How to manage root<-->root rsync keeping permissions?

L A Walsh rsync at tlinx.org
Sat Aug 7 19:37:34 UTC 2021 

On 2021/08/07 08:45, Chris Green via rsync wrote:
>
>>     
> Because cron/anacron isn't perfect and the machine being backed up nay
> not be turned on all the time so the time that it tries to backup is
> most definitely not fixed accurately!
>
>
>   
>>     
> My *backups* of important data are incremental backups done once a day
> for every machine. I also do hourly incremental backups on my desktop
> machine but that is more for protecting myself against myself than for
> protecting against intruders or hardware failure.
>   
----
    Yeah, that's why I had the 'previous versions thing working.
I hope to get that working again at some point a bit more efficiently.

I know I need the protection against myself too!

> The original point of this thread is about something closer to
> synchronising my (small, Raspberry Pi) DNS server so that if it fails
> I can get a DNS server back up and running as quickly as possible.
>   
----
    Get a few small computers like your pi, and duplicate them.  swap a new
one in if there's a problem.  Or boot from a DVD -- installs everything
on boot, and then download variable info from your backup server using
knock-knock...*
>
>   
>>>  so not only does someone with access to
>>> my desktop/laptop need to know the rsyncd username and password but
>>> they also cannot delete my existing backups.  It runs incremental
>>> backups so nothing is ever overwritten either.
>>>       
>> ----
>>    BTW, incremental backups aren't really the same as 'update' backups,
>> they keep track of the state of the file system (including files no longer
>> there)
>> so you can restore your desktop to a specific day before some unwanted
>> updated was introduced and kept by an update-only backup system.
>>
>>     
> Yes, exactly, or more to the point (in my case anyway) I can restore a
> specific file to a few hours ago after I've scrambled it in some
> disastrous way! :-)
>   
you too eh, what power we have! ;-)


A pretty cool way to get your laptop "let in" to the backup server.

Have a random sequence of port open attemps Choose a capital port, a 
small..oh
wait, that's letters...anyway, have a prog that detects the probes.
If it gets the right sequence of 10, 20, 60 probes, (whatever), then
it opens up the ssh->backup port for 5 minutes or until your laptop
connects, (whichever is shorter).  If you didn't get in within 5 minutes,
prolly need a faster computer.  Be sure to make your OPIE check a range of
of unused passwords in case you get out of sync.



Have the probe-pattern be a 1-time use pattern and generate a few hundred
of them for each computer in advance.  now you have One-time use passwords
just to turn on your secure backup.  If someone breaks that, close up 
shop and
move to baja calif and retire! ....

More information about the rsync mailing list