The rlbackup shell script runs rsync in a highly restricted chroot-ed shell called rsyncsh, to provide the same level of security provided by rsync-backup. The chroot-ed bin directory is read-only mounted and the backups for each client are stored in separate directories accessible only to that client. The only commands that it will accept are rsync --server ... and powershift. The command powershift generates a geometric sequence of backup files or directories by retaining, after the first n backups, only every every second backup, then every fourth backup, and so on, for each successive power of 2 (except for intermediate files necessary to accomplish this). The default value of n given in rlbackup.conf is 5, so that in the directory /backup/CLIENT/snapshot on the server these snapshots will be retained:
1/ 2/ 3/ 4/ 5/ 7/ 11/ 19/ 35/ 67/ 131/ 259/ 515/ ...
This simple scheme avoids the complication of distinguishing between daily, weekly, monthly, and yearly snapshots, which for many backup applications is unnecessary. Since the files between these directories are hard-linked, any of the directories may be deleted without affecting the files in any of the others. However, if a file in one directory is modified that will of course change the contents of any hard-links to the same file.
For security reasons, shadow password files and ssh key files are listed in rlbackup.exclude so that by default they will not be backed up by rlbackup. Shadow password files can be recreated with the commands pwconv and grpconv prior to resetting the passwords (new user ssh keys would also need to be generated). Excluded temporary directories may be recreated with:
mkdir -m 01777 /tmp /usr/tmp /var/tmp
mkdir -p -m 0755 /var/cache/man
One can uncomment the rlbackup.conf option OPTIONS="--filter=': .rsync'" to recursively exclude/include patterns listed in per-directory .rsync files. This requires rsync version 2.6.4 or later. Patterns in these .rsync files must begin with a filter rule ("- " to exclude; "+ " to include).
Backups may be listed and recovered by root using the rlrecover script. Users can be given read access to their backups by using snfs to mount the /backup/CLIENT/snapshot directory as a read-only filesystem.
WHICH IS BETTER: PUSH OR PULL?