Differences between revisions 1 and 4 (spanning 3 versions)
Revision 1 as of 2007-11-27 22:48:42
Size: 3834
Editor: MadsKiilerich
Comment:
Revision 4 as of 2010-03-18 01:04:47
Size: 4936
Editor: RayKohler
Comment:
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
But there are some attributes that Mercurial doesn't track, such as owner and group and permissions, mtime/ctime/atime, special file system attributes. So don't try to update, that will mess things up. A restore must be done manually and carefully. Also be careful when you want to revert or stop tracking files. But there are some attributes that Mercurial doesn't track, such as owner and group and permissions, mtime/ctime/atime, special file system attributes. So don't try to update, that will mess things up. A restore must be done manually and carefully. Also be careful when you want to revert or stop tracking files (you might want to use {{{hg rm --after}}}).
Line 104: Line 104:
= Update Hook for proper permissions =

I use this script as an update hook to manage the special permissions that files in /etc need (and also those I want my home directory contents to have). I'm sure there are some holes in it, but it does what I need it to do.

{{{
#!/bin/bash

repo="$(hg root)"

case "${repo}" in
 "/etc")
  cd "${repo}"
  for file in $(hg manifest) ; do
    perms=$(stat -c %a "${file}")
    case "${file}" in
     "shadow"|"gshadow")
      if [[ "${perms}" == "644" ]] ; then
       chmod -v 600 "${file}"
      fi
      ;;
     *)
      if [[ "${perms}" == "700" ]] ; then
       chmod -v 755 "${file}"
      elif [[ "${perms}" == "600" ]] ; then
       chmod -v 644 "${file}"
      fi
      ;;
    esac
  done
  ;;
 "/home/ataraxia")
  cd "${repo}"
  for file in $(hg manifest) ; do
   perms=$(stat -c %a "${file}")
   if [[ "${perms}" == "755" ]] ; then
    chmod -v 700 "${file}"
   elif [[ "${perms}" == "644" ]] ; then
    chmod -v 600 "${file}"
   fi
  done
  ;;
 *)
  ;;
esac
}}}

This is one approach - see the end of the page for other approaches.

Tracking /etc etc

Mercurial can be used to track host configuration, like a kind of backup of config. I use a depot in / and hgignore everything.

Files that I want to track are added on demand. Before editing an untracked file I commit it so that I can see what has been changed. After completing an admin task I review the output from "hg diff | vim -R -", check that I made the right changes, check that all relevant changes are tracked, and then I commit.

But there are some attributes that Mercurial doesn't track, such as owner and group and permissions, mtime/ctime/atime, special file system attributes. So don't try to update, that will mess things up. A restore must be done manually and carefully. Also be careful when you want to revert or stop tracking files (you might want to use hg rm --after).

Tracking symlinks like for example /etc/rc.d/rc?.d/* requires Mercurial 0.9.5. When dealing with symlinks be careful about what you are tracking: The link or the target file.

Some files in /etc/ are binary, and you probably don't want to track them. But there are files in other places that it makes sense to track. Please extend the list below with files you need track and think others would like to track too.

