[aklug] Re: git and etc

From: Damien Hull <damien@linuxninjas.tv>
Date: Mon Oct 18 2010 - 14:53:42 AKDT

Thanks for the info....
The instructions I followed mad sure I ran something like "chmod og -rwx
.git". That way only root has access. I suppose there could be other
security issues with git and /etc. I feel better having git then nothing at
all.

I just made changes to my apache config and committed those changes to the
repo. Having the option of going back a revision gives me that warm and
fuzzy feeling. No more "Oh $%@*!" moments...

As far as I can tell git is much easier then subversion. That thing requires
a server with user permissions. Git is self contained. You can setup a
server if you want but its not a requirement.

I'm still waiting for someone to tell me this is a bad idea. Or that there
is a security risk of some kind. Other then one getting into my server and
seeing all of etc in the .git directory.

On Mon, Oct 18, 2010 at 12:01 PM, David M. Syzdek <david@syzdek.net> wrote:

> Two possible methods for going back to a commit:
>
> Create New Branch:
>
> $ git branch NewBranch 01e50d0d4b973237fa06dbff38ec0c8bd860b63e
> $ git checkout NewBranch
>
> Force a reset to specified commit:
>
>
> $ git reset --hard 01e50d0d4b973237fa06dbff38ec0c8bd860b63e
>
> Be sure to lock down the .git directory in /etc. If someone has read
> access to that directory, they are able to read your entire /etc directory
> by cloning it. I vaguely remember reading that the Git maintainers
> recommend against using Git to manage /etc or other configuration
> directories. It was not designed for security, but for integrity, so there
> may be some glaring security holes that have not surfaced for this
> particular use of Git.
>
> However with that said, I used it to maintain the named, sendmail,
> lighttpd, and misc other configrations in sync across multiple systems.
>
> --David
>
>
>
>
>
>
>
> On Mon, Oct 18, 2010 at 10:42 AM, Damien Hull <damien@linuxninjas.tv>wrote:
>
>> I just setup git to manage /etc. I should have asked if this was a good
>> idea
>> before installing it. Followed some instructions online. I would give a
>> link
>> but part of the instructions are bad. Had to do some thinking on my part.
>> Anyway, here's what I've got.
>>
>> 1. Ubuntu 10.04 server - Web Server
>> 2. git watching /etc
>> 3. apt configured to update git
>>
>>
>> I know there are other methods for managing /etc. However, I only have one
>> server and those other methods require one to learn a new config language.
>> I
>> want something simple. I still need to learn how git works. At the moment
>> I
>> haven't figured out how to go back a revision. I need to RTFM.
>>
>> Questions:
>> Is this idea good or bad?
>> Is there a better tool for this?
>>
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>>
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon Oct 18 14:53:51 2010

This archive was generated by hypermail 2.1.8 : Mon Oct 18 2010 - 14:53:51 AKDT