-----Original Message----- From: Matt Connolly [mailto:[email protected]] Sent: Sunday, May 01, 2011 10:22 AM To: Discussion list for OpenIndiana Subject: Re: [OpenIndiana-discuss] zfs snapshot script
On 01/05/2011, at 11:48 PM, Dan Swartzendruber wrote: > Hmmm, well, what I've seen a couple of places (and have been using myself) > is rsyncd.conf on the OS box having a post-exec cmd that takes the > snapshot... So that means having some daemon running as root (or with required privileges) that could listen to a trigger message sent from the client? In my case the server is operating simply as a file server and it has no knowledge of the state of a backup. I could change the windows backups to be using an rsync daemon on the server, but the mac backups using Time Machine require an afp file server, so something else needs to be added. Are there any permission tricks that would allow a script executed via ssh to execute "zfs snapshot"?? *** Sorry for being unclear. It may not be optimal, but what I have been doing is this: the clients back up by running rsync (with each a customized rsync config file and exclude file). The OI box has rsync running in daemon mode, with the config file defining each client with a stanza like this: read only = yes list = yes uid = root gid = root [sphinx] path = /tank/backups/servers/sphinx read only = no hosts allow = 10.0.0.1 hosts deny = * post-xfer exec = /usr/bin/create_zfs_snapshot $RSYNC_MODULE_PATH [pbx] path = /tank/backups/servers/pbx read only = no hosts allow = 10.0.0.7 hosts deny = * post-xfer exec = /usr/bin/create_zfs_snapshot $RSYNC_MODULE_PATH To centralize the backup scheduling, the OI box runs the rsync command on each client via ssh, using public keys to avoid needing passwords. This doesn't sound like what you want, particularly if you need to use afp :( I don't know anything about afp, but trying to make an suid script safe seems difficult to me (I could be wrong though.) It's a hack, but maybe you could do something like this on the mac: do your backup via afp do an rsync, with the OI box using the post-xfer trick to take a snapshot of the filesystem in question - the security would be based on having the IP match your Mac, which isn't perfect, but better than having an suid script. the rsync would be to some small (maybe even empty) dummy directory on the same filesystem the afp share is on. does this sound wacky? _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
