Correct user names when tracking /etc/ in git repository and committing as root
Solution 1:
The git author and committer name can be influenced with the environment variables GIT_COMMITTER_NAME, GIT_COMMITTER_EMAIL, GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL.
Now the trick is to submit those variables to the remote server when connecting through SSH:
Define and export the variables in your
~/.bashrcfile:export GIT_AUTHOR_NAME="Christian Weiske"Automatically send them with a SSH connection by adjusting
~/.ssh/config:SendEnv LANG LC_* GIT_*LANGandLC_*are not neccesary, but Debian has then in their default ssh_config, so I thought I should submit them, tooOn the remote server, adjust the sshd configuration in
/etc/ssh/sshd_configto acceptGIT_*environment variables:AcceptEnv LANG LC_* GIT_*
Voila - a git commit as root in /etc/ leads to:
commit 8a4654f13241f05361283a88ce041a0fc24b8ac6
Author: Christian Weiske <[email protected]>
In case serverfault faults some time in the future: http://cweiske.de/tagebuch/carry-git-settings.htm
Solution 2:
First, and not related to your question, I would urge you to urgently stop to use root logins and su and use user logins and sudo instead. Restrict your root logins to console only, or not even that.
That said, git commit has a --author option that can help you there:
# git commit --author='Author Name <[email protected]>' -a
You can also carefully use environment variables per user to set GIT_AUTHOR_NAME and GIT_AUTHOR_EMAIL variables. In the log, it will appear different authors and the same commiter (root@host), but it will give you more auditing. Of course that means you trust your admins to keep the variables intact. As each one is using a specific shell, they can sudo to root and source a file with their specific git variables, identifying each one differently on the commits. Not very practical, but you may even automatize that with scripts.
EDIT: Of course an even better approach as appointed by @ScottPack would be to use a configuration management system like Puppet or Chef and use git to track the changes on the central server and not on the real servers so each admin could have a working copy of the configuration.
Solution 3:
With putty you can set this under "Connection -> Data -> Environment Variables".
They are also present after 'su' to root.
Solution 4:
If you happen to provision user accounts on your servers using ssh keys, you can actually attach environment variables to the authorized keys at setup time - for example in ~bob/.ssh/authorized_keys
environment="GIT_AUTHOR_NAME=Bob Smith",environment="[email protected]" ssh-rsa AAAA.... [email protected]
This way when users SSH in they automatically have these envs setup - there's no need for them for forward them from the local client. Bonus points if you already have this info and are generating authorized_keys configs from a config management system.
Note: The above requires PermitUserEnvironment yes in sshd_config