On 2013-04-20 at 13:28 +0000, Edward Ned Harvey (lopser) wrote: > I recently thought it would be a good idea to version control the /etc > directory. Using subversion, I added and committed ... and all hell > broke loose.
Worse than that: there's a contrib wrapper for svn which claims to add permissions to files, but in fact the wrapper does nothing about the permissions on .svn or the files therein, so it will leave the live copy with correct permissions but sensitive data exposed inside .svn. > Question is: What do you use to version control permission sensitive > files? Subversion doesn't give a damn about permissions, so even > after I clean up this mess, I think I should probably avoid it. Production systems: configuration management system, authoritative source of data in svn or git. For a new deployment: git unless you need Windows folks to use it too. (Am currently a SWEng and off the pager for the first time in ... working memory, so not currently responsible for a production system; that will change). My personal colo box: svn, Make and a tool to fix permissions, because I set it up many years ago and have not been through a rebuild to move things into a Cfg Mgmt framework. Next OS rebuild, I will probably transition the source from the various places in the existing services svn repo into a new layout in Git and use Ansible for host deployment. Probably build a new server at home using that, bug-test it, then use the new framework for the colo box. -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
