1 =head1 BackupPC Introduction
3 This documentation describes BackupPC version __VERSION__,
4 released on __RELEASEDATE__.
8 BackupPC is a high-performance, enterprise-grade system for backing up
9 Linux and WinXX PCs, desktops and laptops to a server's disk. BackupPC
10 is highly configurable and easy to install and maintain.
12 Given the ever decreasing cost of disks and raid systems, it is now
13 practical and cost effective to backup a large number of machines onto a
14 server's local disk or network storage. For some sites this might be
15 the complete backup solution. For other sites additional permanent
16 archives could be created by periodically backing up the server to tape.
24 A clever pooling scheme minimizes disk storage and disk I/O.
25 Identical files across multiple backups of the same or different PC
26 are stored only once (using hard links), resulting in substantial
27 savings in disk storage and disk writes.
31 Optional compression provides additional reductions in storage
32 (around 40%). The CPU impact of compression is low since only
33 new files (those not already in the pool) need to be compressed.
37 A powerful http/cgi user interface allows administrators to view log
38 files, configuration, current status and allows users to initiate and
39 cancel backups and browse and restore files from backups.
43 The http/cgi user interface has internationalization (i18n) support,
44 currently providing English, French, German, Spanish and Italian.
48 No client-side software is needed. On WinXX the standard smb
49 protocol is used to extract backup data. On linux or unix clients,
50 rsync or tar (over ssh/rsh/nfs) is used to extract backup data.
51 Alternatively, rsync can also be used on WinXX (using cygwin),
52 and Samba could be installed on the linux or unix client to
57 Flexible restore options. Single files can be downloaded from
58 any backup directly from the CGI interface. Zip or Tar archives
59 for selected files or directories from any backup can also be
60 downloaded from the CGI interface. Finally, direct restore to
61 the client machine (using smb or tar) for selected files or
62 directories is also supported from the CGI interface.
66 BackupPC supports mobile environments where laptops are only
67 intermittently connected to the network and have dynamic IP addresses
68 (DHCP). Configuration settings allow machines connected via slower WAN
69 connections (eg: dial up, DSL, cable) to not be backed up, even if they
70 use the same fixed or dynamic IP address as when they are connected
75 Flexible configuration parameters allow multiple backups to be performed
76 in parallel, specification of which shares to backup, which directories
77 to backup or not backup, various schedules for full and incremental
78 backups, schedules for email reminders to users and so on. Configuration
79 parameters can be set system-wide or also on a per-PC basis.
83 Users are sent periodic email reminders if their PC has not
84 recently been backed up. Email content, timing and policies
89 BackupPC is Open Source software hosted by SourceForge.
99 A full backup is a complete backup of a share. BackupPC can be
100 configured to do a full backup at a regular interval (typically
101 weekly). BackupPC can be configured to keep a certain number
102 of full backups. Exponential expiry is also supported, allowing
103 full backups with various vintages to be kept (for example, a
104 settable number of most recent weekly fulls, plus a settable
105 number of older fulls that are 2, 4, 8, or 16 weeks apart).
107 =item Incremental Backup
109 An incremental backup is a backup of files that have changed (based on their
110 modification time) since the last successful full backup. For SMB and
111 tar, BackupPC backups all files that have changed since one hour prior to the
112 start of the last successful full backup. Rsync is more clever: any files
113 who attributes have changed (ie: uid, gid, mtime, modes, size) since the
114 last full are backed up. Deleted and new files are also detected by
115 Rsync incrementals (SMB and tar are not able to detect deleted files or
116 new files whose modification time is prior to the last full dump.
118 BackupPC can also be configured to keep a certain number of incremental
119 backups, and to keep a smaller number of very old incremental backups.
120 (BackupPC does not support multi-level incremental backups, although it
121 would be easy to do so.)
123 BackupPC's CGI interface "fills-in" incremental backups based on the
124 last full backup, giving every backup a "full" appearance. This makes
125 browsing and restoring backups easier.
