Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.
This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.
For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.
Can't say I was a fan of the installer for Deuvan. If I had more patience Artix would be perfect. MX Linux was closest to grabbing me if that counts.
I've used enough Debian based; Arch based; and everything in between to not care much. Just work is all I ask and maybe to not make me spend 10 minutes typing in a terminal just to raise your nose in the air instead of spending 30 seconds in a GUI (looking at you Artix).
Oh it's beautiful and I love what they do but I work 6 days a week and lack the time or patience to learn to use their OS.
I'm a Manjaro/Garuda type of Arch user. Basically dumbed down and dirt easy. The installer is very easy for Artix but once installed it was way too terminal based for my likings. Not a knock against them, just not for me. One day.
Linux geeks doing what Linux geeks do...