How to run as user in Dpup? (Not as root)

[SolusUmbra]

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?

[s243a]

I'm on TazPup right now show I'll have to doublecheck the command but I think it's something like this:

Code: Select all

adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null

Use the passwd command to create a password or instead if you want to delete the password:

Code: Select all

passwd -d $USER 2>/dev/null

and then add the user to one or more groups:

Code: Select all

    for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
    do
      addgroup $USER $group 2>/dev/null
   done

The following is a script I'm using in my tazpup64 buildkit which may or may not be relevant to your situation:

Code: Select all

#!/bin/sh
users=$1
if [ -z "$1" ]; then
    users='tux,root,spot:jwm'
fi
for line in ${users//,/ }; do
  line2=(${line//:/ }) #https://stackoverflow.com/questions/918886/how-do-i-split-a-string-on-a-delimiter-in-bash
  USER=${line2[0]}
  wm="${line2[1]}"
  WINDOW_MANAGER=${wm:-slim}

  if [ "$USER" != root ]; then
    adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null
    passwd -d $USER 2>/dev/null
    for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
    do
      addgroup $USER $group 2>/dev/null
	done
  
    #https://www.pearltrees.com/s243a/startup-script-for-freenet/id14245425

    if [ "$(which hald)" != "" ] && [ -e /etc/init.d/hald ]; then
      #action 'Configuring %s...' "haldaemon"
      adduser -D -H haldaemon 2>/dev/null
      for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
      do
        addgroup haldaemon $group 2>/dev/null
      done
      addgroup haldaemon haldaemon 2>/dev/null
    fi
  fi
	## Slim default user #TODO make spot have the default window manager jwm instead of slim. 
    #if [ -f /etc/slim.conf ]; then
    #   sed -i "s|default_user .*|default_user    $USER|" /etc/slim.conf
    #fi 
    #su -c "sh tazx start" $USER # 

#We need to make sure everything needed is in place fore we do this.     
    #if [ $WINDOW_MANAGER = "jwm" ]; then   
    #  usr_home=`su -c "echo $HOME" $USER` 
    #  ( export HOME=$usr_home; fixmenus ) #TODO update fixmenus so that it only updates files for a single user. 
    #else
    #  su -c "sh tazbox mkmenu" $USER # 
    #fi  
        
    #if [ 
    cp --no-clobber -arf "/etc/skel/*" "$HOME" 2>/dev/null
    #TODO add code to fix the premissions
    for aFile_prefixed in "`find /etc/skel -name '*'`"; do
      aFile=${aFile_prefixed#/etc/skel}
      chown $USER $HOME/$aFile
    done
done

If you want multiuser puppy then I suggest either mistfire's TazPup:
http://murga-linux.com/puppy/viewtopic.php?t=113255

or fatdog64
http://murga-linux.com/puppy/viewtopic.php?t=115537

If you want to run apps more securely on puppylinux, then I suggest either running the application as another user "see the run-as-spot command"
https://github.com/puppylinux-woof-CE/w ... un-as-spot
http://murga-linux.com/puppy/viewtopic. ... 62#1006085

or alternatively run the ap in a container like in EasyOs
http://murga-linux.com/puppy/viewtopic.php?t=109958

rufwoof has implemented containers in dpup strech (see post):
http://murga-linux.com/puppy/viewtopic. ... 16#1025216

[s243a]

I'm on TazPup right now show I'll have to doublecheck the command but I think it's something like this:

Code: Select all

adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null

P.S. if you add a user to group=spot then they will have access to a lot of things, since umask is set up in puppy to create new directories with group=spot. This may or may not be what you want.

So if you wanted the primary group for the new user as spot you would type:

Code: Select all

adduser -D -s /bin/sh -g 'SliTaz User' -G spot -h /home/$USER $USER 2>/dev/null

I also noticed when looking in WoofCE that they might be adding a login-manager to puppy which would be more in line with what you want:
https://github.com/puppylinux-woof-CE/w ... 2b8a9e6549

Regarding containers, here is BarryK's intial blog post on "Easy Containers":

http://bkhome.org/news/201807/improved- ... hE6xiruBjw

[dancytron]

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?