129 When a full backup fails or is canceled, and some files have already
130 been backed up, BackupPC keeps a partial backup containing just the
131 files that were backed up successfully. The partial backup is removed
132 when the next successful backup completes, or if another full backup
133 fails resulting in a newer partial backup. A failed full backup
134 that has not backed up any files, or any failed incremental backup,
135 is removed; no partial backup is saved in these cases.
137 The partial backup may be browsed or used to restore files just like
138 a successful full or incremental backup.
140 With the rsync transfer method the partial backup is used to resume
141 the next full backup, avoiding the need to retransfer the file data
142 already in the partial backup.
144 =item Identical Files
146 BackupPC pools identical files using hardlinks. By "identical
147 files" we mean files with identical contents, not necessary the
148 same permissions, ownership or modification time. Two files might
149 have different permissions, ownership, or modification time but
150 will still be pooled whenever the contents are identical. This
151 is possible since BackupPC stores the file meta-data (permissions,
152 ownership, and modification time) separately from the file contents.
156 Based on your site's requirements you need to decide what your backup
157 policy is. BackupPC is not designed to provide exact re-imaging of
158 failed disks. See L<Limitations|limitations> for more information.
159 However, the addition of tar transport for linux/unix clients, plus
160 full support for special file types and unix attributes in v1.4.0
161 likely means an exact image of a linux/unix file system can be made.
163 BackupPC saves backups onto disk. Because of pooling you can relatively
164 economically keep several weeks of old backups.
166 At some sites the disk-based backup will be adequate, without a
167 secondary tape backup. This system is robust to any single failure: if a
168 client disk fails or loses files, the BackupPC server can be used to
169 restore files. If the server disk fails, BackupPC can be restarted on a
170 fresh file system, and create new backups from the clients. The chance
171 of the server disk failing can be made very small by spending more money
172 on increasingly better RAID systems.
174 At other sites a secondary tape backup or cd/dvd will be required. This
175 backup can be done perhaps weekly using the archive function of BackupPC.
183 =item BackupPC home page
185 The BackupPC Open Source project is hosted on SourceForge. The
186 home page can be found at:
188 http://backuppc.sourceforge.net
190 This page has links to the current documentation, the SourceForge
191 project page and general information.
193 =item SourceForge project
195 The SourceForge project page is at:
197 http://sourceforge.net/projects/backuppc
199 This page has links to the current releases of BackupPC.
203 Three BackupPC mailing lists exist for announcements (backuppc-announce),
204 developers (backuppc-devel), and a general user list for support, asking
205 questions or any other topic relevant to BackupPC (backuppc-users).
207 You can subscribe to these lists by visiting:
209 http://lists.sourceforge.net/lists/listinfo/backuppc-announce
210 http://lists.sourceforge.net/lists/listinfo/backuppc-users
211 http://lists.sourceforge.net/lists/listinfo/backuppc-devel
213 The backuppc-announce list is moderated and is used only for
214 important announcements (eg: new versions). It is low traffic.
215 You only need to subscribe to one of backuppc-announce and
216 backuppc-users: backuppc-users also receives any messages on
219 The backuppc-devel list is only for developers who are working on BackupPC.
220 Do not post questions or support requests there. But detailed technical
221 discussions should happen on this list.
223 To post a message to the backuppc-users list, send an email to
225 backuppc-users@lists.sourceforge.net
227 Do not send subscription requests to this address!
229 =item Other Programs of Interest
231 If you want to mirror linux or unix files or directories to a remote server
232 you should consider rsync, L<http://rsync.samba.org>. BackupPC now uses
233 rsync as a transport mechanism; if you are already an rsync user you
234 can think of BackupPC as adding efficient storage (compression and
235 pooling) and a convenient user interface to rsync.
