This short tutorial explains how to utilize Git for managing the changes in system configuration files, such as daemon configuration (Kamailio, FreeSWITCH and such).
The essential part is the “–shared=group” option in “git init” command. It sets setguid on .git directory and also sets “core.sharedRepository” in the repository config.
Each user performs Git operations under their own UID. This guarantees that the proper copy of $HOME/.gitconfig is used in commit messages, and also SSH public key authentication works with the user’s own credentials.
The configuration files usually belong to root account. In order to allow easier editing, the files may belong to the administrators group and be group writable. The following example uses the “adm” group in Debian for this purpose. If the files are not user-writable, they should be at least be readable by the members of administrators group.
# set up users and group membership in Debian: update-alternatives --set editor /usr/bin/vim.tiny apt-get install sudo visudo #### change the line to have NOPASSWD: flag %sudo ALL=(ALL:ALL) NOPASSWD: ALL #### adduser --gecos "Stanislav Sinyagin" --disabled-password ssinyagin adduser ssinyagin adm adduser ssinyagin sudo adduser --gecos "Anton Kvashenkin" --disabled-password kvashenkin adduser kvashenkin adm adduser kvashenkin sudo # after adding users, set up their .ssh/authorized_keys accordingly # as root or in "sudo -i", create the playground directory mkdir /var/tmp/sandbox chgrp adm /var/tmp/sandbox chmod g+ws /var/tmp/sandbox cd /var/tmp/sandbox git init --shared=group echo "smashing" >pumpkins chmod g+w pumpkins # as user "ssinyagin": cat >~/.gitconfig <<'EOT' [user] name = Stanislav Sinyagin email = firstname.lastname@example.org EOT cd /var/tmp/sandbox git add pumpkins git commit -m "added pumpkins" # Gitolite is used on my private Git server, and gitolite.conf contains: # repo xlab1/sandbox # RW+ = ssinyagin kvashenkin # so, here we initialize the connection to the remote server git remote add origin email@example.com:xlab1/sandbox git push -u origin master # Now the normal working cycle begins: as a user, I'm creating and # modifying files, then commit and push. This cycle can be done by # any member of the adm group: echo "foo" >bar chmod g+w bar sudo chown root bar git status git add bar git commit -m 'added bar' echo "ls" >>bar git status git add bar git commit -m 'extended bar' # review the changes git log git show ade4c90e # now push the changes to the central repo git push