I have several machines capable of running the rsync client and server. Each machine can push backups to a remote server on my network. This allows multiple copies of critical files to be stored on separate machines. It would be ideal for these machines to be located in different buildings, if not different cities. Given the state of most modern firewalls, this might require an ssh tunnel from the client to the server for port 873(rsync).
rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemonto /etc/inetd.conf and send SIGHUP to inetd. (kill -HUP <PID for inetd>)
max connections = 2 [crow] path = /data/backups/crow comment = Backup area for crow to use uid = root gid = root auth users = root hosts allow = 192.168.1.1 read only = no list = yes secrets file = /etc/rsyncd.secretsThis creates an rsync module named crow that allows root on the machine at IP 192.168.1.1 to push backups to the folder /data/backups/crow on the server. The file /etc/rsyncd.secrets defines the password for this operation.
echo root:backupPassword > /etc/rsyncd.secrets chmod 400 /etc/rsyncd.secretsThis makes a file, readable only by root on the server, which defines passwords for rsync operations. The name of the file is arbitrary, but defined by the secrets file entry above. This file may contain more user/password pairs, but for this example, I am only using rsync from the root user so that I can maintain uid, gid, and time when backing up.
Your server is now configured to accept backups from root on the machine at 192.168.1.1.
echo backupPassword > /etc/rsync.password chmod 400 /etc/rsync.passwordThis password file is only readable by root, providing some minimal amount of security. Since this password is used ONLY for performing rsync jobs to a specific folder on the server, I feel that the security is adequate.
rsync -arcz --password-file=/etc/rsync.password /etc larry::crowwhich will push the contents of the /etc directory on the client to server larry which is hosting backup module crow. This can be done without user interaction, since the password defined in the secrets file on larry is defined in the command-line argument to rsync. The a option requests archive mode, which preserves uid, gid, time. The r option ensures that folders are recursed. I think the c explicitly asks for CRC update check. The z requests that files be compressed for transfer to the server, which saves network bandwidth at the expense of CPU.