237 Unison is a utility that can do two-way, interactive, synchronization.
238 See L<http://www.cis.upenn.edu/~bcpierce/unison>.
240 Three popular open source packages that do tape backup are
241 Amanda (L<http://www.amanda.org>),
242 afbackup (L<http://sourceforge.net/projects/afbackup>), and
243 Bacula (L<http://www.bacula.org>).
244 Amanda can also backup WinXX machines to tape using samba.
245 These packages can be used as back ends to BackupPC to backup the
246 BackupPC server data to tape.
248 Various programs and scripts use rsync to provide hardlinked backups.
249 See, for example, Mike Rubel's site (L<http://www.mikerubel.org>),
250 J. W. Schultz's dirvish (L<http://www.pegasys.ws/dirvish>),
251 Ben Escoto's rdiff-backup (L<http://rdiff-backup.stanford.edu>),
252 and John Bowman's rlbackup (L<http://www.math.ualberta.ca/imaging/rlbackup>).
254 BackupPC provides many additional features, such as compressed storage,
255 hardlinking any matching files (rather than just files with the same name),
256 and storing special files without root privileges. But these other scripts
257 provide simple and effective solutions and are worthy of consideration.
263 Here are some ideas for new features that might appear in future
264 releases of BackupPC:
270 Adding hardlink support to rsync.
274 Adding a trip wire feature for notification when files below certain
275 directories change. For example, if you are backing up a DMZ machine,
276 you could request that you get sent email if any files below /bin,
277 /sbin or /usr change.
281 Allow editing of config parameters via the CGI interface. Users should
282 have permission to edit a subset of the parameters for their clients.
283 Additionally, allow an optional self-service capability so that users
284 can sign up and setup their own clients with no need for IT support.
288 Add backend SQL support for various BackupPC metadata, including
289 configuration parameters, client lists, and backup and restore
290 information. At installation time the backend data engine will
291 be specified (eg: MySQL, ascii text etc).
295 Replacing smbclient with the perl module FileSys::SmbClient. This
296 gives much more direct control of the smb transfer, allowing
297 incrementals to depend on any attribute change (eg: exist, mtime,
298 file size, uid, gid), and better support for include and exclude.
299 Currently smbclient incrementals only depend upon mtime, so
300 deleted files or renamed files are not detected. FileSys::SmbClient
301 would also allow resuming of incomplete full backups in the
302 same manner as rsync will.
306 Support --listed-incremental or --incremental for tar,
307 so that incrementals will depend upon any attribute change (eg: exist,
308 mtime, file size, uid, gid), rather than just mtime. This will allow
309 tar to be to as capable as FileSys::SmbClient and rsync.
313 For rysnc (and smb when FileSys::SmbClient is supported, and tar when
314 --listed-incremental is supported) support multi-level incrementals.
315 In fact, since incrementals will now be more "accurate", you could
316 choose to never to full dumps (except the first time), or at a
317 minimum do them infrequently: each incremental would depend upon
318 the last, giving a continuous chain of differential dumps.
322 More speculative: Storing binary file deltas (in fact, reverse deltas)
323 for files that have the same name as a previous backup, but that aren't
324 already in the pool. This will save storage for things like mailbox
325 files or documents that change slightly between backups. Running some
326 benchmarks on a large pool suggests that the potential savings are
327 around 15-20%, which isn't spectacular, and likely not worth the
328 implementation effort. The program xdelta (v1) on SourceForge (see
329 L<http://sourceforge.net/projects/xdelta>) uses an rsync algorithm for
330 doing efficient binary file deltas. Rather than using an external
331 program, File::RsyncP will eventually get the necessary delta
332 generation code from rsync.
336 Comments and suggestions are welcome.
340 BackupPC is free. I work on BackupPC because I enjoy doing it and I like
341 to contribute to the open source community.
343 BackupPC already has more than enough features for my own needs. The
344 main compensation for continuing to work on BackupPC is knowing that
345 more and more people find it useful. So feedback is certainly
346 appreciated. Even negative feedback is helpful, for example "We
347 evaluated BackupPC but didn't use it because it doesn't ...".
