D. Cooper Stevenson wrote: > Here's the scenario: you need a backup solution that will make a > complete backup of your server and automatically rotate the backup > snapshots using rsync.
I looked at doing this last year when I was setting up backups here. Then I discovered BackupPC (http://backuppc.sourceforge.net/). BackupPC is a finished product: it has a web administration interface and web restore interface. It sends out email notification when something goes wrong. It works with Microsoft clients using Samba. (Yes, we have one DOS box here.) BackupPC compresses all its data and only stores one copy of duplicate files. That dramatically reduces the disk space your backup server needs. OTOH, its security model is no better than the rsync/ssh version. I beefed that part up a bit. (Cory helped.) I created a user, backuppc, on each Linux client host, and set its login shell to a script that verifies that it was called with the appropriate tar command. Then it passes that command to sudo. /etc/sudoers only allows that user to run tar. The login script also verifies that certain sensitive files are excluded from the backup: /etc/shadow, ssh private keys, and Apache SSL private keys. That's a (probably vain) attempt to limit the damage if the backup host were compromised. You could do the same with your ssh/rsync solution. I'd be happy to mail you my scripts (not directly applicable, but easier than recreating them from scratch). BackupPC has been running here since January on a Debian stable box, and this week was the first time I've had to do any real maintenance on it. The disk filled up, so I put in another disk and extended the logical volume. (I *love* LVM!) One critique of your script. I suggest you rotate the backups AFTER you know the new backup has succeeded. Otherwise, if it starts failing on Friday night, all copies of your backups will have been rotated into oblivion by Monday morning. (I've been there. Suffered the consequences. )-: ) -- Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
