Jos Chrispijn wrote:
Matthew Seaman wrote:
Use anonymous rsync? There's a section on rsyncd in the rsync(1)
man page, but most of the meat is in the rsyncd.conf(5) man page.
The downside is you'll lose information about user and group ownership
of files.  Oh, and obviously be careful about limiting where people
can access the rsyncd server from, or your precious data may go on
an unplanned walkies...

I don't want to loose any user and group ownership of files. Would there be another solution without rsync then or does the 'forbidden root login' affect all backup solutions here?

If you're going to expand the backup sets on the mirror box back into
a second copy of the filesystem, then you definitely need root access
on the client (to read any file irrespective of permissions) and on the server (in order to set the ownership and permissions on the files).

You can NFS mount the filesystem onto the second server and copy the
files locally that way -- but watch out for the way root-owned files are
changed to nobody:nobody ownership by default.

You can use ggated(8) and ggatec(8) to share the filesystem at low-level
between the two machines.  It's even possible to combine that with a local 
filesystem using gmirror(8) to have instantaneous synchronisation of both 
copies of the data on the two machines, although I wouldn't trust that for 
anything your livelihood depends on.

You can do a similar trick using iSCSI -- you'll need the net/iscsi-target
port installed on the server machine and to use the iscsi_initiator(4)
driver on the client machines. See also iscontrol(8)

However, if you're willing to store a tarball or other archive format
as your backup, then you don't need root access on the backup server, although you will still need it on the client.

In this case, you can use just about anything: dump(8), tar(1), cpio(1)
-- these all give you the option of 'writing to a remote device' which can
just be a regular file on your second machine. Usually network writes are
over ssh(1), although you will possibly be required to set some variables in the environment to force that to be the case. So all you need is a non-root account on the server that lets root on the clients log into it. That can be arranged using key-based auth quite nicely.

Depending on how much stuff you have, and the likelyhood that you'll
need to restore it, you could use a full-blown backup system like
bacula.  It's pretty easy to get bacula to write backup sets to disk,
and you get a not bad at all command interface via bconsole to manipulate
all that from either the backup client or the backup server host.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP:     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to