349 Beyond being a satisfied user and telling other people about it, everyone
350 is encouraged to add links to L<http://backuppc.sourceforge.net> (I'll
351 see then via Google) or otherwise publicize BackupPC. Unlike the
352 commercial products in this space, I have a zero budget (in both
353 time and money) for marketing, PR and advertising, so it's up to
356 Also, everyone is encouraged to contribute patches, bug reports, feature
357 and design suggestions, code, and documentation corrections or
360 =head1 Installing BackupPC
370 A linux, solaris, or unix based server with a substantial amount of free
371 disk space (see the next section for what that means). The CPU and disk
372 performance on this server will determine how many simultaneous backups
373 you can run. You should be able to run 4-8 simultaneous backups on a
374 moderately configured server.
376 When BackupPC starts with an empty pool, all the backup data will be
377 written to the pool on disk. After more backups are done, a higher
378 percentage of incoming files will already be in the pool. BackupPC is
379 able to avoid writing to disk new files that are already in the pool.
380 So over time disk writes will reduce significantly (by perhaps a factor
381 of 20 or more), since eventually 95% or more of incoming backup files
382 are typically in the pool. Disk reads from the pool are still needed to
383 do file compares to verify files are an exact match. So, with a mature
384 pool, if a relatively fast client generates data at say 1MB/sec, and you
385 run 4 simultaneous backups, there will be an average server disk load of
386 about 4MB/sec reads and 0.2MB/sec writes (assuming 95% of the incoming
387 files are in the pool). These rates will be perhaps 40% lower if
392 Perl version 5.6.0 or later. BackupPC has been tested with
393 version 5.6.0, 5.6.1 and 5.8.0. If you don't have perl, please
394 see L<http://www.cpan.org>.
398 Perl modules Compress::Zlib, Archive::Zip and File::RsyncP. Try "perldoc
399 Compress::Zlib" and "perldoc Archive::Zip" to see if you have these
400 modules. If not, fetch them from L<http://www.cpan.org> and see the
401 instructions below for how to build and install them.
403 The File::RsyncP module is available from L<http://perlrsync.sourceforge.net>
404 or CPAN. You'll need to install the File::RsyncP module if you want to use
405 Rsync as a transport method.
409 If you are using smb to backup WinXX machines you need smbclient and
410 nmblookup from the samba package. You will also need nmblookup if
411 you are backing up linux/unix DHCP machines. See L<http://www.samba.org>.
412 Version 2.2.0 or later of Samba is required (smbclient's tar feature in
413 2.0.8 and prior has bugs for file path lengths around 100 characters
414 and generates bad output when file lengths change during the backup).
416 See L<http://www.samba.org> for source and binaries. It's pretty easy to
417 fetch and compile samba, and just grab smbclient and nmblookup, without
418 doing the installation. Alternatively, L<http://www.samba.org> has binary
419 distributions for most platforms.
423 If you are using tar to backup linux/unix machines you should have version
424 1.13.7 at a minimum, with version 1.13.20 or higher recommended. Use
425 "tar --version" to check your version. Various GNU mirrors have the newest
426 versions of tar, see for example L<http://www.funet.fi/pub/gnu/alpha/gnu/tar>.
427 As of June 2003 the latest version is 1.13.25.
431 If you are using rsync to backup linux/unix machines you should have
432 version 2.5.5 or higher on each client machine. See
433 L<http://rsync.samba.org>. Use "rsync --version" to check your
436 For BackupPC to use Rsync you will also need to install the perl
437 File::RsyncP module, which is available from
438 L<http://perlrsync.sourceforge.net>. Version 0.44 or later is required.
442 The Apache web server, see L<http://www.apache.org>, preferably built
443 with mod_perl support.
447 =head2 How much disk space do I need?
449 Here's one real example for an environment that is backing up 65 laptops
450 with compression off. Each full backup averages 3.2GB. Each incremental
451 backup averages about 0.2GB. Storing one full backup and two incremental
452 backups per laptop is around 240GB of raw data. But because of the
453 pooling of identical files, only 87GB is used. This is without
456 Another example, with compression on: backing up 95 laptops, where
457 each backup averages 3.6GB and each incremental averages about 0.3GB.
