4

Say I had to change the permissions of some file in /etc/ssl to allow a program to read a private key file:

$ cd /etc
$ chgrp ssl-cert ssl/private/key.pem
$ chmod g+r ssl/private/key.pem
$ git status
On branch master
nothing to commit, working directory clean

How do I tell etckeeper that some file permissions have changed in order to commit them? I know that the permissions are kept in /etc/.etckeeper, but couldn't find any way to update that file.

Fritz
  • 632
  • 2
  • 6
  • 16
  • 3
    According to a cursory glance at the documentation, `etckeeper commit`. – DopeGhoti May 02 '17 at 19:59
  • @DopeGhoti Well duh, it seems that was was a little bit blind there... Thanks! – Fritz May 02 '17 at 20:20
  • Happy to have provided a second pair of eyes (: – DopeGhoti May 02 '17 at 20:25
  • For me, the first time I run `etckeeper commit` it might tell me that there is `nothing to commit`, but then `etckeeper vcs status` tells me that now the metadata file `.etckeeper` has been modified, so a subsequent run of `etckeeper commit` actually does find something in need of committing. Whenever I need to regenerate the metadata file, I prefer to run `etckeeper pre-commit` because it is less confusing. – cyberSingularity Aug 08 '17 at 16:10

1 Answers1

3

git itself does not provide ownership and privileges information, besides executable bit information. The solution for you is to use etckeeper data. Looking into the documentation, we have:

Most VCS, including git, mercurial and bazaar have only limited tracking of file metadata, being able to track the executable bit, but not other permissions or owner info. (darcs doesn't even track executable bits.) So file metadata is stored separately. Among other chores, etckeeper init sets up a pre-commit hook that stores metadata about file owners and permissions into a /etc/.etckeeper file. This metadata is stored in version control along with everything else, and can be applied if the repo should need to be checked back out.

So, the ownership of your directories are kept in /etc/.etckeeper, which is monitored by git as well. ;)

  • etckeeper commit should solve your problem.

Depending on your scale, I would think about more complex and useful configuration management tools like Salt, Ansible, Puppet, Chef and so on.

Kamil Boratyński
  • 426
  • 2
  • 7