Puppy is meant to be a one user system with the user logging in as "root" and, if they must, running internet facing applications with "spot."

If you don't think that is okay, you really ought to be using a different Distro.

Despite lots of worry, fear, despair and gnashing of teeth, after several years of following this board, I haven't seen a single person who had a problem because they were logged in as root.


See https://distro.ibiblio.org/fatdog/web/faqs/login.html

https://igurublog.wordpress.com/2010/01 ... -not-root/

[SolusUmbra]

I’m still a puppy to any Linux system so I didn’t know of this was a must or not. So far it seems like it’s a not. A lot of what’s on the forums is over my head and in a foreign language. So I thought I would just ask.

[s243a]

I’m still a puppy to any Linux system so I didn’t know of this was a must or not. So far it seems like it’s a not. A lot of what’s on the forums is over my head and in a foreign language. So I thought I would just ask.

When you get more comftorable you can experiment you can experiment with adding other users but in the meantime, I recommend reading the fatdog faq that dancytron posted above (about running as root).

P.S. if you are a beginner, in my opinion running as root is easier

[rufwoof]

Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

[Mike Walsh]

@ SolusUmbra:-

I'll second dancytron. Puppy was always designed as a single-user system primarily for 'hobbyists'. User spot was envisaged, as Dan says, as providing additional security for network-facing applications, primarily web-browsing and the like.

One area in which to exercise caution is that of using torrent download sites; not only is there the risk of torrent files being laced with malware, you also run the risk of being served with a DMCA 'take-down' notice due to outraged owner's claims of copyright violations.

The fact that VLC and various other apps are now refusing to run as 'root' and requiring 'spot' workarounds is mainly due to the differences between the mainstream distros multi-user model and Pup's 'root' model. This is why, even though most Pups are based on the binaries of a mainstream distro, we often have to re-jig things to work correctly with Puppy.

I also second the assertion that during the years I've been using Puppy, I, too, have never heard of anybody coming to grief due to running Pup in its usual 'root' mode.....

Consider what rufwoof's said above. A lot of it is simply basic common sense; use the old grey matter.....it's what it's there for! Of course any Linux system can be hacked, the same as any other OS.....but in some ways, the low degree of standardisation across Linux distros in general (a fact which often exasperates many newbies, with cries of 'Why does it have to be so different??' 'Why doesn't the same action produce the same result in every distro??') acts, to some degree, as one of its strengths. A hacker would have to be very determined indeed to come up with a script which would work equally effectively across all Linux distros.....Puppy's additional strength is that even by Linux standards it's considered 'odd', due largely to its unusual way of doing things.

And Puppy's further strength is down to the way you can run it as a 'clean' boot. Every time.....with nothing preserved across re-boots.

-------------------------------------

(Check your mailbox for a reply to your PM a few days ago. Sorry for the delay.)


Mike.

[SolusUmbra]

Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

I have it as a full install right now as I wanted to remove windows vista completely. How would I go about doing the save and starting the save, or is that not possible with full install.

[s243a]

Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

I have it as a full install right now as I wanted to remove windows vista completely. How would I go about doing the save and starting the save, or is that not possible with full install.

You can install a frugal install on the same partition as your full install because the save information for a frugal install is either a file or folder (depending on if you are using a save file or folder). Alternatively you can put your save file (or folder) on a USB stick granted there will be a performance cost but in most cases puppy runs very good of a USB drive.

[dancytron]

You want a frugal install. It is superior in many many ways, including security, which I won't repeat here. Just take our word for it and set up a frugal install alongside your existing full install as recommended by s243a and use that from now on.

As to ruwoof's concerns and others. Its about risk analysis. Puppy and other amateur built distros are not suitable for running insulin pumps and pacemakers, running massive internet facing e-commerce sites that handle money and credit credit card numbers, airliner autopilots, air traffic control, securing nuclear missiles, security at top secret military installations, etc.


To no one in particular, I repeat for what seems the hundredth time, "full install" is a terrible, inaccurate, misleading name that leads people to actually use them when they shouldn't. I suggest "legacy install."

[Mike Walsh]

Consider, for a moment, the sheer number of permutations possible with Puppy.