458 Keeping three weekly full backups, and six incrementals is around
459 1200GB of raw data. Because of pooling and compression, only 150GB
462 Here's a rule of thumb. Add up the C drive usage of all the machines you
463 want to backup (210GB in the first example above). This is a rough
464 minimum space estimate that should allow a couple of full backups and at
465 least half a dozen incremental backups per machine. If compression is on
466 you can reduce the storage requirements by maybe 30-40%. Add some margin
467 in case you add more machines or decide to keep more old backups.
469 Your actual mileage will depend upon the types of clients, operating
470 systems and applications you have. The more uniform the clients and
471 applications the bigger the benefit from pooling common files.
473 For example, the Eudora email tool stores each mail folder in a separate
474 file, and attachments are extracted as separate files. So in the sadly
475 common case of a large attachment emailed to many recipients, Eudora
476 will extract the attachment into a new file. When these machines are
477 backed up, only one copy of the file will be stored on the server, even
478 though the file appears in many different full or incremental backups. In
479 this sense Eudora is a "friendly" application from the point of view of
480 backup storage requirements.
482 An example at the other end of the spectrum is Outlook. Everything
483 (email bodies, attachments, calendar, contact lists) is stored in a
484 single file, which often becomes huge. Any change to this file requires
485 a separate copy of the file to be saved during backup. Outlook is even
486 more troublesome, since it keeps this file locked all the time, so it
487 cannot be read by smbclient whenever Outlook is running. See the
488 L<Limitations|limitations> section for more discussion of this problem.
490 In addition to total disk space, you shold make sure you have
491 plenty of inodes on your BackupPC data partition. Some users have
492 reported running out of inodes on their BackupPC data partition.
493 So even if you have plenty of disk space, BackupPC will report
494 failures when the inodes are exhausted. This is a particular
495 problem with ext2/ext3 file systems that have a fixed number of
496 inodes when the file system is built. Use "df -i" to see your
499 =head2 Step 1: Getting BackupPC
501 Download the latest version from L<http://backuppc.sourceforge.net>.
503 =head2 Step 2: Installing the distribution
505 First off, there are three perl modules you should install.
506 These are all optional, but highly recommended:
512 To enable compression, you will need to install Compress::Zlib
513 from L<http://www.cpan.org>.
514 You can run "perldoc Compress::Zlib" to see if this module is installed.
518 To support restore via Zip archives you will need to install
519 Archive::Zip, also from L<http://www.cpan.org>.
520 You can run "perldoc Archive::Zip" to see if this module is installed.
524 To use rsync and rsyncd with BackupPC you will need to install File::RsyncP.
525 You can run "perldoc File::RsyncP" to see if this module is installed.
526 File::RsyncP is available from L<http://perlrsync.sourceforge.net>.
527 Version 0.44 or later is required.
531 To build and install these packages, fetch the tar.gz file and
532 then run these commands:
534 tar zxvf Archive-Zip-1.01.tar.gz
541 The same sequence of commands can be used for each module.
543 Now let's move onto BackupPC itself. After fetching
544 BackupPC-__VERSION__.tar.gz, run these commands as root:
546 tar zxf BackupPC-__VERSION__.tar.gz
547 cd BackupPC-__VERSION__
550 You will be prompted for the full paths of various executables, and
551 you will be prompted for the following information:
557 It is best if BackupPC runs as a special user, eg backuppc, that has
558 limited privileges. It is preferred that backuppc belongs to a system
559 administrator group so that sys admin members can browse backuppc files,
560 edit the configuration files and so on. Although configurable, the
561 default settings leave group read permission on pool files, so make
562 sure the BackupPC user's group is chosen restrictively.
564 On this installation, this is __BACKUPPCUSER__.
568 You need to decide where to put the data directory, below which
569 all the BackupPC data is stored. This needs to be a big file system.
571 On this installation, this is __TOPDIR__.
573 =item Install Directory
575 You should decide where the BackupPC scripts, libraries and documentation
576 should be installed, eg: /opt/local/BackupPC.
