[sf-lug] Fwd: [UMALUG] bash scripting question

Asheesh Laroia asheesh at asheesh.org
Wed Mar 5 13:23:49 PST 2008

On Wed, 5 Mar 2008, Rick Moen wrote:

> Quoting Asheesh Laroia (asheesh at asheesh.org):
>> What I'd really like to do is publish e.g. a gitweb of my /etc so I can 
>> point friends (and enemies...?) to my config files as samples they can 
>> base on.  But this means I'd end up publishing /etc/shadow and other 
>> sensitive files.
>> Does etckeeper have a way to publish e.g. only the files that are 
>> readable by the world on the local UNIX system?
> 1.  etckeeper doesn't "publish".  Your initial dilemma with it is to 
> include or don't include sensitive files in the local repository:  I 
> believe one specifies that in git using a .gitignore file.  (Feel free 
> to verify that SWAG[1].  ;-> )  Personally, I think it'd be silly _not_ 
> to version _somewhere_ the security-sensitive files within /etc.  I 
> mean, the whole point of etckeeper is to capture all state changes of 
> everything important to your system configuration.

Right, I realize etckeeper doesn't publish.  What I mean is, I want to 
version everything with etckeeper, sensitive files and all.

I also want to show my friends, "Go to asheesh.org/$servername/etc/ and 
see a gitweb (or similar) of /etc with the sensitive files not visible."

I guess the answer is just to hack up gitweb myself to check the metastore 
for permissions before showing stuff.

> 2.  I believe the question you meant to ask is "Does _git_ have a way to 
> replicate to elsewhere (via "git clone" and so on), only the files that 
> are readable by the world on the local Unix system?"  Feel free to 
> investigate on your own how to restrict what "git clone" and such are 
> willing to replicate.  (I'm way too busy to research that, myself, at 
> the moment.  I'm also not a seasoned git user, and trying really hard 
> not to solve problems with it that aren't necessary to my situation.)


>> (And does it let you do interesting things as far as merging config 
>> changes from one system to another?)
> In itself, no.  That's simply not within scope.


-- Asheesh.

Hi!  I'm Larry.  This is my brother Bob, and this is my other brother
Jimbo.  We thought you might like to know the names of your assailants.

More information about the sf-lug mailing list