[clug] Subversion for sysadmin tasks
Michael James
Michael.James at csiro.au
Mon Jul 31 23:58:33 GMT 2006
On Mon, 31 Jul 2006 05:12 pm, Robert Edwards wrote:
>
> I looked into doing this as well.
> I am not sure that subversion is the right way to do it for /etc,
> main issues I identified are:
> - ownership of files (when you extract from the repository,
> they all belong to you, but not all files in /etc
> are owned by root)
> - preserving permissions on the files
> - all those .svn directories lying around
> (and some of them are quite large).
On SuSE there is a config process run out of cron
that sets permissions and ownerships according to templates.
The base set are in /etc/permissions
Then overlay your choice of poison:
/etc/permissions.easy
/etc/permissions.secure
/etc/permissions.paranoid
Then your custom files /etc/permissions.local
The point is that running this as part of the version commit
sets all the ownerships and permissions according to a file.
And the file is under version control.
michaelj
--
Michael James michael.james at csiro.au
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166
Here's a bit of /etc/permissions.secure:
#
# /etc
#
/etc/crontab root:root 600
/etc/exports root:root 644
/etc/fstab root:root 644
/etc/ftpaccess root:root 644
/etc/ftpusers root:root 644
/etc/inetd.conf root:root 644
/etc/inittab root:root 644
/etc/mtab root:root 644
/etc/rmtab root:root 644
/var/lib/nfs/rmtab root:root 644
/etc/syslog.conf root:root 600
#
# suid system programs that need the suid bit to work:
#
/bin/su root:root 4755
# disable at and cron for users that do not belnong to the group
"trusted"
/usr/bin/at root:trusted 4750
/usr/bin/crontab root:trusted 4750
/usr/bin/gpasswd root:shadow 4755
/usr/bin/newgrp root:root 4755
/usr/bin/passwd root:shadow 4755
/usr/bin/chfn root:shadow 4755
/usr/bin/chage root:shadow 4755
More information about the linux
mailing list