2

I am using mac, and /etc is just a symlink to /private/etc, which contains hundreds of (important) configuration files, and the total size of /private/etc directory is smaller than 1 MB.

Is it a good way to backup these files using git? If not, why?

What might be some side effects?

Edit: as user ivanivan pointed out, there might be security concerns for some file containing passwords or keys. Can you give me some example of these files? (e.g. ssh keys and /etc/shadow)

Edit: maybe I can encrypt the .git dir before pushing it to a private remote repo?

Edit: git doesn't track file permission and files in /etc have all kinds of permissions. using git may cause some serious problems. On the other hand, etckeeper handles file permissions properly.

Teddy C
  • 457
  • 1
    The biggest issue I can think of is security - are you going to commit, etc to a public repo? A 3rd party private repo that could be made public one day? Remember, things like passwords, ssh keys, etc. are kept in /etc – ivanivan Jun 26 '19 at 14:28
  • Could you clarify what you mean by "backup"? Are you not already running TimeMachine or similar backup software? IMHO, git or similar software is for keeping track of revisions and is not primarily for backing up files. – Kusalananda Jun 26 '19 at 14:58
  • @Kusalananda 1) 'backup' generally means that I can keep track of those files and do version control, and can safely restore files when they're lost or messed up on my local machine. 2) No, I don't want to rely on TimeMachine because I may use some of these config files on Linux. – Teddy C Jun 26 '19 at 15:06

2 Answers2

2

Have you seen etckeeper?

etckeeper is a collection of tools to let /etc be stored in a git, mercurial, bazaar or darcs repository. This lets you use git to review or revert changes that were made to /etc. Or even push the repository elsewhere for backups or cherry-picking configuration changes. It hooks into package managers like apt to automatically commit changes made to /etc during package upgrades. It tracks file metadata that git does not normally support, but that is important for /etc, such as the permissions of /etc/shadow. It's quite modular and configurable, while also being simple to use if you understand the basics of working with version control.

See https://etckeeper.branchable.com/

Edward
  • 2,509
  • Thank you for recommending etckeeper! As I see, etckeeper automates the backup process using SCM tools. But is it safer than using git? – Teddy C Jun 26 '19 at 15:20
  • etckeeper uses the vcs of your choice and is as such not safer than the underlying vcs system used (weakest link principle). For example, if you use git as the vcs, you need to keep the .git dir very secure, as it contains very sensitive information (like for example the shadow file). Pushing to remote, let alone public, creates even more security concerns. I find it a brilliant tool, when used locally. – Edward Jun 26 '19 at 16:58
2

On it's own Git will not record metadata such as permissions which are required for a correct backup of /etc.

Timothy Baldwin
  • 432
  • This is quite correct. etckeeper has some nifty magic in place to do this: It tracks file metadata that git does not normally support, but that is important for /etc, such as the permissions of /etc/shadow. – Edward Jun 26 '19 at 17:00