\"color: #800080;\">0600<\/span> and the <span style=\"color: #800080;\">.pub<\/span> files <span style=\"color: #800080;\">0644<\/span>. SSH doesn&#8217;t give sensible error messages such as &#8220;I don&#8217;t like the permits on your .ssh folder&#8221; it just says it can&#8217;t connect, which sounds as if the server was rejecting the key.<\/p>\n<pre>cd \/home\/manager\/.ssh\r\nchmod 0600 *\r\nchmod 0644 *.pub\r\n<\/pre>\n<p>Shell into the server with ssh and verify you did not get asked for a password. <span style=\"color: #800080;\">Edit<\/span> <strong><span style=\"color: #800080;\">\/etc\/ssh\/sshd_config<\/span><\/strong> to <span style=\"color: #800080;\">change the ssh port<\/span> to something in-obvious.<\/p>\n<pre>nano \/etc\/ssh\/sshd_config\r\n<\/pre>\n<p>then test again:<\/p>\n<pre>ssh -p1234 manager@192.168.1.123<\/pre>\n<p>where 192.168.1.123 is the file server&#8217;s static IP and 1234 is what you changed the ssh port to be. Remember for changes to \/etc\/ssh\/sshd_config to take effect each time <strong><em>you may or may not need to<\/em><\/strong> <strong><span style=\"color: #800080;\">systemctl restart ssh<\/span><\/strong><span style=\"color: #000000;\">.<\/span><\/p>\n<h5>NOW MAKE YOUR LIFE A BIT SIMPLER AND YOUR SSH BUSINESS A BIT MORE SECURE<\/h5>\n<p>You could do the rsync over ssh typing in all the command line stuff in the script file. If that script file gets read by someone who shouldn&#8217;t be prying into your business then you may have a problem. The easy way to simplify what you must type on the command line and at the same time reduce your exposure is to use the config file available to ssh. SSH using port 1234 would look like this:<\/p>\n<pre>ssh -p 1234 -i ~\/.ssh\/id_ed25519 manager@192.168.1.123<\/pre>\n<p>Or an rsync using ssh over port 1234 could look like this:<\/p>\n<pre>rsync -arvz -e 'ssh -p 1234' --quiet manager@192.168.1.123:wwraw.xml wwraw.xml<\/pre>\n<p>At a minimum you have revealed which port you are using for ssh. A simple way around this is to create a file named <strong><span style=\"color: #993366;\">config<\/span><\/strong> in your .ssh folder, read\/write only by the owner. The text file content is like this where the server is at 192.168.1.123, the login is &#8220;manager&#8221; and the ssh port is 1234:<\/p>\n<pre>Host RPi\r\n\tHostName 192.168.1.123\r\n\tPort 1234\r\n\tUser manager\r\n\tIdentityFile ~\/.ssh\/id_ed25519\r\n<\/pre>\n<p>Using the name you designated for Host (here RPi) in the ssh command implies all the other information from the ~\/.ssh\/config file. More ssh options can be placed in config. All you need for your ssh command is:<\/p>\n<pre>ssh RPi<\/pre>\n<p>and for your rsync something like:<\/p>\n<pre>rsync --rsh=ssh --checksum --quiet RPi:wwraw.xml wwraw.xml\r\nrsync --rsh=ssh --checksum --quiet RPi:walerts.xml walerts.xml\r\n<\/pre>\n<p>Once you can shell into one workstation from your desktop, and that workstation can shell into your file server, simply <strong><span style=\"color: #800080;\"><em>copy the contents of that one working workstation&#8217;s .ssh folder to all the other workstations<\/em><\/span><\/strong>, <strong><span style=\"color: #008000;\">pay attention to the permits<\/span><\/strong> to be sure they are right, and <strong><span style=\"color: #ff6600;\">in one move you have configured all your workstations<\/span><\/strong>.<\/p>\n<p>Verify that you can connect to each workstation from your desktop and while you are connected to the workstation verify that it can connect to the file server without prompting for password. When it all is working then <span style=\"color: #800080;\">edit<\/span> <strong><span style=\"color: #800080;\">\/etc\/ssh\/sshd_config<\/span><\/strong> on each computer to disable password authentication.<\/p>\n<pre><span style=\"color: #800080;\"><strong><span style=\"color: #339966;\">root@raspberrypi:~# <span style=\"color: #800080;\">nano \/etc\/ssh\/sshd_config<\/span><\/span><\/strong><\/span><\/pre>\n<pre>#\t$OpenBSD: sshd_config,v 1.101 2017\/03\/14 07:19:07 djm Exp $\r\n\r\n# This is the sshd server system-wide configuration file.  See\r\n# sshd_config(5) for more information.\r\n\r\n#Port 22\r\nPort 1234\r\n#AddressFamily any\r\n#ListenAddress 0.0.0.0\r\n#ListenAddress ::\r\n...