I think I can skip the buildup on why backups are important and I’ll focus this post on the “how”. There are a lot of ways to make backups. Obviously some are better than others; in this post I’ll just explain how I do my backups.

The script I use was designed with the following items in mind:

  • The storage medium is a hard drive. This has some advantages like random-access which can be used.
  • Storage capacity should be as small as possible; differential and/or incremental backups are almost unavoidable in this.
  • The backups should be pulled from the server. This way you know when a server is behaving strangely. If you push your backups and the server has a bad day, he won’t tell you that he forgot his backups!
  • Since the backup contains sensitive data (eg SSL private keys, /etc/shadow), the network transfer should be encrypted.
  • The backup needs to be taken as root. This is the only way to ensure that all files could be read. (Yes, technically you could use specific capabilities instead of root)

The script I use combines the above points. The heavy lifting is done by rsync which is run over an SSH connection to provide confidentiality of the transferred data. The whole thing needs to run in the background, so I used public key authentication. Since I don’t allow root to login via SSH, certainly not automatically, I created an unprivileged backup account.

Once the SSH connection is established, it is used to tunnel a TCP connection towards the rsync daemon. This daemon is running as root, so it has all needed privileges to read the full file system. The rsync client is running under root as well, so it can do the required chown‘s and chmod‘s.

Now rsync comes into play. This is where the magic begins. My script is based on this wonderful idea, some of you might recognize it better as the Mac OS X Leopard Time Machine-way.

Download:

I run this script nightly from my crontab using this command:

USER="backup" SSH_HOST="server" RSYNC_MODULE="system" RSYNC_PORT="1873" \
    SSH_KEY=/usr/local/etc/server.id_rsa RSYNC_PASSWD=/usr/local/etc/server.passwd \
    NAME="server-sys" WHERE="/mnt/backup" /usr/local/sbin/rsyncd-snapshot-ssh.sh

One Comment

  1. Long-term Memory » Blog Archive » Time Machine to a linux server says:

    […] Machine is the Mac way of doing backups. The concept is fairly similar to incremental rsync snapshots. Officially, Apple does not support Time Machine backups to a network volume: network drives […]