this post was submitted on 19 Apr 2024
103 points (94.8% liked)

Linux

48328 readers
652 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I just though I'd share

Edit: I'm not sure if this actually works. All else fails fall back to Ansible

top 43 comments
sorted by: hot top controversial new old
[–] milicent_bystandr@lemm.ee 25 points 7 months ago (1 children)

TD;DR

Too Dull; Didn't Read?

[–] FlaminGoku@reddthat.com 3 points 7 months ago

Too dumb: Don't read

[–] PseudoSpock@lemmy.dbzer0.com 8 points 7 months ago (2 children)

Why why why would you do that?

[–] possiblylinux127@lemmy.zip 7 points 7 months ago

Because your insane?

Actually it might be useful in mixed Windows Linux environments.

[–] boredsquirrel@slrpnk.net 6 points 7 months ago (1 children)

Compliance. Control. Security. Lots of things?

[–] PseudoSpock@lemmy.dbzer0.com 0 points 7 months ago (1 children)

If you don't trust your employees, though, why give them Linux at all? Windows and Mac make the perfect locked down / restrictive / don't trust people platforms out there. I mean, I understand locking down and securing a server, but a Linux desktop? The only value a Linux desktop has is the freedom to configure it how you like with the apps you like.

[–] boredsquirrel@slrpnk.net 0 points 7 months ago (1 children)

You cannot give people arbitrary permissions. People are often incompetent. But you dont need to rely on big brother to have control?

No, a Linux desktop is free from single corporation control, is compliant in its privacy settings and often works way better (like KDE) than Windows or MacOS.

[–] PseudoSpock@lemmy.dbzer0.com 1 points 7 months ago (1 children)

No thanks. The entire point of a Linux desktop is to not be micromanaged like that, it's all about choice. Absolutely no point in a Linux desktop if you take that all away. They should be free to choose the DE/Window Manager, type of Linux, their choice of browser(s), ability to sudo to root, run VM's, what have you. What it sounds like you want them to have is Linux in a simple kiosk mode. Who would want that? Give them something other than Linux if you think you are hiring 'often incompetent' people.

[–] boredsquirrel@slrpnk.net 1 points 7 months ago (1 children)

No. That may be for you, but having the choice to be restricted by free software, fully transparently??

I dont get your point. You literally recommend companies to rely on apple or micro$ and to keep Linux incapable of such systems.

Would you have employees have root access, and write access to all other departments files too? This is just the base foundation of how stuff works.

[–] PseudoSpock@lemmy.dbzer0.com 1 points 7 months ago (1 children)

I’m speaking solely about their workstation/laptop. If I am issued a Linux desktop system for work, and I can’t have root on it, heck no. I need to be able to remove Teams and replace it with the web app. I need to be able to install docker and vm’s. Add utilities I often use, replace gnome with a useable desktop environment, add zsh, install nerd fonts, choose the nvidia or intel gpu, modify grub, setup FDE and switch to snapshotting file system, etc etc.

[–] boredsquirrel@slrpnk.net 1 points 7 months ago

I think we can agree here. But have Win11 with Teams, or Linux? I take Linux.

[–] Luci@lemmy.ca 8 points 7 months ago (2 children)

I thought this stopped working after MS pulled the Unix subsystem, as samba was using those attributes to manage the Linux systems?

[–] cheet@infosec.pub 6 points 7 months ago (1 children)

Microsoft pulled those from the UI, but if you're adventurous you can just shove those attributes in to user with power shell and it works the same.

Then just use sssd instead of NIS, surprised me at work when this worked.

[–] Luci@lemmy.ca 2 points 7 months ago (1 children)

Do you have any documentation on this by any chance? I don't really like messing with ad schemas

[–] cheet@infosec.pub 1 points 6 months ago (1 children)

sorry I don't have any real documentation but I have a snippet of powershell that explains it pretty well here this comes from a user creation script I wrote back when they removed the unix UI.

I was using Get-AdUser and discovered that the properties still existed but you have to manually shove those in, when an sssd "domain bound" linux machine has a user with these props login, they get the defined UID and GID and homefolder etc.

$otherAttributes = @{}
Write-Host -ForegroundColor Yellow "Adding Linux Attributes"

# get the next numeric uid number from AD
$uidNumber=((get-aduser -Filter * -Properties * | where-object {$_.uidNumber} | select uidNumber | sort uidNumber | select -Last 1).uidNumber)+1

$otherAttributes.Add("unixHomeDirectory","/homefolder/path/$($samAccountName)")
$otherAttributes.Add("uid","$($samAccountName)")
$otherAttributes.Add("gidNumber","$($gidNumber)")
$otherAttributes.Add("uidNumber","$($uidNumber)")
$otherAttributes.Add("loginShell","$($loginShell)")

$UserArgs = @{
    Credential = $creds
    Enabled = $true
    ChangePasswordAtLogon = $true
    Path = $usersOU
    HomeDirectory = "$homeDirPath\$samAccountName"
    HomeDrive = $homeDriveLetter
    GivenName = $firstName
    Surname = $lastName
    DisplayName = $displayName
    SamAccountName = $samAccountName
    Name = $displayName
    AccountPassword = $securePW
    UserPrincipalName = "$($aliasName)@DOMAIN.COM"
    OtherAttributes = $otherAttributes
}

$newUser = New-ADUser @UserArgs

basically the "OtherAttributes" on the ADUser object is a hashtable that holds all the special additional LDAP attributes, so in this example we use $otherAttributes to add all the fields we need, you can do the same with "Set-Aduser" if you just wanna edit an existing user and add these props

the @thing on New-ADuser is called a splat, very useful if you're not familiar, it turns a hashtable into arguments

lemme know if you have any questions

[–] cheet@infosec.pub 1 points 6 months ago* (last edited 6 months ago)

I think you could boil it down to something like Set-ADUser bob -otherattributes {uidNumber=1005, gidNumber=1005}

[–] possiblylinux127@lemmy.zip 1 points 7 months ago (1 children)

I don't know. I just found this why looking for something else.