\r\n#PermitRootLogin prohibit-password\r\n#PermitRootLogin prohibit-password\r\nPermitRootLogin no\r\n...\r\n# To disable tunneled clear text passwords, change to no here!\r\n#PasswordAuthentication yes\r\nPasswordAuthentication no\r\nPermitEmptyPasswords no\r\n\r\n<\/pre>\n<p>Brute force (trying login and password combinations one after another in hopes of finding a combination that works) is the most popular approach to hacking in, and ssh is the most popular protocol, so by removing password authentication you greatly reduced your attack surface even before you have programmed the UFW firewall or installed fail2ban, with the added bonus that you don&#8217;t need to bother entering passwords &#8211; you can just click in your file browser (or on a Windows desktop in <a href=\"https:\/\/winscp.net\/eng\/index.php\" target=\"_blank\" rel=\"noopener noreferrer\">WinSCP<\/a> or <a href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">FileZilla<\/a> or on Windows 10 just type ssh at the command line) and you&#8217;re in.<\/p>\n<h4>Weather Data &amp; Nightly Maintenance Scripts<\/h4>\n<p><span style=\"color: #ff0000;\"><strong>If<\/strong><\/span> you are going to collect weather data once an hour as I do from weather.gov,\u00a0 and transfer the resulting files to the workstations and other accounts on the file server itself, then AS ROOT create the weather files in \/home\/manager folder on the server and on each workstation.\u00a0 Set the permits so that the owner &#8220;manager&#8221; can read\/write but group and other can only read (0644). Create a link to each \/home\/manager\/\u00a0 .xml file in \/home\/usr. You are doing this as root so that your lab patrons can&#8217;t change it later. Do the same thing for the .conkyrc file. You&#8217;ll fill in the conky file later but <a href=\"https:\/\/alt-fw.org\/public\/?p=7043\" target=\"_blank\" rel=\"noopener noreferrer\">here is a sample .conkyrc<\/a> and there are many other examples on the Conky web sites. A How To article for Conky under Ubuntu is at <a href=\"https:\/\/itsfoss.com\/conky-gui-ubuntu-1304\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/itsfoss.com\/conky-gui-ubuntu-1304\/<\/a> and official docs at <a href=\"http:\/\/conky.sourceforge.net\/documentation.html\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/conky.sourceforge.net\/documentation.html<\/a>.<\/p>\n<pre><span style=\"color: #800080;\"><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>touch \/home\/manager\/walert.xml\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>touch \/home\/manager\/wwraw.xml\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>chown manager:usr \/home\/manager\/*.xml\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>chmod 0644 \/home\/manager\/*.xml\r\n\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>touch \/home\/manager\/.conkyrc\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>chown manager:usr \/home\/manager\/.conkyrc\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>chmod 0644 \/home\/manager\/.conkyrc\r\n\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>ln -s \/home\/manager\/walert.xml \/home\/usr\/walert.xml\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>ln -s \/home\/manager\/wwraw.xml \/home\/usr\/wwraw.xml\r\n<strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong>ln -s \/home\/manager\/.conkyrc \/home\/usr\/.conkyrc\r\n<\/span><\/pre>\n<p>In this way <a href=\"https:\/\/en.wikipedia.org\/wiki\/Conky_(software)\" target=\"_blank\" rel=\"noopener noreferrer\">Conky<\/a> running in the &#8220;usr&#8221; account can read the weather files in that account&#8217;s home folder and the manager account will update those files when it brings in new data from weather.gov. Likewise, you can update all the workstation&#8217;s .conkyrc by merely editing the one copy on the server. However the patron logged in as usr on the workstation cannot change those files.