[sf-lug] Fwd: [UMALUG] bash scripting question
asheesh at asheesh.org
Wed Mar 5 13:23:49 PST 2008
On Wed, 5 Mar 2008, Rick Moen wrote:
> Quoting Asheesh Laroia (asheesh at asheesh.org):
>> What I'd really like to do is publish e.g. a gitweb of my /etc so I can
>> point friends (and enemies...?) to my config files as samples they can
>> base on. But this means I'd end up publishing /etc/shadow and other
>> sensitive files.
>> Does etckeeper have a way to publish e.g. only the files that are
>> readable by the world on the local UNIX system?
> 1. etckeeper doesn't "publish". Your initial dilemma with it is to
> include or don't include sensitive files in the local repository: I
> believe one specifies that in git using a .gitignore file. (Feel free
> to verify that SWAG. ;-> ) Personally, I think it'd be silly _not_
> to version _somewhere_ the security-sensitive files within /etc. I
> mean, the whole point of etckeeper is to capture all state changes of
> everything important to your system configuration.
Right, I realize etckeeper doesn't publish. What I mean is, I want to
version everything with etckeeper, sensitive files and all.
I also want to show my friends, "Go to asheesh.org/$servername/etc/ and
see a gitweb (or similar) of /etc with the sensitive files not visible."
I guess the answer is just to hack up gitweb myself to check the metastore
for permissions before showing stuff.
> 2. I believe the question you meant to ask is "Does _git_ have a way to
> replicate to elsewhere (via "git clone" and so on), only the files that
> are readable by the world on the local Unix system?" Feel free to
> investigate on your own how to restrict what "git clone" and such are
> willing to replicate. (I'm way too busy to research that, myself, at
> the moment. I'm also not a seasoned git user, and trying really hard
> not to solve problems with it that aren't necessary to my situation.)
>> (And does it let you do interesting things as far as merging config
>> changes from one system to another?)
> In itself, no. That's simply not within scope.
Hi! I'm Larry. This is my brother Bob, and this is my other brother
Jimbo. We thought you might like to know the names of your assailants.
More information about the sf-lug