Recipe 16.4. Building an rsync Backup Server

16.4.1 Problem

You want users to back up their own data. But you really don't want to give users shell accounts all over the place, just so that they can do backups. You'd also like to make it easier for them to share files, again without giving all your users shell accounts.

16.4.2 Solution

Use a dedicated PC for a central server, and run rsync in daemon mode. Users will not need login accounts on the server, and you can use rsync's own access controls and user authorization for security.

rsync must be installed on all machines.

First, on the rsync server, edit or create /etc/rsyncd.conf to create an rsync module defining the archive:

# global settings log file = /var/log/rsyncd.log # modules [backup_dir1]    path = /backups    comment = server1 archive    list = yes    read only = no

Make sure that /backups exists. Next, start rsync on the server in daemon mode:

# rsync  daemon

Now you can copy files from a remote machine to the server. In this example, the remote PC is "workstation," and the rsync server is "server1." First, verify that the rsync server is accessible:

sue@workstation:~$ rsync server1:: backup_dir1      server1 archive

This command copies Sue's /spreadsheets directory to the module backup_dir1:

sue@workstation:~$ rsync -av  spreadsheets server1::backup_dir1 building file list.....done spreadsheets/aug_03 spreadsheets/sept_03 spreadsheets/oct_03 wrote 126399 bytes  read 104 bytes  1522.0 bytes/sec total size is 130228  speedup is 0.94

Now, view the nice, new uploaded files:

sue@workstation:~$ rsync server1::backup_dir1 drwx------      192  2003/02/12  spreadsheets -rw-r--r--    21560  2003/09/17  aug_03 -rw-r--r--    21560  2003/10/14  sept_03 -rw-r--r--    21560  2003/11/10  oct_03

Sue can easily retrieve files from server1 to her workstation:

sue@workstation:~$ rsync -av  server1::backup_dir1/sept_03  ~/downloads receiving file list...done sept_03 wrote 21560 bytes read 126 bytes 1148.0 bytes/sec total size is 22031  speedup is 0

16.4.3 Discussion

This particular setup is perfectly functional, but not very secure. backup_dir1 is wide open, so any rsync user can access it. Files are transmitted in the clear, so you shouldn't use this for sensitive files.

You can use rsync's built-in simple authentication and access controls to limit access, so it's possible to set up reasonably private archives. See Recipe 16.5 to learn how to add some security.

This is what the rsync command options mean:

rsync server1::

Double colons are used when connecting to an rsync server running in daemon mode. When you connect to an rsync server, you use the module names, rather than filepaths.

rsync -av

-a means archive mode. This tells rsync to copy directories recursively, preserve permissions, copy symlinks, preserve group, preserve owner, and preserve timestamps. -a is the same as -rlptgoD. -v is verbose.

stats

This option prints a verbose set of statistics on the file transfer, for those who wish to calculate the efficiency of the rsync algorithm.

/etc/rsyncd.conf should be familiar to Samba users, as it uses the same style as smb.conf. Global settings go at the top. Then you can define as many modules as you need. A module defines a single directory, with its options and access permissions:

[backup_dir1]

The module name is enclosed in square brackets. Make this anything you like.

path = /backups

The directory for this module. Always use absolute paths.

comment = server1 archive

This is optional; say anything you want here.

list = yes

This allows the module to be listed when users query the server. The default is no, which will hide the module.

read only = no

The default is read-only. If you want to be able to upload files to this directory, turn off read-only.

16.4.4 See Also

• rsync(1), rsyncd.conf(5)

• The rsync home page (http://rsync.samba.org)