<\/p>\n<p>The cron jobs in <span style=\"color: #0000ff;\">each workstation<\/span> will periodically check the file server at whatever interval you decide with <strong><span style=\"color: #ff0000;\">rsync<\/span><\/strong> <span style=\"color: #ff0000;\">using ssh<\/span> to sync their weather files with the file server, and the cron job on <span style=\"color: #0000ff;\">the file server<\/span> <span style=\"color: #ff0000;\">will download new weather files once an hour<\/span> at the recommended time from weather.gov. Please respect weather.gov and not download those file more frequently. For me in Fort Wayne, Indiana USA the two lines of script which actually download from weather.gov to the file server are:<\/p>\n<pre>wget -q --output-document=\"wwraw.xml\" http:\/\/w1.weather.gov\/xml\/current_obs\/<strong><span style=\"color: #800080;\">KFWA<\/span><\/strong>.xml\r\nwget -q --output-document=\"walerts.xml\" http:\/\/alerts.weather.gov\/cap\/wwaatmget.php?x=<strong><span style=\"color: #800080;\">INC003<\/span><\/strong>&amp;y=0\r\n<\/pre>\n<p>The whole script<a href=\"https:\/\/alt-fw.org\/public\/?p=7050\" target=\"_blank\" rel=\"noopener noreferrer\"> can been reviewed here<\/a>. The <strong><span style=\"color: #800080;\">KFWA<\/span><\/strong> and <strong><span style=\"color: #800080;\">INC003<\/span><\/strong> will change to be whatever is needed for your geographic location. The technical details are super hard to find with search <strong>HOWEVER<\/strong> they are at\u00a0 <strong><span style=\"text-decoration: underline;\"><span style=\"color: #800080; text-decoration: underline;\"><em>NWS Public Alerts in XML\/CAP and ATOM Formats<\/em><\/span><\/span><\/strong>, <a href=\"https:\/\/alerts.weather.gov\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/alerts.weather.gov\/<\/a>. More information than you&#8217;ll want to digest. Please be very respectful of this important public asset and do not download more than once an hour.<\/p>\n<p>The nightly maintenance scrip, <strong><span style=\"color: #800080;\">nightly.sh<\/span><\/strong>, sits in the manager&#8217;s home folder and is writable\/readable by manager. Each workstation syncs the nightly.sh at the same time they sync the weather files. This allows me to make changes to the nightly run one place, the file server manager&#8217;s account, and it is automatically updated on all running workstations. The <span style=\"color: #800080;\"><em>workstations use rsync to shell in via ssh as &#8220;manager&#8221;<\/em><\/span> so special permits are not needed. SSH keys are used everywhere so no passwords are involved.<\/p>\n<h4>crontab<\/h4>\n<p>There are many tutorials on how to use Cron to schedule jobs. One article is <a href=\"https:\/\/opensource.com\/article\/17\/11\/how-use-cron-linux\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/opensource.com\/article\/17\/11\/how-use-cron-linux<\/a>. Or if you skip the first part about being root and installing cron (it is already installed) <a href=\"https:\/\/vitux.com\/how-to-setup-a-cron-job-in-debian-10\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/vitux.com\/how-to-setup-a-cron-job-in-debian-10\/<\/a>.<\/p>\n<p>On the remote workstations I make one entry in manager&#8217;s crontab, to run weather-fetch.sh every two (2) minutes. Edit crontab by entering:<\/p>\n<pre><span style=\"color: #800080;\"><strong><span style=\"color: #339966;\">manager@raspberrypi:~$<span style=\"color: #800080;\"> crontab -e<\/span><\/span><\/strong><\/span><\/pre>\n<pre>*\/2 * * * * ~\/weather-fetch.sh<\/pre>\n<p>On the file server I make the same entry, but call the weather update script once per hour instead of every two minutes:<\/p>\n<pre>15 * * * * ~\/weather-fetch.sh<\/pre>\n<p>On each remote I have a weather-fetch.sh script like the one below. Note that I used soft links instead of files in \/home\/usr so I wouldn&#8217;t need to copy weather data from the \/home\/manager to \/home\/usr.<\/p>\n<p>At the same time as weather is checked for updates, the nightly maintenance scripts and the <a href=\"https:\/\/itsfoss.com\/conky-gui-ubuntu-1304\/\" target=\"_blank\" rel=\"noopener noreferrer\">Conky<\/a> configuration are checked for updates. <a href=\"https:\/\/github.com\/brndnmtthws\/conky\" target=\"_blank\" rel=\"noopener noreferrer\">Conky<\/a> is a lightweight free system monitor GNU\/Linux desktop app that allows you to display many operational stats on your desktop, and also can look cool. <a href=\"https:\/\/alt-fw.org\/public\/?p=7043\" target=\"_blank\" rel=\"noopener noreferrer\">A sample Conky configuration file, .conkyrc, is here<\/a>. I simply have cron run weather-fetch.sh every few minutes: if I want to update scripts I can change one file, the one on the server, and once I save my changes the new file will be downloaded to every workstation in short order.