[SAC] revision controlled configs and unix groups
Sandro Santilli
strk at keybit.net
Sun Apr 3 23:42:10 PDT 2016
I've taken the habit of putting under GIT some of the configuration
directories I have the privilege of updating on the tracsvn machine.
So far I've done:
./apache2/.git
./www/svn/hookscripts/.git
./www/svn/repos/geos/hooks/.git
./www/svn/repos/postgis/hooks/.git
I find it very useful as you can quickly see what's being changed,
although right now it's not as easy to tell by _whom_, given it
takes root privs to commit (this is something I'd like to fix).
It would be also useful to have an ssh-mediated access to these
repositories in a non-public way, to serve as some form of backup
strategy (every SAC members would have a copy of the configuration)
but once again being those repos only readable by root makes this
harder than it needs be (would need to store the password of "root"
on one's own machine).
What would you think about using unix groups more ?
Right now the only unix group used for administration purposes is
the "sudo" group, turning any member effectively into a superuser
(but controllable via /etc/sudoers). Should a similar catch-all
group strategy be used to manage configurations ? Could LDAP
have any role in this (ie: does any LDAP/unix-groups integration
exist already) ?
--strk;
More information about the Sac
mailing list