rlbackup (Remote Linked Backup)


rlbackup provides a simple secure mechanism for generating linked backups over the network. It is available for download as rlbackup-2.20.tar.gz. Linked backups typically allow one to create a large number of historical snapshots of a filesystem in little more than the space occupied by a single copy. This software has been developed for the Linux operating system, but it should easily port to other UNIX operating systems (perhaps with a modified read-only filesystem). It exploits the --link-dest option in rsync version 2.5.6 or later. Upgrading to rsync version 2.6.5 or later is recommended.

The rlbackup shell script runs rsync in a highly restricted chroot-ed shell called rsyncsh, to provide the same level of security provided by rsync-backup. The chroot-ed bin directory is read-only mounted and the backups for each client are stored in separate directories accessible only to that client. The only commands that it will accept are rsync --server ... and powershift. The command powershift generates a geometric sequence of backup files or directories by retaining, after the first n backups, only every every second backup, then every fourth backup, and so on, for each successive power of 2 (except for intermediate files necessary to accomplish this). The default value of n given in rlbackup.conf is 5, so that in the directory /backup/CLIENT/snapshot on the server these snapshots will be retained:

1/ 2/ 3/ 4/ 5/ 7/ 11/ 19/ 35/ 67/ 131/ 259/ 515/ ...

This simple scheme avoids the complication of distinguishing between daily, weekly, monthly, and yearly snapshots, which for many backup applications is unnecessary. Since the files between these directories are hard-linked, any of the directories may be deleted without affecting the files in any of the others. However, if a file in one directory is modified that will of course change the contents of any hard-links to the same file.

For security reasons, shadow password files and ssh key files are listed in rlbackup.exclude so that by default they will not be backed up by rlbackup. Shadow password files can be recreated with the commands pwconv and grpconv prior to resetting the passwords (new user ssh keys would also need to be generated). Excluded temporary directories may be recreated with:

mkdir -m 01777 /tmp /usr/tmp /var/tmp
mkdir -p -m 0755 /var/cache/man

One can uncomment the rlbackup.conf option OPTIONS="--filter=': .rsync'" to recursively exclude/include patterns listed in per-directory .rsync files. This requires rsync version 2.6.4 or later. Patterns in these .rsync files must begin with a filter rule ("- " to exclude; "+ " to include).

Backups may be listed and recovered by root using the rlrecover script. Users can be given read access to their backups by using snfs to mount the /backup/CLIENT/snapshot directory as a read-only filesystem.

NEW FEATURES

INSTALLATION INSTRUCTIONS

WHICH IS BETTER: PUSH OR PULL?

REFERENCES

  • http://www.mikerubel.org/computers/rsync_snapshots
  • http://rsync.samba.org    [rsync mailing list]
  • http://www.stearns.org/rsync-backup/
  • http://www.pegasys.ws/dirvish/FAQ.html
  • See also:

  • OpenSSH patches (including user-dependent IdentifyFile security patch)
  • Secure NFS via SSH Tunnel
  • How to set up a passwordless OpenSSH connection
  • Keychain: an OpenSSH key management utility
  •  visitors have accessed this page since January 16, 2003.


  • Old versions
  • HOME: http://www.math.ualberta.ca/~bowman