<\/p>\n<pre>#!\/bin\/bash\r\n#weather-process.sh\r\n#author: John D. Nash, Jr. API LLC\r\n#last_update: 20200915 JDN\r\n#comments: updates weather .xml files and maintenance scripts on workstations\r\n# pulled by workstations from rpi server\r\n#\r\nPATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin\r\nDEBIAN_FRONTEND=noninteractive\r\n\r\n#grab current weather status if it is changed from what I already have\r\nrsync --rsh=ssh --checksum --quiet RPi:wwraw.xml wwraw.xml\r\n\r\n#grab weather alerts if it is changed from what I already have\r\nrsync --rsh=ssh --checksum --quiet RPi:walerts.xml walerts.xml\r\n\r\n#Mark Execution Time\r\ntouch weather-fetch-time.txt\r\n\r\n#grab .conkyrc &amp; maint scripts IF any is changed from what I already have\r\nrsync --rsh=ssh --checksum --quiet RPi:\\.conkyrc \\.conkyrc\r\nrsync --rsh=ssh --checksum --quiet RPi:nightly.sh nightly.sh\r\nrsync --rsh=ssh --checksum --quiet RPi:weather-fetch.sh weather-fetch.sh\r\n\r\nexit<\/pre>\n<p>The weather script on the file server only downloads the walerts.xml and wwraw.xml from the government server at NOAA (weather.gov) and won&#8217;t bother NOAA again if it is too soon to have new weather available for download. <a href=\"https:\/\/alt-fw.org\/public\/?p=7050\" target=\"_blank\" rel=\"noopener noreferrer\">A sample Weather script is here<\/a>. I can force a download by adding the command line option &#8211;force, but by default this script waits at least 22 minutes between downloads. I also use this on my personal desktop, and download weather at login, so this helps prevent unintentional abuse. The wgets are all that is needed to download the data.<\/p>\n<p>That being done, your internal file server is up and running, albeit without firewall, fail2ban, and so forth. Those are added as in other Debian GNU\/Linux file servers. Use <strong><span style=\"color: #800080;\">apt install fail2ban ufw gufw<\/span><\/strong> and then configure them. Remember to allow your non-standard ssh port number from the local net in UFW. <a href=\"#more\">Those packages are discussed further below<\/a>.<\/p>\n<h3>Software Packages and Configurations<\/h3>\n<p>Many possible projects for the RPi have very readable instructions at the Projects page on the Raspberry Pi organization web site at <a href=\"https:\/\/projects.raspberrypi.org\/en\/projects\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/projects.raspberrypi.org\/en\/projects<\/a>.<\/p>\n<p>If your file server is inside your network and never exposed to the outside you might choose to stop now. You already have the basics of what you need: cron\u00a0 maintenance scripts, and a working fully encrypted connection from all your workstations to the file server via ssh. If someone connects a virus laden laptop via your wireless so it hacks your lab PCs, you might decide to go the extra yard and install a firewall.<\/p>\n<p>If you want to harden your file server (and workstations) against problems that arise within your inside LAN, you can add a firewall with UFW and the more user friendly graphical version GUFW, and a program that temporarily blocks attempts to connect without the proper ssh security key, fail2ban.\u00a0 If your file server can be reached from the Internet then you need these programs &#8211; don&#8217;t connect it to the Internet until they are in place.<\/p>\n<h4 id=\"more\">Protection<\/h4>\n<p>You already changed the default password for the default user account that comes on the RPi. Other important security steps for your RPi can be found on the Raspberry Pi organization&#8217;s web site under Securing your Raspberry Pi at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md<\/a>.<\/p>\n<p>In this list of optional security steps is included the instructions to install and configure <strong><span style=\"color: #ff0000;\">ufw<\/span><\/strong>, the &#8220;uncomplicated firewall&#8221;. The part you want to do is install ufw: all the command line things to allow or deny access are better handled with the graphical user interface for ufw, gufw, which we will install below.