It means that if someone breaks out of your container, they can only do things that user can do.

Can that user access your private documents (are these documents in a container that also runs under that user)?

Can that user sudo?

Can that user access SSH keys and jump to other computers?

Generally speaking, the answer to all of these should be “no”, meaning that each group of containers (or risk levels etc) get their own account.

Not quite, I have to go through out of box, and then join it to the domain, but then yes!

Applies security policy, install apps, disables bloat, login in with central username and pass, get mapped drives etc

I have a Windows AD domain and have my preferences and some apps as GPOs.

In the server world we use Ansible, or in some cases maybe PowerShell DSC.

Ansible is much more focused on Linux and orchestration, but does have some support for Windows, and DSC is for Windows Servers.

Both use YAML or similar structured config to impart a state, e.g.

- name: Install Firefox
  Ansible.builtin.package:
    name: firefox
    state: present

Meaning that ansible does the legwork to make sure FF is installed.

gedit in native Linux or WSL2. use it for Ansibke, python, C, bash, basically anything I need to edit. Has a git plugin, bottom terminal pane, left open files / current folder pane. Does all I need it to do, and it’s not a huge fuckoff electron app.

Just a point of clarification: Don’t use RAID 5 for more than 2-4 TB. The rebuild takes so long that the mean-time-between read errors statistic basically guarantees a read error while rebuilding, which may cause the controller to trash the array.

That and rebuilding that much data might push one of the drives over the edge anyway.

The linked article — and others — explain that in Android 10+, (a) executable binaries can no longer reside in a read/write directory, and (b) access to /sdcard will go away. Simply put, these changes destroy my application’s ability to function, and that of Termux as well.

That sounds like proper security to me? Inability to access the user’s storage is a bit lame, but they’ve been moving to nicer APIs for that anyway.

Android is a mobile phone OS, not desktop / embedded Linux.