From owner-freebsd-questions@FreeBSD.ORG Sun Aug 10 19:50:48 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DF3A71065680 for ; Sun, 10 Aug 2008 19:50:48 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 295AC8FC19 for ; Sun, 10 Aug 2008 19:50:47 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m7AJogOv098750; Sun, 10 Aug 2008 20:50:43 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.7.0 smtp.infracaninophile.co.uk m7AJogOv098750 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1218397843; bh=kLART998iyU9pu YwbJWbHVKxQdZWj+8UlUafDdCQWDA=; h=Message-ID:Date:From:MIME-Version: To:CC:Subject:References:In-Reply-To:Content-Type:Cc:Content-Type: Date:From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Mes sage-ID:=20<489F468A.9070000@infracaninophile.co.uk>|Date:=20Sun,=2 010=20Aug=202008=2020:50:34=20+0100|From:=20Matthew=20Seaman=20|Organization:=20Infracaninophile|User -Agent:=20Thunderbird=202.0.0.16=20(X11/20080726)|MIME-Version:=201 .0|To:=20Jos=20Chrispijn=20|CC:=20FreeBSD=20Question s=20|Subject:=20Re:=20Rsync|Referenc es:=20<489F3B10.30203@webrz.net>=20<489F3E50.1050602@infracaninophi le.co.uk>=20<489F3F13.6050302@webrz.net>|In-Reply-To:=20<489F3F13.6 050302@webrz.net>|X-Enigmail-Version:=200.95.6|Content-Type:=20mult ipart/signed=3B=20micalg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"applic ation/pgp-signature"=3B=0D=0A=20boundary=3D"------------enigA048C64 3A2C35D5C20636161"; b=x/ZEBozPXKwbxTuErxGS+ShGNBeM2+Rimy22EIU6A0XhW Q8AHwZ1TOf2ZvO8WiRV1Hx6A2SZOUABeRPBbF6pyDnxPpOjctulSMmu3G6wZ6L4yXBb KiR7H8EyFJHSvck9SwLL6VHKZgggrn3v6eBkI9EXxTIDalQVdYyBH++1l08= Message-ID: <489F468A.9070000@infracaninophile.co.uk> Date: Sun, 10 Aug 2008 20:50:34 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: Jos Chrispijn References: <489F3B10.30203@webrz.net> <489F3E50.1050602@infracaninophile.co.uk> <489F3F13.6050302@webrz.net> In-Reply-To: <489F3F13.6050302@webrz.net> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enigA048C643A2C35D5C20636161" X-Virus-Scanned: ClamAV 0.93.3/8002/Sun Aug 10 18:18:44 2008 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: FreeBSD Questions Subject: Re: Rsync X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2008 19:50:49 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA048C643A2C35D5C20636161 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Jos Chrispijn wrote: > Matthew Seaman wrote: >> Use anonymous rsync? There's a section on rsyncd in the rsync(1) >> man page, but most of the meat is in the rsyncd.conf(5) man page. >> The downside is you'll lose information about user and group ownership= >> of files. Oh, and obviously be careful about limiting where people >> can access the rsyncd server from, or your precious data may go on >> an unplanned walkies... >=20 > I don't want to loose any user and group ownership of files. Would ther= e=20 > be another solution without rsync then or does the 'forbidden root=20 > login' affect all backup solutions here? If you're going to expand the backup sets on the mirror box back into a second copy of the filesystem, then you definitely need root access on the client (to read any file irrespective of permissions) and on the=20 server (in order to set the ownership and permissions on the files). You can NFS mount the filesystem onto the second server and copy the files locally that way -- but watch out for the way root-owned files are changed to nobody:nobody ownership by default. You can use ggated(8) and ggatec(8) to share the filesystem at low-level between the two machines. It's even possible to combine that with a loca= l filesystem using gmirror(8) to have instantaneous synchronisation of bo= th copies of the data on the two machines, although I wouldn't trust that= for anything your livelihood depends on. You can do a similar trick using iSCSI -- you'll need the net/iscsi-targe= t port installed on the server machine and to use the iscsi_initiator(4) driver on the client machines. See also iscontrol(8) However, if you're willing to store a tarball or other archive format as your backup, then you don't need root access on the backup server,=20 although you will still need it on the client. In this case, you can use just about anything: dump(8), tar(1), cpio(1) -- these all give you the option of 'writing to a remote device' which ca= n just be a regular file on your second machine. Usually network writes are= over ssh(1), although you will possibly be required to set some variables= in the environment to force that to be the case. So all you need is a=20 non-root account on the server that lets root on the clients log into it.= =20 That can be arranged using key-based auth quite nicely. Depending on how much stuff you have, and the likelyhood that you'll need to restore it, you could use a full-blown backup system like bacula. It's pretty easy to get bacula to write backup sets to disk, and you get a not bad at all command interface via bconsole to manipulate= all that from either the backup client or the backup server host. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enigA048C643A2C35D5C20636161 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkifRpIACgkQ8Mjk52CukIyIMQCfaGXMk1Xi4Lb7IeDhLqMll5bA c7MAnAvYf02M6tCEPtyo3tj9d4M7329L =++/s -----END PGP SIGNATURE----- --------------enigA048C643A2C35D5C20636161--