<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">apt install ufw<\/span><\/strong><\/pre>\n<h5>ufw and gufw<\/h5>\n<p>Install ufw as above, then install gufw in the same manner<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">apt install gufw<\/span><\/strong><\/pre>\n<p>The GUFW firewall is one of the easiest firewalls in the world. Gufw is created with the goal of being an intuitive and a simple user-friend application. If you changed the ssh port from the default port number, 22, then remember to open the ssh port number that you used, not the default number. A good video on using GUFW by Sean Mancini is on YouTube.com at <a href=\"https:\/\/youtu.be\/FdPppKJhJws\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/youtu.be\/FdPppKJhJws<\/a>. The GUFW web site is at <a href=\"http:\/\/gufw.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/gufw.org\/<\/a>. It is very intuitive to use.<\/p>\n<h5>fail2ban<\/h5>\n<p>The most common method for hackers getting into a computer system involves not some high level knowledge but trying over and over to guess account names and passwords. You have already changed your RPi&#8217;s ssh configuration so that it will reject password authentication and must have a working ssh key pair, however there is no reason to allow someone&#8217;s automated hacking script to try over and over, many times a second, to hack into your systems.<\/p>\n<p><strong>fail2ban<\/strong> is a program that deals with exactly that scenario &#8211; if someone tried and fails to gain access via ssh then fail2ban will program iptables in the computer to temporarily ignore any more attempts from that IP address. A good walk through for novices to get started can be read at <a href=\"https:\/\/www.a2hosting.com\/kb\/security\/hardening-a-server-with-fail2ban\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.a2hosting.com\/kb\/security\/hardening-a-server-with-fail2ban<\/a>, and it was also discussed in the Raspberry Pi organizations web page on Securing your pi at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md<\/a> .<\/p>\n<p>Install fail2ban with<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">apt install fail2ban<\/span><\/strong><\/pre>\n<p>then configure it following the steps in <a href=\"https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/configuration\/security.md<\/a>. If you changed the ssh port to something other than 22, then remember to use the port number you chose, not 22 in the steps.<\/p>\n<h5>Apache2, MySQL, and PHP<\/h5>\n<p>You don&#8217;t need your RPi to be a web server for it to serve as a File Server &#8211; all you need is SSH for that. If you are now thinking of ascending higher, your little RPi is quite capable of serving up the most popular web site system these days, WordPress, and there are resources to help!<\/p>\n<p>Almost all web servers on the Internet are L.A.M.P. systems. The acronym <strong><span style=\"color: #ff0000;\">LAMP<\/span><\/strong> stands for <strong><span style=\"color: #ff0000;\">L<\/span><\/strong>inux <strong><span style=\"color: #ff0000;\">A<\/span><\/strong>pache <strong><span style=\"color: #ff0000;\">M<\/span><\/strong>ySQL and <strong><span style=\"color: #ff0000;\">P<\/span><\/strong>HP. You already have the Linux part of that since the RPi runs on Debian Linux, (Raspbien). Either Linux or Unix are normally used as the operating system with additional packages <strong>apache2<\/strong>, <strong>mysql<\/strong>, and <strong>php<\/strong> installed.<\/p>\n<p>Good documentation on setting up your RPi as a web server can be read on the Raspberry Pi organization website <strong><em>Setting up an Apache Web Server on a Raspberry Pi<\/em><\/strong> at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/remote-access\/web-server\/apache.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/remote-access\/web-server\/apache.md<\/a>.\u00a0To have a modern website that serves dynamic web pages, for example with <a href=\"https:\/\/wordpress.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress<\/a>, you also need the programming language php and the database program MySQL (pronounced &#8220;Mia S. Q. L.