578 On this installation, this is __INSTALLDIR__.
580 =item CGI bin Directory
582 You should decide where the BackupPC CGI script resides. This will
583 usually below Apache's cgi-bin directory.
585 On this installation, this is __CGIDIR__.
587 =item Apache image directory
589 A directory where BackupPC's images are stored so that Apache can
590 serve them. This should be somewhere under Apache's DocumentRoot
595 =head2 Step 3: Setting up config.pl
597 After running configure.pl, browse through the config file,
598 __INSTALLDIR__/conf/config.pl, and make sure all the default settings
599 are correct. In particular, you will need to decide whether to use
600 smb or tar transport (or whether to set it on a per-PC basis),
601 set the smb share password (if using smb), set the backup policies
602 and modify the email message headers and bodies.
604 BackupPC needs to know the smb share user name and password for each PC
605 that uses smb (ie: all the WinXX clients). The user name is specified
606 in $Conf{SmbShareUserName}. There are four ways to tell BackupPC the smb
613 As an environment variable BPC_SMB_PASSWD set before BackupPC starts.
614 If you start BackupPC manually the BPC_SMB_PASSWD variable must be set
615 manually first. For backward compatibility for v1.5.0 and prior, the
616 environment variable PASSWD can be used if BPC_SMB_PASSWD is not set.
617 Warning: on some systems it is possible to see environment variables of
622 Alternatively the BPC_SMB_PASSWD setting can be included in
623 /etc/init.d/backuppc, in which case you must make sure this file
624 is not world (other) readable.
628 As a configuration variable $Conf{SmbSharePasswd} in
629 __TOPDIR__/conf/config.pl. If you put the password
630 here you must make sure this file is not world (other) readable.
634 As a configuration variable $Conf{SmbSharePasswd} in the per-PC
635 configuration file, __TOPDIR__/pc/$host/config.pl. You will have to
636 use this option if the smb share password is different for each host.
637 If you put the password here you must make sure this file is not
638 world (other) readable.
642 Placement and protection of the smb share password is a possible
643 security risk, so please double-check the file and directory
644 permissions. In a future version there might be support for
645 encryption of this password, but a private key will still have to
646 be stored in a protected place. Suggestions are welcome.
648 =head2 Step 4: Setting up the hosts file
650 The file __TOPDIR__/conf/hosts contains the list of clients to backup.
651 BackupPC reads this file in three cases:
661 When BackupPC is sent a HUP (-1) signal. Assuming you installed the
662 init.d script, you can also do this with "/etc/init.d/backuppc reload".
666 When the modification time of the hosts file changes. BackupPC
667 checks the modification time once during each regular wakeup.
671 Whenever you change the hosts file (to add or remove a host) you can
672 either do a kill -HUP BackupPC_pid or simply wait until the next regular
675 Each line in the hosts file contains three fields, separated
682 This is typically the host name or NetBios name of the client machine
683 and should be in lower case. The host name can contain spaces (escape
684 with a backslash), but it is not recommended.
686 Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>.
688 In certain cases you might want several distinct clients to refer
689 to the same physical machine. For example, you might have a database
690 you want to backup, and you want to bracket the backup of the database
691 with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}.
692 But you also want to backup the rest of the machine while the database
693 is still running. In the case you can specify two different clients in
694 the host file, using any mnemonic name (eg: myhost_mysql and myhost), and
695 use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the
696 real host name of the machine.
700 Starting with v2.0.0 the way hosts are discovered has changed and now
701 in most cases you should specify 0 for the DHCP flag, even if the host
702 has a dynamically assigned IP address.
703 Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>
704 to understand whether you need to set the DHCP flag.
706 You only need to set DHCP to 1 if your client machine doesn't
707 respond to the NetBios multicast request:
711 but does respond to a request directed to its IP address:
715 If you do set DHCP to 1 on any client you will need to specify the range of
716 DHCP addresses to search is specified in $Conf{DHCPAddressRanges}.
718 Note also that the $Conf{ClientNameAlias} feature does not work for
719 clients with DHCP set to 1.