How to get started

cd /
hg init .
chmod go-rwx .hg
echo ^ > .hgignore

hg add \
 .hgignore \
 boot/grub/device.map \
 boot/grub/grub.conf \
 etc/aliases \
 etc/crontab \
 etc/dhcpd.conf \
 etc/dirvish/master.conf \
 etc/fstab \
 etc/group \
 etc/gshadow \
 etc/hosts \
 etc/httpd/conf.d/*.conf \
 etc/httpd/conf/httpd.conf \
 etc/inittab \
 etc/mantis/config_inc.php \
 etc/modprobe.conf \
 etc/mtab \
 etc/nsswitch.conf \
 etc/ntp.conf \
 etc/passwd \
 etc/php.ini \
 etc/postfix/access \
 etc/postfix/aliases \
 etc/postfix/canonical \
 etc/postfix/generic \
 etc/postfix/header_checks \
 etc/postfix/main.cf \
 etc/postfix/master.cf \
 etc/postfix/relocated \
 etc/postfix/transport \
 etc/postfix/virtual \
 etc/rc.d/* \
 etc/rc.d/rc?.d/* \
 etc/resolv.conf \
 etc/samba/lmhosts \
 etc/samba/smb.conf \
 etc/samba/smbusers \
 etc/selinux/config \
 etc/selinux/restorecond.conf \
 etc/selinux/semanage.conf \
 etc/selinux/targeted/modules/active/booleans.local \
 etc/shadow \
 etc/squirrelmail/config.php \
 etc/squirrelmail/config_local.php \
 etc/squirrelmail/default_pref \
 etc/squirrelmail/sqspell_config.php \
 etc/ssh/ssh_config \
 etc/ssh/ssh_host_dsa_key.pub \
 etc/ssh/ssh_host_key.pub \
 etc/ssh/ssh_host_rsa_key.pub \
 etc/ssh/sshd_config \
 etc/sysconfig/authconfig \
 etc/sysconfig/clock \
 etc/sysconfig/grub \
 etc/sysconfig/hwconf \
 etc/sysconfig/i18n \
 etc/sysconfig/iptables \
 etc/sysconfig/iptables-config \
 etc/sysconfig/kernel \
 etc/sysconfig/keyboard \
 etc/sysconfig/network \
 etc/sysconfig/network-scripts/ifcfg-eth* \
 etc/sysconfig/system-config-securitylevel \
 etc/sysctl.conf \
 etc/yum.conf \
 root/anaconda-ks.cfg \
 root/setup.txt \
 usr/local/bin/* \
 usr/local/sbin/* \
 var/lib/samba/private/passdb.tdb \
 var/lib/samba/private/secrets.tdb \
 var/lib/samba/private/smbpasswd \
 var/log/dmesg \
 var/log/rpmpkgs \
 var/named/chroot/etc/named.conf \
 var/named/chroot/var/named/* \

Update Hook for proper permissions

I use this script as an update hook to manage the special permissions that files in /etc need (and also those I want my home directory contents to have). I'm sure there are some holes in it, but it does what I need it to do. 

repo="$(hg root)"

case "${repo}" in
        "/etc")
                cd "${repo}"
                for file in $(hg manifest) ; do
                                perms=$(stat -c %a "${file}")
                                case "${file}" in
                                        "shadow"|"gshadow")
                                                if [[ "${perms}" == "644" ]] ; then
                                                        chmod -v 600 "${file}"
                                                fi
                                                ;;
                                        *)
                                                if [[ "${perms}" == "700" ]] ; then
                                                        chmod -v 755 "${file}"
                                                elif [[ "${perms}" == "600" ]] ; then
                                                        chmod -v 644 "${file}"
                                                fi
                                                ;;
                                esac
                done
                ;;
        "/home/ataraxia")
                cd "${repo}"
                for file in $(hg manifest) ; do
                        perms=$(stat -c %a "${file}")
                        if [[ "${perms}" == "755" ]] ; then
                                chmod -v 700 "${file}"
                        elif [[ "${perms}" == "644" ]] ; then
                                chmod -v 600 "${file}"
                        fi
                done
                ;;
        *)
                ;;
esac

Other approaches and comments

http://www.selenic.com/pipermail/mercurial/2007-August/014296.html Beware of the problems ...

http://www.selenic.com/pipermail/mercurial/2007-August/014298.html Example of complex .hgignore

http://www.selenic.com/pipermail/mercurial/2007-August/014301.html Discouragement ...

http://michael-prokop.at/blog/2007/03/14/maintain-etc-with-mercurial-on-debian/ Maintain /etc with mercurial on Debian

http://ygingras.net/b/2007/11/a-case-for-hg-on-etc Encouragement ...

TrackingEtcEtc (last edited 2013-08-12 11:00:11 by h167)