How to manage root<-->root rsync keeping permissions?
L A Walsh
rsync at tlinx.org
Sat Aug 7 19:37:34 UTC 2021
On 2021/08/07 08:45, Chris Green via rsync wrote:
> Because cron/anacron isn't perfect and the machine being backed up nay
> not be turned on all the time so the time that it tries to backup is
> most definitely not fixed accurately!
> My *backups* of important data are incremental backups done once a day
> for every machine. I also do hourly incremental backups on my desktop
> machine but that is more for protecting myself against myself than for
> protecting against intruders or hardware failure.
Yeah, that's why I had the 'previous versions thing working.
I hope to get that working again at some point a bit more efficiently.
I know I need the protection against myself too!
> The original point of this thread is about something closer to
> synchronising my (small, Raspberry Pi) DNS server so that if it fails
> I can get a DNS server back up and running as quickly as possible.
Get a few small computers like your pi, and duplicate them. swap a new
one in if there's a problem. Or boot from a DVD -- installs everything
on boot, and then download variable info from your backup server using
>>> so not only does someone with access to
>>> my desktop/laptop need to know the rsyncd username and password but
>>> they also cannot delete my existing backups. It runs incremental
>>> backups so nothing is ever overwritten either.
>> BTW, incremental backups aren't really the same as 'update' backups,
>> they keep track of the state of the file system (including files no longer
>> so you can restore your desktop to a specific day before some unwanted
>> updated was introduced and kept by an update-only backup system.
> Yes, exactly, or more to the point (in my case anyway) I can restore a
> specific file to a few hours ago after I've scrambled it in some
> disastrous way! :-)
you too eh, what power we have! ;-)
A pretty cool way to get your laptop "let in" to the backup server.
Have a random sequence of port open attemps Choose a capital port, a
wait, that's letters...anyway, have a prog that detects the probes.
If it gets the right sequence of 10, 20, 60 probes, (whatever), then
it opens up the ssh->backup port for 5 minutes or until your laptop
connects, (whichever is shorter). If you didn't get in within 5 minutes,
prolly need a faster computer. Be sure to make your OPIE check a range of
of unused passwords in case you get out of sync.
Have the probe-pattern be a 1-time use pattern and generate a few hundred
of them for each computer in advance. now you have One-time use passwords
just to turn on your secure backup. If someone breaks that, close up
move to baja calif and retire! ....
More information about the rsync