Phil Pennock wrote: > Edward Ned Harvey (lopser) wrote: > > I recently thought it would be a good idea to version control the /etc > > directory. Using subversion, I added and committed ... and all hell > > broke loose. > > Worse than that: there's a contrib wrapper for svn which claims to add > permissions to files, but in fact the wrapper does nothing about the > permissions on .svn or the files therein, so it will leave the live copy > with correct permissions but sensitive data exposed inside .svn. > > > Question is: What do you use to version control permission sensitive > > files? Subversion doesn't give a damn about permissions, so even > > after I clean up this mess, I think I should probably avoid it. > > Production systems: configuration management system, authoritative > source of data in svn or git. For a new deployment: git unless you need > Windows folks to use it too. > > (Am currently a SWEng and off the pager for the first time in ... > working memory, so not currently responsible for a production system; > that will change). > > My personal colo box: svn, Make and a tool to fix permissions, because I > set it up many years ago and have not been through a rebuild to move > things into a Cfg Mgmt framework. > > Next OS rebuild, I will probably transition the source from the various > places in the existing services svn repo into a new layout in Git and > use Ansible for host deployment. Probably build a new server at home > using that, bug-test it, then use the new framework for the colo box.
There's an interesting blog post on this - http://utcc.utoronto.ca/~cks/space/blog/sysadmin/WhyNotEtckeeper?showcomments which observes that with etckeeper & friends you'll be fighting your package management system. Some good point/counterpoint in the comments, too. -- Charles Polisher _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
