Re: Best way to duplicate HDs--talk more about rsync+ssh system
On Wed, Jan 02, 2002 at 10:17:38AM -0800, Ted Deppner wrote:
> > The [modules] in rsyncd.conf provide a nice way to package what you want to
> > back up. You can also specify what ip addresses connect to rsyncd. So in
> > theory only the backup machine can connect to the rsyncd daemons; we've set
> > those to read-only.
> Ack! If you're doing file level rsync backups to rsyncd, rsyncd *must* be
> running as root (DON'T DO THAT), else your perms will be useless. rsyncd
> just isn't something that should run with root perms... therefore it's
> rather useless for file level rsync backups.
We're pulling **from** a read-only rsyncd. It has to run as root because we
require the right archive, permissions, etc.... I'm confused; is that much
different from running an rsync otherwise except for the convenience of the
[modules] thing? Or is rsync wrong tool for job?
We want to reduce the load on the production servers. Some clients need
4x daily backups, but for others nothing changes for months at a time.
The new system is only going to snapshot and archive only the changed
versions, not every day. All the zipping, sorting and file checking
will take place on backup machine, not on servers so we don't care how
greedy the process gets as long as the process pulling the mirror off
the production machine is as light as possible. Is there something
better than rsync for that?
> If you tar up the source, and send those to your rsyncd that's less of a
> security risk from rsyncd itself, HOWEVER your root only file data is now
> in a userland tar file, so your data is now less secure on the backup
> server than it was on the source machine. Very bad backup design.
I must have described it poorly: dedicated backup machine, no other services,
no random users, private routing on physically separate lan, outbound
connections only. I'd hope that would be better than a production server.
Christopher F. Miller, Publisher firstname.lastname@example.org
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
Content/site management, online commerce, internet integration, Debian linux