rsync Backup

The following is a summary of how I used rsync to push backups to an rsync server.

I have several machines capable of running the rsync client and server. Each machine can push backups to a remote server on my network. This allows multiple copies of critical files to be stored on separate machines. It would be ideal for these machines to be located in different buildings, if not different cities. Given the state of most modern firewalls, this might require an ssh tunnel from the client to the server for port 873(rsync).

On the Server:

  1. Add the line: 
       rsync   stream  tcp     nowait  root    /usr/bin/rsync  rsyncd --daemon
    to /etc/inetd.conf and send SIGHUP to inetd. (kill -HUP <PID for inetd>)

  2. Make a file named /etc/rsyncd.conf with contents like: 
    max connections = 2
[crow]
   path = /data/backups/crow
   comment = Backup area for crow to use
   uid = root
   gid = root
   auth users = root
   hosts allow = 192.168.1.1
   read only = no
   list = yes
   secrets file = /etc/rsyncd.secrets
    This creates an rsync module named crow that allows root on the machine at IP 192.168.1.1 to push backups to the folder /data/backups/crow on the server. The file /etc/rsyncd.secrets defines the password for this operation.

  3. Create the file /etc/rsyncd.secrets:
    echo root:backupPassword > /etc/rsyncd.secrets
chmod 400 /etc/rsyncd.secrets
    This makes a file, readable only by root on the server, which defines passwords for rsync operations. The name of the file is arbitrary, but defined by the secrets file entry above. This file may contain more user/password pairs, but for this example, I am only using rsync from the root user so that I can maintain uid, gid, and time when backing up.

Your server is now configured to accept backups from root on the machine at 192.168.1.1.

On the client:

  1. Create a file containing the backup password, readable only by root:
    echo backupPassword > /etc/rsync.password
chmod 400 /etc/rsync.password
    This password file is only readable by root, providing some minimal amount of security. Since this password is used ONLY for performing rsync jobs to a specific folder on the server, I feel that the security is adequate.
  2. Create a cron job to push folders needing backup to the server. This script is likely to contain commands like:
    rsync -arcz --password-file=/etc/rsync.password /etc larry::crow
    which will push the contents of the /etc directory on the client to server larry which is hosting backup module crow. This can be done without user interaction, since the password defined in the secrets file on larry is defined in the command-line argument to rsync. The a option requests archive mode, which preserves uid, gid, time. The r option ensures that folders are recursed. I think the c explicitly asks for CRC update check. The z requests that files be compressed for transfer to the server, which saves network bandwidth at the expense of CPU.
There are many features to rsync to explore, and I am no expert there. This setup will at least get you started in setting up a poor-man's "mirror", which can be run across the internet.
Aaron Birenboim
Last modified: Wed Nov 23 08:13:34 MST 2005