Storing Linux’s /etc/ in svn

The /etc/ directory under most Linux systems is where the system-wide configuration for most software is stored. When setting up, or maintaining a Linux server ( or even a desktop machine, depending on particular use cases ) this directory will likely be  changed, either manually or by software upgrades. Obviously it makes sense to keep this directory under version control, so here are the steps I followed to set it up:

1. Setup an SVN repository – the easiest ( and free ) way to do this is to use a service like Springloops . Remember to set this up with as restrictive as possible permissions, as it may contain sensitive details such as SSL certificates, passwords, private keys etc.

2. Check out the repository, using this command ( where $URL is your svn tree url ),  run it as root. You may want to have it remember your authentication details, if you want to automate the committing of your tree ( we will get to this later ):

cd /etc
svn co $URL /etc

3. Add the whole tree into svn:

svn add *

4. Commit the current tree, this may take a while:

svn -m "Initial Commit" commit

5. Congratulations, your /etc directory is now in SVN. Now we need an easy way to update what is in SVN. I use this script which I’ve placed in /usr/local/sbin/ ( called svnetc and given execute permissions ):

#! /bin/bash
cd /etc
# add everything
svn add --force ./*
# remove from svn everything that has been locally removed
svn status | grep "^\!" | sed 's/! *//' | xargs -I% svn rm %
svn -m "Automatic commit `date`" commit
svn up

6. You can now run ‘svnetc’ as root, and your svn tree will be updated with the current contents of etc. You can use the normal svn commands to revert and view changes as needed.Keeping svn up to date now relies on you running svnetc manually – it would be better if we could automate this.

7. The easiest way to setup automatic committing is to create a file in /etc/cron.daily/svnetc with this contents ( remember to give it execute permissions with chmod +x ! ):

#!/bin/sh
export HOME="/root"
/usr/local/sbin/svnetc

8. Now once a day, your etc tree changes will be committed to svn, if you have major changes, I’d recommend running svnetc as root manually to ensure the changes are committed ASAP.

3 thoughts on “Storing Linux’s /etc/ in svn”

  1. Thanks for this, but a heads-up: I’ve had a few problems with the permissions set on various files (such as the sudoers file and ssh private keys) being set too liberally (644). Needed to switch these to 440 in the case of sudoers, and 600 in the case of the private keys. Fingers crossed for the next reboot in case anything else falls over..!
    Be warned!

Leave a Reply

Your email address will not be published. Required fields are marked *