723 This should be the unix login/email name of the user who "owns" or uses
724 this machine. This is the user who will be sent email about this
725 machine, and this user will have permission to stop/start/browse/restore
726 backups for this host. Leave this blank if no specific person should
727 receive email or be allowed to stop/start/browse/restore backups
728 for this host. Administrators will still have full permissions.
732 Additional user names, separate by commas and with no white space,
733 can be specified. These users will also have full permission in
734 the CGI interface to stop/start/browse/restore backups for this host.
735 These users will not be sent email about this host.
739 The first non-comment line of the hosts file is special: it contains
740 the names of the columns and should not be edited.
742 Here's a simple example of a hosts file:
744 host dhcp user moreUsers
745 farside 0 craig jim,dave
748 =head2 Step 5: Client Setup
750 Two methods for getting backup data from a client are supported: smb and
751 tar. Smb is the preferred method for WinXX clients and tar is preferred
752 method for linux/unix clients.
754 The transfer method is set using the $Conf{XferMethod} configuration
755 setting. If you have a mixed environment (ie: you will use smb for some
756 clients and tar for others), you will need to pick the most common
757 choice for $Conf{XferMethod} for the main config.pl file, and then
758 override it in the per-PC config file for those hosts that will use
759 the other method. (Or you could run two completely separate instances
760 of BackupPC, with different data directories, one for WinXX and the
761 other for linux/unix, but then common files between the different
762 machine types will duplicated.)
764 Here are some brief client setup notes:
770 The preferred setup for WinXX clients is to set $Conf{XferMethod} to "smb".
771 (Actually, for v2.0.0, rsyncd is the better method for WinXX if you are
772 prepared to run rsync/cygwin on your WinXX client. More information
773 about this will be provided via the FAQ.)
775 If you want to use rsyncd for WinXX clients you can find a pre-packaged
776 zip file on L<http://backuppc.sourceforge.net>. The package is called
777 cygwin-rsync. It contains rsync.exe, template setup files and the
778 minimal set of cygwin libraries for everything to run. The README file
779 contains instructions for running rsync as a service, so it starts
780 automatically everytime you boot your machine.
782 Otherwise, to use SMB, you need to create shares for the data you want
783 to backup. Open "My Computer", right click on the drive (eg: C), and
784 select "Sharing..." (or select "Properties" and select the "Sharing"
785 tab). In this dialog box you can enable sharing, select the share name
786 and permissions. Many machines will be configured by default to share
787 the entire C drive as C$ using the administrator password.
789 If this machine uses DHCP you will also need to make sure the
790 NetBios name is set. Go to Control Panel|System|Network Identification
791 (on Win2K) or Control Panel|System|Computer Name (on WinXP).
792 Also, you should go to Control Panel|Network Connections|Local Area
793 Connection|Properties|Internet Protocol (TCP/IP)|Properties|Advanced|WINS
794 and verify that NetBios is not disabled.
796 As an alternative to setting $Conf{XferMethod} to "smb" (using
797 smbclient) for WinXX clients, you can use an smb network filesystem (eg:
798 ksmbfs or similar) on your linux/unix server to mount the share,
799 and then set $Conf{XferMethod} to "tar" (use tar on the network
800 mounted file system).
802 Also, to make sure that file names with 8-bit characters are correctly
803 transferred by smbclient you should add this to samba's smb.conf file
807 # Accept the windows charset
808 client code page = 850
809 character set = ISO8859-1
811 For samba 3.x this should instead be:
814 unix charset = ISO8859-1
816 This setting should work for western europe.
817 See L<http://www.oreilly.com/catalog/samba/chapter/book/ch08_03.html>
818 for more information about settings for other languages.
822 The preferred setup for linux/unix clients is to set $Conf{XferMethod}
823 to "rsync", "rsyncd" or "tar".
825 You can use either rsync, smb, or tar for linux/unix machines. Smb requires
826 that the Samba server (smbd) be run to provide the shares. Since the smb
827 protocol can't represent special files like symbolic links and fifos,
828 tar and rsync are the better transport methods for linux/unix machines.
