Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:rsnapshot [2006/03/20 14:01]
alien
linux:rsnapshot [2010/04/24 19:25] (current)
alien Add a link to my article about the NSLU2
Line 1: Line 1:
 ===== The rsnapshot backup solution ===== ===== The rsnapshot backup solution =====
-=========================================+-----------------------------------------
  
 Rsnapshot is a filesystem snapshot utility for making backups of local and remote systems. Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals. See the [[http://rsnapshot.org/ | rsnapshot web site]] for more information.\\ Rsnapshot is a filesystem snapshot utility for making backups of local and remote systems. Using rsync and hard links, it is possible to keep multiple, full backups instantly available. The disk space required is just a little more than the space of one full backup, plus incrementals. See the [[http://rsnapshot.org/ | rsnapshot web site]] for more information.\\
 A good read is the [[http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html | Rsnapshot HOWTO]]. A good read is the [[http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html | Rsnapshot HOWTO]].
  
 +Another article worth checking is my companion article about [[linux:slug | using a Linksys NAS as rsnapshot server]].
  
 ==== Getting the software ==== ==== Getting the software ====
Line 19: Line 20:
  
 Good example docs about how to set this up are:\\ Good example docs about how to set this up are:\\
-  http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot+http://blog.innerewut.de/articles/2005/05/25/remote-filesystem-snapshots-with-rsnapshot 
 and it's follow-up article:\\ and it's follow-up article:\\
-  http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot+http://blog.innerewut.de/articles/2005/06/03/follow-up-on-remote-filesystem-snapshots-with-rsnapshot 
 as well as some improvements to this:\\ as well as some improvements to this:\\
-  http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320+http://sourceforge.net/mailarchive/forum.php?thread_id=8991705&forum_id=41320
  
  
 Now, some detailed instructions compiled from the above sources: Now, some detailed instructions compiled from the above sources:
-================================================================+----------------------------------------------------------------
  
  
Line 38: Line 41:
     local# ssh remote-server     local# ssh remote-server
     ; you might have to create the directory ~/.ssh if it doesnt exist:     ; you might have to create the directory ~/.ssh if it doesnt exist:
-    ; "chmod 600 ~/.ssh ; chown rbackup ~/.ssh"+    ; "chmod 700 ~/.ssh ; chown rbackup ~/.ssh"
     ; if you don't get the permissions on ~/.ssh and ~/.ssh/authorized_keys right,     ; if you don't get the permissions on ~/.ssh and ~/.ssh/authorized_keys right,
     ; passwordless login will FAIL!     ; passwordless login will FAIL!
Line 60: Line 63:
   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.   * Create a user "//rbackup//", which should be un-privileged, i.e. should not be part of the "//wheel//" group.
   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>   * Append the //BACKUPSERVER//'s rbackup user's public key to the //REMOTE// rbackup's ''~/.ssh/authorized_keys'' and modify it to allow access from one specific machine (the backupserver), only allowed to run one specific command. This is for security reasons of course. <code>
-    from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  +from="192.168.200.34",command="/home/rbackup/validate-rsync.sh" ssh-rsa  
-    AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= +AAAAB3NzaC1yc2EAAAAB.......0i9yTN7QTrcqKU9ugIesi3+EZnw5ES5wbpo8= 
-    rbackup@TheVault</code> +rbackup@TheVault 
-  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code> +</code> Make sure your version of **''from="192.168.200.34"''** contains the IP address of your rsnapshot server! 
-    #!/bin/sh +  * Create the ''/home/rbackup/validate-rsync.sh'' validation script with these contents: <code bash
-    case "$SSH_ORIGINAL_COMMAND" in +#!/bin/sh 
-    *\&*)+case "$SSH_ORIGINAL_COMMAND" in 
 +  *\&*)
     echo "Rejected 1"     echo "Rejected 1"
     ;;     ;;
-    *\;*)+  *\;*)
     echo "Rejected 2"     echo "Rejected 2"
     ;;     ;;
Line 75: Line 79:
     $SSH_ORIGINAL_COMMAND     $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *true*)+  *true*)
     echo $SSH_ORIGINAL_COMMAND     echo $SSH_ORIGINAL_COMMAND
     ;;     ;;
-    *)+  *)
     echo "Rejected 3"     echo "Rejected 3"
     ;;     ;;
-    esac +esac 
-</code>  and ''chmod 754 /home/rbackup/validate-rsync.sh'' to make it executable.+</code>  and run the following commands to make it executable for user ''rbackup'': <code> 
 +chown rbackup /home/rbackup/validate-rsync.sh 
 +chmod 754 /home/rbackup/validate-rsync.sh 
 +</code> 
   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh   * Create a wrapper script for rsync (which uses sudo) in ''/usr/local/bin/rsync_wrapper.sh'' which contains: <code>#!/bin/sh
 /usr/bin/sudo /usr/bin/rsync "$@"; /usr/bin/sudo /usr/bin/rsync "$@";
 </code> </code>
-  * Add this line to ''/etc/sudoers'': <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code>+  * Add this line to ''/etc/sudoers'' so that user ''rbackup'' can run the wrapper's ''rsync'' command with //root// privileges: <code>rbackup ALL = NOPASSWD: /usr/bin/rsync</code> 
 + 
 +=== Testing remote login === 
 + 
 +When all configuration is complete, and before your scheduled cron jobs start, you should test whether the non-interactive passwordless login from the rsnapshot server to the remote //rbackup// account is functional.\\ You need to make a ssh connection at least once, to add the public key of the remote machine to your root account's //''known_hosts''// file. <code> 
 +# ssh rbackup@client.my.lan 
 +Rejected 3 
 +Connection to client.my.lan closed. 
 +</code> The "''Rejected 3''" message actually means that your configuration was successful!
  

Personal Tools
sponsoring