[–] BCsven@lemmy.ca 1 points 7 months ago (1 children)

Grid by Zorin, whenever it gets released, will be what you want

[–] possiblylinux127@lemmy.zip 1 points 7 months ago (1 children)

But is it distro acrostic?

[–] BCsven@lemmy.ca 1 points 7 months ago (1 children)

time will tell once it is released.

[–] possiblylinux127@lemmy.zip 2 points 7 months ago (1 children)

If it is at least somewhat distro agnostic and has commercial support available they will get lots of business.

[–] BCsven@lemmy.ca 1 points 7 months ago (1 children)

Yep. i imagine the long time between initial announcement and still waiting, is getting it right for realease. At least I hope that is why it has taken so long

[–] possiblylinux127@lemmy.zip 0 points 7 months ago* (last edited 7 months ago) (1 children)

Zoin isn't exactly known for long term stability or regular releases. That why I can't really recommend it.

We need tooling but Zoin probably isn't where it will come from.

[–] BCsven@lemmy.ca 1 points 7 months ago

They seem to be fine lately, i had 16 last year 17 this year with updates...but I don't follow them closely since Nix and OpenSUSE are my main ones

[–] refalo@programming.dev 4 points 7 months ago (1 children)

This seems like a minefield of clashes with distro-specific behavior. What happens if your system is using different software than what it expects or a policy that exists in Windows doesn't always make sense in the target environment? I wonder how it is being dealt with?

And what about more broad policies like denying filesystem write access?

[–] caseyweederman@lemmy.ca 1 points 7 months ago

I'm also interested in this. I'm guessing you'd have to essentially have multiple overlapping sets of policies.
Ansible does some of each.

[–] kylian0087@lemmy.dbzer0.com 3 points 7 months ago (1 children)

I hope the global catalog gets finished one day for freeipa.

[–] possiblylinux127@lemmy.zip 3 points 7 months ago (2 children)

FreeIPA is very unreliable in my experience. Samba is much more reliable from what I can tell.

[–] kylian0087@lemmy.dbzer0.com 2 points 7 months ago

My experience is quite the opposite. I have and still use both and find samba one of the more unreliable things. Freeipa does what it does with no issues.

[–] corsicanguppy@lemmy.ca 1 points 7 months ago

Samba just works. It's easy to set up and easy to manage.

[–] fruitycoder@sh.itjust.works 2 points 7 months ago (2 children)

Ironically I was trying to push for some rnd to run all of the GPOs for windows boxes as local policy ran by ansible. Just could stand all of the wonkyness AD introduced into the system.

[–] possiblylinux127@lemmy.zip 3 points 7 months ago

Yeah, we need better tools

[–] corsicanguppy@lemmy.ca 1 points 7 months ago

ran

It's "run", here.

[–] boredsquirrel@slrpnk.net 1 points 7 months ago
[–] corsicanguppy@lemmy.ca 1 points 7 months ago (1 children)

All else fails fall back to Ansible

Fucking hell. THAT far back?

We were doing everything Ansible does for the 95% case in 2002. Like, for 95% of use-cases, Ansible is absolutely no better than a conglomeration of tools from 2002. Definitely no reason to pay licensing.

Bonus: since it's version-agnostic (another win over Ansible if you've ever managed Tower/AAP/whatever next week) I'm still using that paradigm today because it works SO well. It's losing to Cinc or mgmtConfig but only because those are 1 and 2 generations newer than Ansible and do offer distinguishing features.

[–] possiblylinux127@lemmy.zip 3 points 7 months ago* (last edited 7 months ago) (1 children)

Ansible is foss, free of cost and requires almost no additional overhead or hardware.

It isn't the best sometimes but if you have a bunch of machines to manage it works great. (Assuming they aren't behind a NAT)

[–] corsicanguppy@lemmy.ca 1 points 3 months ago

Ansible is foss, free of cost and requires almost no additional overhead or hardware.

Um, why are you stressing foss ? I only ask because the 2002 kit was

  • cron
  • make
  • awk
  • at
  • rpm

'It's foss' isn't really a selling point, here, since ansible is still outmatched by everything else available -- including that gaggle of tools from 22 years ago.

... which was foss.

The only thing Ansible has going for it is momentum; and cult-people who haven't seen Chef or even that aforementioned tool-bag. Heaven forbid someone sees MgmtConfig converging 1000 machines in under a second immediately after a file is changed on one (ergo no playbook run taking 10 minutes). They'd be crying every day afterward that they were still stuck on worse-than-2002-technology Ansible. At 2002, Ansible pre-dates GOOGLE MAPS for technology; and facebook; and the iPhone. Ansible is the MapQuest Printout of technology.

The new tech is so reactive, it can revert a file back to conformity immediately after it's saved; before it can be reopened!

AND IT'S STILL OPEN SOURCE. Of course. Because that's a no-brainer.

[–] secret300@lemmy.sdf.org 1 points 7 months ago

What does TD;DR mean? Or did you mean TL;DR?