First and foremost I’m a coder, a coder who strongly believes in revision control. Second I am also a sysadmin; but only by accident. I have some servers and someone has to take care of them. I’m not a good sysadmin because I don’t have any interest on it so I learn as little as possible and also because I don’t want to be good at it and get stuck doing that all the time. What I love is to code.

I’m always scare of touching a file in /etc. What if I break something? I decided to treat /etc the same way I treat my software (where I am generally not afraid of touching anything). I decided to use revision control. So far I’ve never had to roll back a change in /etc, but it gives me a big peace of mind knowing that I can.

In the days of CVS and Subversion I thought about it, but I’ve never done it. It was just too cumbersome. But DVCS changed that, it made it trivial. That’s why I believe DVCS is a breakthru. Essentially what you need to revision-control your /etc with Git is to go to /etc and turn it into a repository:

cd /etc
git init

Done. It’s now a repo. Then, submit everything in there.

git add .
git commit -am "Initial commit. Before today it's prehistory, after today it's fun!"

From now on every time you modify a file you can do

git add <filename>
git commit -m "Description of the change to <filename>"

where <filename> is one or many files. Or if you are lazy you can also do:

git commit -am "Description to all the changes."

which will commit all pending changes. To see your pending changes do:

git status


git diff

When there are new files, you add them all with

git add .

and if some files were remove, you have to run

git add -u .

to be sure that they are remove in the repo as well (otherwise they’ll stay as pending changes forever).

That’s essentially all the commands I use when using git and doing sysadmin. If you ever have to do a rollback, merge, branch, etc, you’ll need to learn git for real.

One last thing. I often forget to commit my changes in /etc, so I created this script:

#!/usr/bin/env sh

cd /etc
git status | grep -v "On branch master" | grep -v "nothing to commit"
true # Don't return 1, which is what git status does when there's nothing to do.

on /etc/cron.daily/git-status which reminds me, daily, of my pending changes.

Hope it helps!

13 responses to “Revisioning /etc with Git”

  1. Juanjo Avatar

    So… with DVCS you don’t need a repo server in Internet?

  2. Pablo Avatar

    Juanjo, no, each checkout is a repo in-place so you can just start versioning a directory in-place without ever touching anything outside that directory.

  3. Roshan Avatar

    I like your articles and subscribe to your blog via RSS, but the most recent set of RSS entries have a huge ‘share this item’ boilerplate at the end of every post, overshadowing the blog post itself. :-(

    1. Pablo Avatar

      My apologies Roshan, better now?

  4. Roshan Avatar

    Ah, you enabled the summary RSS. Yes, thanks!

    I like your article, btw. I’ve been doing the same, based on Subversion, for /etc and any other config files. I’m currently considering exporting my blog’s database dump into an SVN repository too. Just gotta implement it now. :-)

  5. John Hunter Avatar

    Very nice I think I will start doing this with my sites on Slicehost. I already maintain the applications in git, this seems like a good addition.

    1. Pablo Avatar

      Using git for /etc is good, but I think spending the time to learn Puppet is worth it. I’m now using Puppet and never going back.

  6. Mark Avatar

    How do you handle file ownership? E. g., /etc/shadow is owned by root:shadow, and some configurations are owned by a dedicated user (freeradius, icecast, www-data), but occasionally, changing their ownership makes sense.

    How can we track such changes?

    1. J. Pablo Fernández Avatar

      Mark, I actually didn’t track ownership. I’m not using this method anymore. Now I use puppet.

  7. Gonzo Barzulisautilio dela Mancha Avatar
    Gonzo Barzulisautilio dela Mancha

    apt-get install etckeeper will help

  8. Asad Hasan Avatar

    WHAT A GENIUS IDEA…i googled it to see if someone has tried it before, and lo and behold here it is.

  9. Asad Hasan Avatar

    I am now off to see if I can mess with apt-get or dpkg-configure to do an automatic commit on hooks ran on auto updates that modify /etc files in ubuntu/debian.

    1. NoNeedForAName Avatar

      Hello Asad –

      I’m looking into doing something similar w/ SLES. I came across ; may this is something like you’re seeking? Otherwise, I think etckeeper (after changing its config fr bzr to git) seems to be a solid choice.

Leave a Reply

If you want to work with me or hire me? Contact me

You can follow me or connect with me:

Or get new content delivered directly to your inbox.

Join 5,038 other subscribers

I wrote a book:

Stack of copies of How to Hire and Manage Remote Teams

How to Hire and Manage Remote Teams, where I distill all the techniques I've been using to build and manage distributed teams for the past 10 years.

I write about:

announcement blogging book book review book reviews books building Sano Business C# Clojure ClojureScript Common Lisp database Debian Esperanto Git ham radio history idea Java Kubuntu Lisp management Non-Fiction OpenID programming Python Radio Society of Great Britain Rails rant re-frame release Ruby Ruby on Rails Sano science science fiction security self-help Star Trek technology Ubuntu web Windows WordPress

I've been writing for a while:


%d bloggers like this: