Jos Chrispijn wrote:
Matthew Seaman wrote:Use anonymous rsync? There's a section on rsyncd in the rsync(1) man page, but most of the meat is in the rsyncd.conf(5) man page. The downside is you'll lose information about user and group ownership of files. Oh, and obviously be careful about limiting where people can access the rsyncd server from, or your precious data may go on an unplanned walkies...I don't want to loose any user and group ownership of files. Would there be another solution without rsync then or does the 'forbidden root login' affect all backup solutions here?
If you're going to expand the backup sets on the mirror box back into a second copy of the filesystem, then you definitely need root accesson the client (to read any file irrespective of permissions) and on the server (in order to set the ownership and permissions on the files).
You can NFS mount the filesystem onto the second server and copy the files locally that way -- but watch out for the way root-owned files are changed to nobody:nobody ownership by default. You can use ggated(8) and ggatec(8) to share the filesystem at low-level between the two machines. It's even possible to combine that with a local filesystem using gmirror(8) to have instantaneous synchronisation of both copies of the data on the two machines, although I wouldn't trust that for anything your livelihood depends on. You can do a similar trick using iSCSI -- you'll need the net/iscsi-target port installed on the server machine and to use the iscsi_initiator(4) driver on the client machines. See also iscontrol(8) However, if you're willing to store a tarball or other archive formatas your backup, then you don't need root access on the backup server, although you will still need it on the client.
In this case, you can use just about anything: dump(8), tar(1), cpio(1) -- these all give you the option of 'writing to a remote device' which can just be a regular file on your second machine. Usually network writes areover ssh(1), although you will possibly be required to set some variables in the environment to force that to be the case. So all you need is a non-root account on the server that lets root on the clients log into it. That can be arranged using key-based auth quite nicely.
Depending on how much stuff you have, and the likelyhood that you'll
need to restore it, you could use a full-blown backup system like
bacula. It's pretty easy to get bacula to write backup sets to disk,
and you get a not bad at all command interface via bconsole to manipulate
all that from either the backup client or the backup server host.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