A 'frugally' installed Puppy can be installed to its own partition; it can be installed to a USB drive; it can 'share space' with either a Windows or Linux 'full' install; it can be run from an external HDD, an SD card, even a CF card.

Your 'save-file' or 'save-folder' can, likewise, be installed to just about any location you choose.....so long as you tell Puppy where to find it at boot-time.

There are many, many possible ways in which to run it.....but all 'frugal' installs usually look to run completely in RAM. 'Full' Puppy installs are the exception rather than 'the rule', and were in fact conceived as a workaround for really old, resource-starved hardware, that is unable to run Puppy in the way it was fully intended to run.

(TBH, we, as a community, have got to get together and decide, once and for all, on a definite re-naming policy for the 'full' vs 'frugal' debate; too many newbies take one look at the names and decide that the 'frugal' must be a kind of cut-down, 'poor man's' version of Puppy, and immediately go for the 'full' one, in the process depriving themselves of Puppy's true potential.)

-----------------

@ Dan:-

Hear, hear. I honestly couldn't agree more. 'Legacy install' is a good step in the right direction. We need more debate over this one; ultimately, it's got to be a community decision.....but it definitely needs doing. And sooner rather than later.


Mike.

[SolusUmbra]

Mikes post reminded me of another reason I believe I installed full, and that is because of how old and limited my laptop is.
Also if I save and have it run off a USB does that mean I need to save everything to usb?

[s243a]

Mikes post reminded me of another reason I believe I installed full, and that is because of how old and limited my laptop is.
Also if I save and have it run off a USB does that mean I need to save everything to usb?

It doesn't but you'll either have to manually mount the hard drive when you want to use it or devise an automount method (e.g. fstab or a startup script). To use applications that are outside your save file use portable versions of the application or alternatively you can play with symlinks, binds, chroots and search paths tricks. One doesn't need all these techniques.

[SolusUmbra]

I got the mount part and then you lost me.... haha but knowing one way is better then none. I guess it would be no different from mounting a usb drive to use right? In which case the computer seems to do it for me. Unless I’m thinking of something totally different.

[s243a]

I got the mount part and then you lost me.... haha but knowing one way is better then none. I guess it would be no different from mounting a usb drive to use right? In which case the computer seems to do it for me. Unless I’m thinking of something totally different.

To manually mount a drive you can either use pmount or you can type in the Comand at a terminal.

[rufwoof]

Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

Turning my already relatively lengthy previous post as above into a mini book :

For a frugal install look to install-to/boot-from a usb, and use a encrypted save file stored on HDD. That way once the system has booted remove the usb so that its contents are safe. A cracker can't insert nasties into the MBR, grldr, initrd (with integral main sfs) or vmlinuz (OS). Lose that 'key' (usb) and the finder has a open copy of Puppy OS files, that are freely available anyway. Lose your laptop and without the encrypted save file password the content of that isn't readable.

I take that a step further and signed up for a free hashbang.sh ssh account. I store the .ssh folder that contains the ssh keys on the usb, in a encrypted folder so again without that anyone finding the usb cannot see my ssh keys. Immediately after booting and before pulling the usb I set up a ssh socks connection and once that's up and running I close the encrypted .ssh folder, umount and remove the usb. Once the ssh link is up and running the ssh keys are no longer required, and as the ssh keys are on usb - that has been removed, a session cracker cannot download the .ssh folders contents and crack the ssh keys password using their own system(s).

Setting up a ssh socks is as simple as running the following command in a terminal (or script)

ssh -D 9999 -q -C -N xxxxx@ny1.hashbang.sh

where xxxxx has been substituted for my hashbang.sh userid.

Once that's up and running, in Seamonkey (that most Puppy's come with) you open up Edit, Preferences, Advanced, Proxies and then click the Manual option, and then click the Advanced option for that and in the Socks box enter localhost and in the Port box enter 9999 (as we used port 9999 in the above ssh command), tick the Socks5 choice and also tick the Use for Resolving Hostnames choice.

