Monday, August 10, 2009

Setting up backup by rsync

I want to backup my files on another server. So I go to another server, and create file /etc/rsyncd.conf:

secrets file = /etc/rsyncd.secrets
#Global properties
read only = yes
list = yes
#User on server
uid = backup
#User's group
gid = backup

#Protected share for backups.
[files]
comment = For your eyes only
path = /home/backup/
auth users = franek
read only = no
hosts allow = 192.168.1.64
hosts deny = *
list = yes
We are using user backup as rsync files owner. Don't forget to create him.

So now we need to create entry for franek in rsyncd.secrets:
franek:his_password
rsyncd.secrets cannot be readable for all. In such case rsync daemon will not allow access to protected shares. Set permissions to 600.

We need to do one more thing before starting the daemon. Go to /etc/default/rsync and set RSYNC_ENABLE=true

Ok, issue sudo /etc/init.d/rsync start and rsync deamon is running.

Now go to the client machine. The one we want to make backups from. I want to backup whole /home, so my command looks like this:
sudo rsync -aXAvz --delete --delete-excluded --exclude-from=$DIR/backup.excludes --password-file=$DIR/rsync-pass /home franek@moon::files
So there is sudo rsync, and then some options:
-a the same as -rlptgoD, which is:
-r recurse into directories
-l copy symlinks as symlinks
-p preserve permissions
-t preserve modification times
-g preserve group
-o preserve owner
-D preserve device files, preserve special files
-X preserve extended attributes
-A preserve ACLs
-v be verbose
-z use compression
Then there is --delete and --delete-excluded. It means if there is some file on copy, but there is no such file on source, delete file from copy. --delete-excluded means delete all excluded files from copy.

I keep exclusions patterns in separate file. Format is quite simple:
lost+found
*/.Trash/
*/.thumbnails/
cache/
Cache/
.Cache/
.cache/
My share is password protected. Only user franek can access it, and he needs to give his password. If you want to do it by system (e.g. cron), you don't have the possibility to type the password. However, you can put it into file and make file readable only for user (permissions 700). Then you can just point to that file with --password-file option.

Next there is just source and destination. Just like in cp or smb. Source is pretty simple in my example. Destination is a bit more complicated: <user>@<server>::<share-name>

No comments: