Git revision control for system configuration files

This short tutorial explains how to utilize Git for managing the changes in system configuration files, such as daemon configuration (Kamailio, FreeSWITCH and such).

The essential part is the “–shared=group” option in “git init” command. It sets setguid on .git directory and also sets “core.sharedRepository” in the repository config.

Each user performs Git operations under their own UID. This guarantees that the proper copy of  $HOME/.gitconfig is used in commit messages, and also SSH public key authentication works with the user’s own credentials.

The configuration files usually belong to root account. In order to allow easier editing, the files may belong to the administrators group and be group writable. The following example uses the “adm” group in Debian for this purpose. If the files are not user-writable, they should be at least be readable by the members of administrators group.

# set up users and group membership in Debian:
update-alternatives --set editor /usr/bin/vim.tiny 
apt-get install sudo
#### change the line to have NOPASSWD: flag

adduser --gecos "Stanislav Sinyagin" --disabled-password ssinyagin
adduser ssinyagin adm
adduser ssinyagin sudo

adduser --gecos "Anton Kvashenkin" --disabled-password kvashenkin
adduser kvashenkin adm
adduser kvashenkin sudo

# after adding users, set up their .ssh/authorized_keys accordingly

# as root or in "sudo -i", create the playground directory
mkdir /var/tmp/sandbox
chgrp adm /var/tmp/sandbox
chmod g+ws /var/tmp/sandbox
cd /var/tmp/sandbox
git init --shared=group
echo "smashing" >pumpkins
chmod g+w pumpkins

# as user "ssinyagin":
cat >~/.gitconfig <<'EOT'
        name = Stanislav Sinyagin
        email =

cd /var/tmp/sandbox
git add pumpkins
git commit -m "added pumpkins"

# Gitolite is used on my private Git server, and gitolite.conf contains:
#   repo xlab1/sandbox
#     RW+  = ssinyagin kvashenkin
# so, here we initialize the connection to the remote server
git remote add origin
git push -u origin master

# Now the normal working cycle begins: as a user, I'm creating and 
# modifying files, then commit and push. This cycle can be done by 
# any member of the adm group:

echo "foo" >bar
chmod g+w bar
sudo chown root bar
git status
git add bar
git commit -m 'added bar'

echo "ls" >>bar
git status
git add bar
git commit -m 'extended bar' 

# review the changes
git log
git show ade4c90e

# now push the changes to the central repo
git push


  1. #1 by Noah Mehl on May 17, 2013 - 4:56 pm

    Have you heard of of etckeeper?

    • #2 by txlab on May 17, 2013 - 6:17 pm

      yes, but didn’t have a chance to use it. I try to avoid the server maintenance responsibilities 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: