Backup Central

Hello there.

I found rsnapshot and was happy with what the idea was behind this tool, just
great.

Unfortunatly it is to no big use for me when it comes to a distributed
environment. As a main requirement we need to make backups from project and
system data to a central strorage device. rsnapshot does not support a
remote snapshot directory as stated in the FAQ. Therefor it has to be
located on the backup facility.

To gather all data, you have to log in as the user root, which should be
disabled for security reasons. When I tried to use the backup_script
function (for e.g. with a sudo workarround) I discoverd that it is for local
scripts only.

I ended up with a cronjob, syncing backup-data some time before the backup to
a /tmp/rsnapshot directory and rsnapshot backing up this /tmp/rsnapshot
directory.

This puts some load on the maschine at the time of the backup and at the time
when preparing the temporary data. Also it uses up some additional space on
the maschine and copies some sensible data to a second location.

I am not happy with that, but do want to use rsnapshot because of the clever
algorithm and the directory structure.

Is there anyone who has a similiar problem and a different solution? Will
this problem be adressed in further development of rsnapshot? Is it hard to
circumvent the remote snapshot protection, if I can take care of the
problems from the FAQ myself (e.g. different snapshot directories)?

I thought this would be quite a standard solution, which should work out of
the box. It seems I made a mistake.
--

regards
Thorsten Giese




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

Am Montag, 21. März 2005 16:57 schrieb Martin Schröder:
On 2005-03-21 16:21:59 +0100, Thorsten Giese wrote:
To gather all data, you have to log in as the user root, which should be
disabled for security reasons. When I tried to use the backup_script

You don't have to. We use a special account that uses sudo and
rrsync (as a forced command via ssh).

Thanks for your quick help; sometimes you just need the hint in the right
direction.

Just for documentation issues; I did the following to get it work:

A user can connect via ssh from the backup facility to any host which needs
to be backuped as the user rsnapshot without a password (ssk-key exchange).

Then I made the following file executable:

/usr/local/sbin # cat rrsync
#!/bin/bash

if [ "$(whoami)" == 'rsnapshot' ]; then
sudo /usr/bin/rsync $*;
else
/usr/bin/rsync $*;
fi

On the host which should be backuped in /etc/sudoers:

Cmnd_Alias RSYNC = /usr/bin/rsync
Host_Alias LOCALHOST = tobackup # Here you have to use your local
# hostname
rsnapshot LOCALHOST = NOPASSWD:RSYNC

Then I added in the rsnapshot.conf the following to utilize the "right"
command:

rsync_long_args --delete --numeric-ids --relative --delete-excluded
--rsync-path=/usr/local/sbin/rrsync

and it works like a charme.

--

Viele Grüße
Thorsten Giese

ANW GmbH & Co. KG
Mainzer Straße 4-6
66424 Homburg

Telefon 06841/1897760
Telefax 06841/1897770
mailto:t.giese at anw.de
http://www.anw.de




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss

Am Dienstag, 22. März 2005 12:33 schrieb Martin Schröder:
On 2005-03-22 10:51:27 +0100, Thorsten Giese wrote:
Then I made the following file executable:

/usr/local/sbin # cat rrsync

Why don't you use http://www.inwap.com/mybin/miscunix/?rrsync ?

I didn't notice rrsync before you mentioned it here _again_. I thought it
was some script you wrote, like the one I did.

After some searching I found [1], which is a good summary. I believe
restricting origin and command is a useful security extension, and also
restricting the subdirectory.

As there are many subdirectories at each host and I didn't want an extra-key
line for every host I think it is not necessary, as we are in a private
subnet. The backup facility is considered "as secure as it has to be" for
our environment considering the data stored here.

Or do I miss something about rrsync here? But thanks for the hint, it might
be usefull at some other point.

[1] http://www.jdmz.net/ssh/
--

regards
Thorsten Giese





-------------------------------------------------------
This SF.net email is sponsored by: 2005 Windows Mobile Application Contest
Submit applications for Windows Mobile(tm)-based Pocket PCs or Smartphones
for the chance to win $25,000 and application distribution. Enter today at
http://ads.osdn.com/?ad_idh82&alloc_id148&op=click
_______________________________________________
rsnapshot-discuss mailing list
rsnapshot-discuss < at > lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rsnapshot-discuss