From owner-freebsd-isp Sun Dec 15 14:10:33 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7566737B404 for ; Sun, 15 Dec 2002 14:10:32 -0800 (PST) Received: from marklar.blazingdot.com (marklar.blazingdot.com [207.154.84.83]) by mx1.FreeBSD.org (Postfix) with SMTP id D84ED43EE1 for ; Sun, 15 Dec 2002 14:10:31 -0800 (PST) (envelope-from marcus@blazingdot.com) Received: (qmail 72699 invoked by uid 503); 15 Dec 2002 22:10:31 -0000 Date: Sun, 15 Dec 2002 14:10:31 -0800 From: Marcus Reid To: Mike Tancsa Cc: Simon , freebsd-isp@freebsd.org Subject: Re: network backup Message-ID: <20021215221031.GA72287@blazingdot.com> References: <20021213165625.GB91604@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Coffee-Level: high Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Dec 15, 2002 at 09:22:06AM -0500, Mike Tancsa wrote: > On Fri, 13 Dec 2002 13:07:18 -0500, in sentex.lists.freebsd.isp you wrote: > > >archive grew over gig or so in size, it errored out on me). Dump is a > >mess to work with, it doesn't work with directories nor with single > >archive file. You need to keep creating new dumps using different > >backup levels and I don't know how you will restore files for x user > >using all those little dumps when you need to efficiently. > > > Dump will work with a single archive file per level. Yes, it does work on a > file system basis and not directory, but your generally want a level0 > backup of your entire system anyways. Its also very efficient for restoring > the odd file from the archive file. restore -i -f and its MUCH > nicer to work with than tar this way. If you keep 5 levels of incremental > dumps, yes, you will need to do this potentially for 5 different files, but > still works as expected. We do something like this > > /sbin/dump -0uanf - /usr |gzip -9 | ssh > remoteuser@backupserver.example.com dd > of=/home/targetdir/root-server-al0.gz Agreed that dump is the way to go much of the time.. There is something that bothers me in your example though. Your backup machine trusts the server, and not the other way around. IMHO, the backup machine needs to be one of the most trusted machines on your network, like your management workstation. It logs into machines below it, and not the other way around. Compromise of server X should not allow access to the backups of every machine on the network! Marcus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message