rsync approach
Karl Vogel
vogelke+unix at pobox.com
Sat May 30 22:58:06 UTC 2009
>> On Wed, 27 May 2009 15:03:30 -0700,
>> prad <prad at towardsfreedom.com> said:
P> We are thinking of rsync to duplicate 1st [box] > 2nd [box] (with the
P> exception of rc.conf and a few other files of course because we don't
P> want them to be absolutely identical).
P> we plan to allow root login and have disabled all password access so
P> that rsync can preserve permissions. is this a good way to accomplish
P> the bkp job?
If you're going to use root login, I'd suggest access control for ssh
via either daemontools or tcpwrappers, and add some extra security
by putting 'from="hostname"' in root's entry in the "authorized_keys2"
file:
from="1st.box.com" ssh-dss AAAAB3NzaC1MtH[...]WDXDrq03pE= root at 1st.box.com
It's not strictly necessary to allow root connections if you want
to keep permissions intact. I use an unprivileged account ("bkup")
to copy gzipped cpio archives between systems. On the 1st box, root
can use pax or cpio to create the archive, and then run something as
user "bkup" to do the copy to the 2nd box:
root# cd /some/where
root# find . -print | pax -x cpio -wd | gzip -1c > /tmp/arch.pax.gz
root# su bkup -c "scp -c arcfour -i /bkup/.ssh/backuphost_dsa \
/tmp/arch.pax.gz 2nd.box.com:/someplace/bkup/can/write"
The arcfour cipher will probably give you better throughput. To unpack
the files on 2nd.box.com:
root# cd /some/where/else
root# gunzip -c /someplace/bkup/can/write/arch.pax.gz | pax -rd -pe
root# rm /someplace/bkup/can/write/arch.pax.gz
If the files you're syncing are huge, you're better off using root login
plus rsync.
--
Karl Vogel I don't speak for the USAF or my company
SUVs are gross because they're the solution to a gross problem:
how to make minivans look more masculine. --Paul Graham
More information about the freebsd-questions
mailing list