Today I learned that unprivileged users can run "systemctl show servicename" to see all the environment variables set in the .service file.

This means if someone sets their AWS_SECRET_ACCESS_KEY in there (or any other secret), it can be read by an attacker even if they don't have read privileges to read the .service file.

For defenders, use EnvironmentFile= instead of Environment= and as long as your environment file has the correct privileges, you will be fine on this front.

systemd and its consequences have been a disaster for the human race


I don't like Systemd but I find it hard to find a distro for desktop/laptop that is not Systemd as I find many of my options there to be a PITA to work with.


I've used enough Debian based; Arch based; and everything in between to not care much. Just work is all I ask and maybe to not make me spend 10 minutes typing in a terminal just to raise your nose in the air instead of spending 30 seconds in a GUI (looking at you Artix).

@publiclewdness artix is beautiful and you can choose your init system during the install


Oh it's beautiful and I love what they do but I work 6 days a week and lack the time or patience to learn to use their OS.

@publiclewdness it's just skinned arch bro, it will always have everything you need as well. my desktop is used for everything i do from music production, to programming, to video editing, to gaming. running reg arch, same install for almost 2 years now. only breakages are from me tinkering


I'm a Manjaro/Garuda type of Arch user. Basically dumbed down and dirt easy. The installer is very easy for Artix but once installed it was way too terminal based for my likings. Not a knock against them, just not for me. One day.

@publiclewdness understandable, ive been using linux for about 7 years now and i realize now i am no longer in tune with what most other people can tolerate when it comes to just wanting to do a thing without having or wanting to read about it + compiling it yourself
Sign in to participate in the conversation

Linux geeks doing what Linux geeks do...