Hi Jonathan,
Jonathan Nieder wrote:
> > Most git actions don't change permissions or file owners, but git stash
> > leaves changed files with permissions and owners as if they were newly
> > created.
>
> Hmm. "git stash save" uses "git reset --hard" internally.
I see.
> The usual behavior when "git checkout" or "git reset --hard" replaces
> a file is to remove the old file and write a new one. The result
> isn't so unusual for, say, a text editor --- it's the same as would
> happen with the usual write new file / fsync / rename dance, except
> faster and less robust against sudden OS failure.
Nevertheless, most editors nowadays create the new file at least with
the same permissions as the old one, if the old one has been renamed
as backup copy.
> > This can cause severe problems when configuration files are
> > maintained in git.
I had one case where only the owner and group seem to have changed (to
root). That made the configuration no more readable for the software
and caused it to fail in a way we didn't notice immediately. :-/ (We
learned from it and now check for this kind of issue with our
monitoring system. :-)
> Yikes. Running "git stash" or anything similar from within a
> git-managed /etc is very dangerous.
>
> Are you using etckeeper? Or are these configuration files of another
> kind?
Nope. As far as I can see, etckeeper just supports putting /etc/ as a
whole into a git repo. We have single, selected subdirectories of
/etc/ in git as we cherry-pick the more generic changes made to one
host on other hosts where the same software is installed.
The hairy example was /etc/backuppc/. Some files need to be writeable
by Apache (aka www-data), others need to be accessible by the
monitoring system and again others (ssh keys) must not be
world-readable.
We also generate and commit new config files automatically using
scripts. Initially those scripts just refused to work if the directory
was dirty. Then we switched to using git stash instead and then those
issues started to pop up.
I should probably look again for plugins or hooks taking care of file
meta-data, but the last time I looked for such a thing, the stuff I
found wasn't very promising. Any tips and hints are appreciated.
Thanks for caring about this issue nevertheless.
Regards, Axel
--
,''`. | Axel Beckert <[email protected]>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
`- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