&#8221; not &#8220;my sea-quill&#8221;). From WikiPedia:<\/p>\n<blockquote><p><b>MySQL<\/b>\u00a0(<span class=\"rt-commentedText nowrap\"><span class=\"IPA nopopups noexcerpt\"><a title=\"Help:IPA\/English\" href=\"https:\/\/en.wikipedia.org\/wiki\/Help:IPA\/English\">\/<span title=\"\/\u02cc\/: secondary stress follows\">\u02cc<\/span><span title=\"'m' in 'my'\">m<\/span><span title=\"\/a\u026a\/: 'i' in 'tide'\">a\u026a<\/span><span title=\"\/\u02cc\/: secondary stress follows\">\u02cc<\/span><span title=\"\/\u025b\/: 'e' in 'dress'\">\u025b<\/span><span title=\"'s' in 'sigh'\">s<\/span><span title=\"\/\u02cc\/: secondary stress follows\">\u02cc<\/span><span title=\"'k' in 'kind'\">k<\/span><span title=\"\/ju\u02d0\/: 'u' in 'cute'\">ju\u02d0<\/span><span title=\"\/\u02c8\/: primary stress follows\">\u02c8<\/span><span title=\"\/\u025b\/: 'e' in 'dress'\">\u025b<\/span><span title=\"'l' in 'lie'\">l<\/span>\/<\/a><\/span><\/span>\u00a0&#8220;My S-Q-L&#8221;)<sup id=\"cite_ref-whatismysql_5-0\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/MySQL#cite_note-whatismysql-5\">[5]<\/a><\/sup>\u00a0is an\u00a0<a title=\"Open-source software\" href=\"https:\/\/en.wikipedia.org\/wiki\/Open-source_software\">open-source<\/a>\u00a0<a class=\"mw-redirect\" title=\"Relational database management system\" href=\"https:\/\/en.wikipedia.org\/wiki\/Relational_database_management_system\">relational database management system<\/a>\u00a0(RDBMS).<sup id=\"cite_ref-whatismysql_5-1\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/MySQL#cite_note-whatismysql-5\">[5]<\/a><\/sup><sup id=\"cite_ref-6\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/MySQL#cite_note-6\">[6]<\/a><\/sup>\u00a0Its name is a combination of &#8220;My&#8221;, the name of co-founder\u00a0<a title=\"Michael Widenius\" href=\"https:\/\/en.wikipedia.org\/wiki\/Michael_Widenius\">Michael Widenius<\/a>&#8216;s daughter,<sup id=\"cite_ref-7\" class=\"reference\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/MySQL#cite_note-7\">[7]<\/a><\/sup>\u00a0and &#8220;<a title=\"SQL\" href=\"https:\/\/en.wikipedia.org\/wiki\/SQL\">SQL<\/a>&#8220;, the abbreviation for\u00a0<a class=\"mw-redirect\" title=\"\" href=\"https:\/\/en.wikipedia.org\/wiki\/Structured_Query_Language\">Structured Query Language<\/a>.<\/p><\/blockquote>\n<p>To additionally set up WordPress, you can read the WordPress pages at <a href=\"https:\/\/projects.raspberrypi.org\/en\/projects\/lamp-web-server-with-wordpress\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/projects.raspberrypi.org\/en\/projects\/lamp-web-server-with-wordpress<\/a>.<\/p>\n<p>You will install and test apache2 with<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong><span style=\"color: #800080;\">apt install apache2<\/span><\/pre>\n<p>You will install php with<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong><span style=\"color: #800080;\">apt install php<\/span><\/pre>\n<p>You will install MySQL with<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><\/strong><span style=\"color: #800080;\">apt install mariadb-server php-mysql<\/span><\/pre>\n<p>and then install and test WordPress with several steps. Note on the RPi <a href=\"https:\/\/www.mysql.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">MySQL<\/a> is called <a href=\"https:\/\/mariadb.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">MariaDB<\/a>.<\/p>\n<p>if you want to perform database backups in your nightly maintenance script, see <a href=\"https:\/\/stackoverflow.com\/questions\/9293042\/how-to-perform-a-mysqldump-without-a-password-prompt\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/stackoverflow.com\/questions\/9293042\/how-to-perform-a-mysqldump-without-a-password-prompt<\/a> to understand how to create a .my.cnf file so the script does not need to prompt for password and the password cannot be read by others. Typically you would run the nightly maintenance as root. Simply make a text file like this in the home folder of the account that will be doing the database backup, and save the file with the name &#8220;<strong>.my.cnf<\/strong>&#8221; (note is starts with a dot &#8211; that matters).