rsync Backup

The following is a summary of how I used rsync to push backups to an rsync server.

I have several machines capable of running the rsync client and server. Each machine can push backups to a remote server on my network. This allows multiple copies of critical files to be stored on separate machines. It would be ideal for these machines to be located in different buildings, if not different cities. Given the state of most modern firewalls, this might require an ssh tunnel from the client to the server for port 873(rsync).

On the Server:

  1. Add the line:
       rsync   stream  tcp     nowait  root    /usr/bin/rsync  rsyncd --daemon
    to /etc/inetd.conf and send SIGHUP to inetd. (kill -HUP <PID for inetd>)

  2. Make a file named /etc/rsyncd.conf with contents like:
    max connections = 2
       path = /data/backups/crow
       comment = Backup area for crow to use
       uid = root
       gid = root
       auth users = root
       hosts allow =
       read only = no
       list = yes
       secrets file = /etc/rsyncd.secrets
    This creates an rsync module named crow that allows root on the machine at IP to push backups to the folder /data/backups/crow on the server. The file /etc/rsyncd.secrets defines the password for this operation.

  3. Create the file /etc/rsyncd.secrets:
    echo root:backupPassword > /etc/rsyncd.secrets
    chmod 400 /etc/rsyncd.secrets
    This makes a file, readable only by root on the server, which defines passwords for rsync operations. The name of the file is arbitrary, but defined by the secrets file entry above. This file may contain more user/password pairs, but for this example, I am only using rsync from the root user so that I can maintain uid, gid, and time when backing up.

Your server is now configured to accept backups from root on the machine at

On the client:

  1. Create a file containing the backup password, readable only by root:
    echo backupPassword > /etc/rsync.password
    chmod 400 /etc/rsync.password
    This password file is only readable by root, providing some minimal amount of security. Since this password is used ONLY for performing rsync jobs to a specific folder on the server, I feel that the security is adequate.
  2. Create a cron job to push folders needing backup to the server. This script is likely to contain commands like:
    rsync -arcz --password-file=/etc/rsync.password /etc larry::crow
    which will push the contents of the /etc directory on the client to server larry which is hosting backup module crow. This can be done without user interaction, since the password defined in the secrets file on larry is defined in the command-line argument to rsync. The a option requests archive mode, which preserves uid, gid, time. The r option ensures that folders are recursed. I think the c explicitly asks for CRC update check. The z requests that files be compressed for transfer to the server, which saves network bandwidth at the expense of CPU.
There are many features to rsync to explore, and I am no expert there. This setup will at least get you started in setting up a poor-man's "mirror", which can be run across the internet.
Aaron Birenboim
Last modified: Wed Nov 23 08:13:34 MST 2005