Friday, April 4, 2014

Mercurial sample #1

There are excellent and comprehensive Mercurial references out there.
Nevertheless, it may be instructive to share my own learning process.
As an example I will take the NIS maps' source files directory tree:
 
├── acct
│   ├── passwd
│   └── shadow
├── aliases
├── auto_home
├── auto_master
├── ethers
├── group
├── hosts
├── ipnodes -> hosts
├── netgroup
├── netid
├── netmasks
├── networks
├── project
├── protocols
├── publickey
├── rbac
│   ├── auth_attr
│   ├── exec_attr
│   └── prof_attr
├── rpc
├── services
├── sudoers
└── user_attr

This directory tree will turn into a Mercurial repository on the NIS master.
Of course, this repository will be central and sysadmins will have their own.
This will help organize the shared management by several sysadmins.

The first concern is with the directory tree permissions.
The trouble is to share the directory tree with all sysadmins.
Giving root (sudo) access to sysadmins is a security problem.
Creating a group for the sysadmins may hit system limits.
The natural solution in Solaris is to share a role.

So, adjust the directory tree owner and group:
(the mode was already set according to NIS maps' source files)

nis-1# chown -R nis:nis /var/share/nis

nis-1# ls -lh /var/nis/*
total ...
-rw-r-----   1 nis    
nis  ...  aliases
-rw-r-----   1
nis     nis  ...  auto_home
-rw-r-----   1
nis     nis  ...  auto_master
-rw-r-----   1
nis     nis  ...  ethers
-rw-r-----   1
nis     nis  ...  group
-rw-r-----   1
nis     nis  ...  hosts
lrwxrwxrwx   1 root    root ...  ipnodes -> hosts
-rw-r-----   1 nis     nis  ...  netgroup
-rw-r-----   1
nis     nis  ...  netid
-rw-r-----   1
nis     nis  ...  netmasks
-rw-r-----   1
nis     nis  ...  networks
-rw-r-----   1
nis     nis  ...  project
-rw-r-----   1
nis     nis  ...  protocols
-rw-r-----   1
nis     nis  ...  publickey
-rw-r-----   1
nis     nis  ...  rpc
-rw-r-----   1
nis     nis  ...  services
-r--r-----   1
nis     nis  ...  sudoers
-rw-r-----   1
nis     nis  ...  user_attr

/var/nis/acct:
total ...
-rw-r-----   1
nis     nis  ...  passwd
-r--------   1
nis     nis  ...  shadow
 

/var/nis/rbac:
total ...
-rw-r-----   1
nis     nis  ...  auth_attr
-rw-r-----   1
nis     nis  ...  exec_attr
-rw-r-----   1
nis     nis  ...  prof_attr
 
Log in as a user who has been granted the above role:

$ su - nis
Password:
Oracle Corporation    SunOS 5.11    11.1    December 2013

  
$ who am i
user2      pts/1      ...


Go to the NIS sources directory and do some adjustment:

$ cd /var/nis

$ rm ipnodes
$ ln -s hosts ipnodes

Create the Mercurial repository and minimal configuration file:

$ hg init

$ hg root
/var/share/nis


$ cat ~/.hgrc
[ui]
username = NIS role


Create a baseline (the initial snapshot or changeset):

$ hg status
? acct/passwd
? acct/shadow
? aliases
? auto_home
? auto_master
? ethers
? group
? hosts
? ipnodes
? netgroup
? netid
? netmasks
? networks
? project
? protocols
? publickey
? rbac/auth_attr
? rbac/exec_attr
? rbac/prof_attr
? rpc
? services
? sudoers
? user_attr


$ hg add
adding acct/passwd
adding acct/shadow
adding aliases
adding auto_home
adding auto_master
adding ethers
adding group
adding hosts
adding ipnodes
adding netgroup
adding netid
adding netmasks
adding networks
adding project
adding protocols
adding publickey
adding rbac/auth_attr
adding rbac/exec_attr
adding rbac/prof_attr
adding rpc
adding services
adding sudoers
adding user_attr

 
$ hg status
A acct/passwd
A acct/shadow
A aliases
A auto_home
A auto_master
A ethers
A group
A hosts
A ipnodes
A netgroup
A netid
A netmasks
A networks
A project
A protocols
A publickey
A rbac/auth_attr
A rbac/exec_attr
A rbac/prof_attr
A rpc
A services
A sudoers
A user_attr
 
  
$ hg commit -m "Baseline"

$ hg summary
parent: 0:79f1ad4f096b tip
 Baseline
branch: default
commit: (clean)
update: (current)


$ hg tip
changeset:   0:79f1ad4f096b
tag:         tip
user:        NIS role
date:        Wed Apr 09 15:10:24 2014 -0300
summary:     Baseline