<\/p>\n<pre><code>[mysqldump]\r\nuser=root\r\npassword=root password<\/code><\/pre>\n<p>If you would like free SSL certificates that automatically install and maintain themselves for you, there is much information on the website for the Let&#8217;s Encrypt project, <a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/letsencrypt.org\/<\/a>. Let&#8217;s Encrypt is a nonprofit Certificate Authority providing TLS certificates to 225 million websites.<\/p>\n<h3>Maintenance and Cron Jobs<\/h3>\n<p>There are two steps in automating maintenance of your RPi. First you write a bash script to perform the work, and then you use <strong><span style=\"color: #800080;\">crontab-e<\/span><\/strong> to add a line to run the script at some day and time of your choosing. Teaching you to program in BASH is beyond the scope of this document, however good documentation is available on-line, for example the Raspberry Pi organization web pages on <strong>Linux Usage<\/strong> at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/<\/a> and on <strong>Shell scripts at <\/strong><a href=\"https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/scripting.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/scripting.md<\/a>, and a more complete look into BASH at <strong>Get started with Bash programming<\/strong> at <a href=\"https:\/\/opensource.com\/article\/20\/4\/bash-programming-guide\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/opensource.com\/article\/20\/4\/bash-programming-guide<\/a>.<\/p>\n<p>Before you can write the maintenance script you need to decide what you want done for maintenance. If you maintain your RPi from the command line then you have an idea &#8211; just type those commands into a text file, and name the text file ending in &#8220;.sh&#8221;. Enable the file to be &#8220;executed&#8221; by setting its execute permit with:<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">chmod +x my-file.sh<\/span><\/strong><\/pre>\n<p>where &#8220;my-file.sh&#8221; is what you named the text file. Now test the script by running it from the command line and watch for any error messages that appear:<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">.\/my-file.sh<\/span><\/strong><\/pre>\n<p>Once you are satisfied that your script file works as you intend, you can schedule it to run on its own at some time you choose, for example every night. To run that file automatically at some specific time, you add a line to the &#8220;crontab&#8221;, using the command line instruction:<\/p>\n<pre><strong><span style=\"color: #339966;\">root@raspberrypi:~# <\/span><span style=\"color: #800080;\">crontab -e<\/span><\/strong><\/pre>\n<p>You can likely understand how to add the line in crontab just by looking at the instructions in the text file that opens when you type crontab -e, however cron can also be very powerful and as such maybe a wee bit obtuse. The tutorials I mentioned in this article are a good start. Another good step by step tutorial is on the Raspberry Pi organization web site page at <a href=\"https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/cron.md\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/linux\/usage\/cron.md<\/a>.<\/p>\n<h2>Citations<\/h2>\n<p><a href=\"https:\/\/www.raspberrypi.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/<\/a> Raspberry Pi 4<br \/>\nYour tiny, dual-display, desktop computer \u2026 and robot brains, smart home hub, media centre, networked AI core, factory controller, and much more.<\/p>\n<p><a href=\"https:\/\/www.raspberrypi.org\/downloads\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/downloads\/<\/a> Download page for Raspberry Pi. Use Raspberry Pi Imager for an easy way to install Raspberry Pi OS and other operating systems to an SD card ready to use with your Raspberry Pi or use the provided links to download OS images which can be manually copied to an SD card.<\/p>\n<p><a href=\"https:\/\/www.raspberrypi.org\/documentation\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.raspberrypi.org\/documentation\/<\/a> Raspberry Pi Documentation. This is the official documentation for the Raspberry Pi, written by the Raspberry Pi Foundation with community contributions.<\/p>\n<p><a href=\"https:\/\/www.openssh.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.openssh.com\/<\/a> OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.