Matthew Seaman m.seaman at
Sun Aug 10 19:50:49 UTC 2008

Jos Chrispijn wrote:
> Matthew Seaman wrote:
>> Use anonymous rsync? There's a section on rsyncd in the rsync(1)
>> man page, but most of the meat is in the rsyncd.conf(5) man page.
>> The downside is you'll lose information about user and group ownership
>> of files.  Oh, and obviously be careful about limiting where people
>> can access the rsyncd server from, or your precious data may go on
>> an unplanned walkies...
> I don't want to loose any user and group ownership of files. Would there 
> be another solution without rsync then or does the 'forbidden root 
> login' affect all backup solutions here?

If you're going to expand the backup sets on the mirror box back into
a second copy of the filesystem, then you definitely need root access
on the client (to read any file irrespective of permissions) and on the 
server (in order to set the ownership and permissions on the files).

You can NFS mount the filesystem onto the second server and copy the
files locally that way -- but watch out for the way root-owned files are
changed to nobody:nobody ownership by default.

You can use ggated(8) and ggatec(8) to share the filesystem at low-level
between the two machines.  It's even possible to combine that with a local filesystem using gmirror(8) to have instantaneous synchronisation of both copies of the data on the two machines, although I wouldn't trust that for anything your livelihood depends on.

You can do a similar trick using iSCSI -- you'll need the net/iscsi-target
port installed on the server machine and to use the iscsi_initiator(4)
driver on the client machines. See also iscontrol(8)

However, if you're willing to store a tarball or other archive format
as your backup, then you don't need root access on the backup server, 
although you will still need it on the client.

In this case, you can use just about anything: dump(8), tar(1), cpio(1)
-- these all give you the option of 'writing to a remote device' which can
just be a regular file on your second machine. Usually network writes are
over ssh(1), although you will possibly be required to set some variables in the environment to force that to be the case.  So all you need is a 
non-root account on the server that lets root on the clients log into it.  
That can be arranged using key-based auth quite nicely.

Depending on how much stuff you have, and the likelyhood that you'll
need to restore it, you could use a full-blown backup system like
bacula.  It's pretty easy to get bacula to write backup sets to disk,
and you get a not bad at all command interface via bconsole to manipulate
all that from either the backup client or the backup server host.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list