Our server has various services with it's own config file. Nginx, Dovecot, Postfix...

All these config files are located in their own /etc/{service} directory.

I'm trying to move these files to a central location and add a symlink. Something like: /etc/postfix/main.cf <- /root/server-config/postfix/main.cf

The above works for most services (Nginx, PHP, ..). However, some services related to e-mail give permission denied errors. I've tried many different options like giving more permission to both the symlink and the source file, giving max permission (777), run as Root, add dovecot/postfix to root group..

All options I tried didn't make any difference. Our main goal is to have all config files in a git repository and push them to GitHub so we have them in version control.

What can I do to make the above work.

If you have an alternative that don't work with git or symlinks, please add those as a comment instead.

Jordi Kroon
  • 77
  • 12

2 Answers2


I think your idea to move config files to another locations from their default locations and creating symbolic link to them is not a good one, it can create lots of problems.

  • If the symlinks are broken for some reason, the relevent software or service can stop working and this can make your system and services vulnerable and unusable. You may also find it hard to repair. So you should think of doing it in the other way around.

You can think of using tools such as etckeeper which lets you to automatically store changes made to /etc or (other directories) to version control systems like git. Then you can push those to a central git repo.

  • 8,791
  • 3
  • 22
  • 37
  • Great response bangal. Very thorough and the desired method of linking does seem like it would cause more problems than it would solve. Etckeeper looks dated, but this could easily be replicated with a simple git repo with some solid git ignore files! – TheGrandPackard Nov 20 '15 at 21:02

Why do you think you need to move them to have them in a git repo? Tools like etckeeper already exist, and they keep all of /etc in a git repo.

Also there are tons of configuration management tools (puppet, chef, ansible, etc) that you could/should be used to configure things. Then you can keep your configuration management configuration in your git repositories.

Many configuration files need a specific owner and permissions. Please don't assume root:root is the correct thing, and a permission of 0777 would be absolutely horrible for a configuration file. That would almost certainly mean any minor compromise of anything on your system becomes a compromise of everything.

  • 128,755
  • 40
  • 271
  • 413