<\/p>\n<p><a href=\"https:\/\/launchpad.net\/ufw\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/launchpad.net\/ufw<\/a> Ufw stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.<\/p>\n<p><a href=\"http:\/\/gufw.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/gufw.org\/<\/a> GUFW is the graphical interface to work with UFW, One of the easiest firewalls in the world! Gufw is created with the goal of being an intuitive and a simple user-friend application!<\/p>\n<p><a href=\"https:\/\/www.fail2ban.org\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.fail2ban.org<\/a>\u00a0 Fail2ban scans log files (e.g. \/var\/log\/apache\/error_log) and bans IPs that show the malicious signs &#8212; too many password failures, seeking for exploits, etc.\u00a0 Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time.<\/p>\n<p><a href=\"https:\/\/www.apache.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.apache.org\/<\/a> Apache is arguably the most frequently used web server package on the Internet. $20B+ worth of Apache Open Source software products are made available to the public-at-large at 100% no cost, and benefit billions of users around the world.<\/p>\n<p><a href=\"https:\/\/mariadb.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/mariadb.org\/<\/a> MariaDB Server is one of the most popular database servers in the world. It\u2019s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, WordPress.com and Google.<\/p>\n<p><a href=\"https:\/\/www.php.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.php.net\/<\/a> PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.<\/p>\n<p><a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/letsencrypt.org\/<\/a> A nonprofit Certificate Authority providing TLS certificates to 225 million websites.<\/p>\n<p><a href=\"https:\/\/letsencrypt-for-cpanel.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/letsencrypt-for-cpanel.com\/<\/a> FleetSSL cPanel (formerly Let&#8217;s Encrypt for cPanel) is an unofficial cPanel\/WHM plugin for the Let&#8217;s Encrypt&#x2122; service, which provides your end-users with the ability to instantly issue free trusted SSL certificates (including wildcards) for all of their hosted domains.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A large part of our computer lab automation is an amazingly inexpensive and easily configured device, the Raspberry Pi computer. We will share how we selected this tiny $35 computer instead of a $750 PC server, and how we made and programmed all the simple but very helpful things that it does to keep our lab looking snazzy, high tech, and mostly sparing us much effort in keeping it all running.<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[1598,1600,1601,1576,1579,1580,482,1615,1596,1418,1578,1473,1493,1462,1566,1593,1594,1487,369,1571,1599,1569,1574,1570,1577,1575,1461,1595,1485,1480,1568,1572,1486,1573,578,1457,1209,385,1592,1567,1597,11,1619,30],"class_list":["post-6843","post","type-post","status-publish","format-standard","hentry","category-editorial","tag-apache2","tag-apt","tag-apt-get","tag-chromebook","tag-cli","tag-command-line","tag-computers","tag-cron-jobs","tag-curl","tag-debian","tag-desktop-replacement","tag-ed25519","tag-engineering","tag-fail2ban","tag-file-server","tag-gufw","tag-iptables","tag-keys","tag-lab","tag-letsencrypt","tag-make","tag-mariadb","tag-math","tag-mysql","tag-olpc","tag-one-laptop-per-child","tag-openssh-server","tag-php","tag-pi","tag-raspberry-pi","tag-raspbien","tag-rpi","tag-rsync","tag-science","tag-server","tag-ssh","tag-stem","tag-technology","tag-ufw","tag-web-server","tag-wget","tag-windows","tag-winscp","tag-wordpress-2"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":false,"jetpack_shortlink":"https:\/\/wp.me\/p3sKnr-1Mn","_links":{"self":[{"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/posts\/6843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6843"}],"version-history":[{"count":112,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/posts\/6843\/revisions"}],"predecessor-version":[{"id":7064,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=\/wp\/v2\/posts\/6843\/revisions\/7064"}],"wp:attachment":[{"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alt-fw.org\/public\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}