What that does is set seamonkey to route traffic (web page requests/content) through that ssh tunnel. Your ISP (and hence state) only get to see that you ssh'd into a remote box, and encrypted traffic flowed through that link. Web sites you visit wont see your ISP, instead they see then ssh servers IP. That does involve trusting the ssh server, so for banking its best IMO to revert to 'normal' i.e. using your ISP (go back into Preferences and revert to Automatic (turn the manual proxy option off).

When using socks, you can test that using https://www.dnsleaktest.com/ which should show another IP than your actual IP and if you click on the Standard Test option should show that dns traffic is also not your dns.

Another benefit of having your Puppy boot from a usb is that you can carry that around and use it to boot on other PC's. You might also want to periodically copy the (encrypted) save file to that USB both as a backup, and just in case you want to access that when you only have the usb and not your laptop.

Another nice thing to set up in addition to socks is to sshfs mount a ssh server as though it were a local folder i.e. that you can open with rox like any other folder. The ssh command to do that looks like

mkdir /hb
sshfs xxxxx@ny1.hashbang.sh:/home/xxxxx /hb &

With hashbang.sh you can also ssh directly into their server and by default that runs a tmux session with irc and mutt (email).

The above is all very "command line" however, so more for the 'experienced' user who is familiar with cli and scripts and Puppy in general. I've outlined it here purely as a potential path to progress down with time and as the reason why may who use Puppy opt to frugally boot from usb and store changes in a save file.

I used hashbang in the examples above, as that's what I use, there are however other choices of ssh server around. With enough experience you might even set up your own ssh server at home and use that from your laptop when out and about. A benefit in doing that is that you're using your home internet connection to access all web pages, and in connecting to your home system using ssh and keys, that validates that there isn't a man-in-middle attack at the internet cafe or wherever you are, because if there is when you try to connect to your home ssh server it will throw out a warning that the host or keys have 'changed', which should set alarm bells ringing (power off your laptop and move on).

For data, ensure you keep back copies including at least one disconnected copy ideally stored at another family members home and for sensitive data store that in encrypted form, ideally where you only attach and use that data as/when required, ideally after a 'clean' boot and with the internet connection disabled.

The reality is that its all quite simple once your into the habit of running things the Puppy way. Just that its a different way to 'normal'. It will hook you however, such that you'll be more conscious of reverting to using 'normal' systems and the 'updates' and virus scans, cleaning ...etc that involves, whilst still browsing around using a system where cracks might have occurred at any time in the past and where those cracks remain persistent across reboots (virus scanners only flag 'known' viruses and lag the actual number of viruses out there).

But in the first instance, you'll likely be best served by looking to initially install and get your Puppy up and running using a usb (or some use CD/DVD) and a frugal type install/setup. From there with time you'll expand/develop upon that and have at least started on the right path from the offset. You've overcome the biggest hurdle when you have one version of Puppy booting already, as that makes it much easier to move onto the next stage. There are tools/options to create a usb based Puppy in most/all Puppy's. Personally I do it manually as I like to format the entire usb to ext3 format, install grub4dos (to the mbr of the usb) and then copy across the initrd/vmlinuz (and main sfs file if its not inside initrd) and edit menu.lst (boot menu) on the usb to boot it. Again very technical, but becomes easy with time. Fundamentally here I'm proposing the use of a ext3 format choice for your usb's, a better choice IMO compared to using ext2 or ext4. A ext3 formatted usb also serves as a bit of a security barrier as well, as if lost a finder is more inclined to plug it into a Windows machine that wont see what's on the usb (at least I think that's the case, haven't used Windows myself for years now).

[perdido]

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?

2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewto ... 719#617719

.

[SolusUmbra]

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?

2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewto ... 719#617719

.

It says to install Avast for linux but I can't find how to do that, any advice?

[s243a]

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?

2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewto ... 719#617719

.

It says to install Avast for linux but I can't find how to do that, any advice?

Personally, I would only give an anti-virus "read-only" access to my linux system and let it view files only in (or linked to) LD_LIBRARY_PATH and PATH. I also wouldn't run an anti-virus in the background. Actually, if you scan your system for changes to the checksum (e.g. md5) then you only need to have the antivirus review the modified files.

Intelligence agencies have exploited anti-virus software because they typically have elevated permissions.