829 (In fact, by default samba makes symbolic links look like the file or
830 directory that they point to, so you could get an infinite loop if a
831 symbolic link points to the current or parent directory. If you really
832 need to use Samba shares for linux/unix backups you should turn off the
833 "follow symlinks" samba config setting. See the smb.conf manual page.)
835 The requirements for each Xfer Method are:
841 You must have GNU tar on the client machine. Use "tar --version"
842 or "gtar --version" to verify. The version should be at least
843 1.13.7, and 1.13.20 or greater is recommended. Tar is run on
844 the client machine via rsh or ssh.
846 The relevant configuration settings are $Conf{TarClientPath},
847 $Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs},
848 $Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}.
852 You should have at least rsync 2.5.5, and the latest version 2.5.6
853 is recommended. Rsync is run on the remote client via rsh or ssh.
855 The relevant configuration settings are $Conf{RsyncClientPath},
856 $Conf{RsyncClientCmd}, $Conf{RsyncClientRestoreCmd}, $Conf{RsyncShareName},
857 $Conf{RsyncArgs}, and $Conf{RsyncRestoreArgs}.
861 You should have at least rsync 2.5.5, and the latest version 2.5.6
862 is recommended. In this case the rsync daemon should be running on
863 the client machine and BackupPC connects directly to it.
865 The relevant configuration settings are $Conf{RsyncdClientPort},
866 $Conf{RsyncdUserName}, $Conf{RsyncdPasswd}, $Conf{RsyncdAuthRequired},
867 $Conf{RsyncShareName}, $Conf{RsyncArgs}, and $Conf{RsyncRestoreArgs}.
868 $Conf{RsyncShareName} is the name of an rsync module (ie: the thing
869 in square brackets in rsyncd's conf file -- see rsyncd.conf), not a
872 Be aware that rsyncd will remove the leading '/' from path names in
873 symbolic links if you specify "use chroot = no" in the rsynd.conf file.
874 See the rsyncd.conf manual page for more information.
878 For linux/unix machines you should not backup "/proc". This directory
879 contains a variety of files that look like regular files but they are
880 special files that don't need to be backed up (eg: /proc/kcore is a
881 regular file that contains physical memory). See $Conf{BackupFilesExclude}.
882 It is safe to back up /dev since it contains mostly character-special
883 and block-special files, which are correctly handed by BackupPC
884 (eg: backing up /dev/hda5 just saves the block-special file information,
885 not the contents of the disk).
887 Alternatively, rather than backup all the file systems as a single
888 share ("/"), it is easier to restore a single file system if you backup
889 each file system separately. To do this you should list each file system
890 mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the
891 --one-file-system option to $Conf{TarClientCmd} or add --one-file-system
892 (note the different punctuation) to $Conf{RsyncArgs}. In this case there
893 is no need to exclude /proc explicitly since it looks like a different
896 Next you should decide whether to run tar over ssh, rsh or nfs. Ssh is
897 the preferred method. Rsh is not secure and therefore not recommended.
898 Nfs will work, but you need to make sure that the BackupPC user (running
899 on the server) has sufficient permissions to read all the files below
902 Ssh allows BackupPC to run as a privileged user on the client (eg:
903 root), since it needs sufficient permissions to read all the backup
904 files. Ssh is setup so that BackupPC on the server (an otherwise low
905 privileged user) can ssh as root on the client, without being prompted
906 for a password. There are two common versions of ssh: v1 and v2. Here
907 are some instructions for one way to setup ssh. (Check which version
908 of SSH you have by typing "ssh" or "man ssh".)
912 In general this should be similar to Linux/Unix machines.
916 =item OpenSSH Instructions
918 Depending upon your OpenSSH installation, many of these steps can be
919 replaced by running the scripts ssh-user-config and ssh-host-config
920 included with OpenSSH. You still need to manually exchange the keys.
926 As root on the client machine, use ssh-keygen to generate a
927 public/private key pair, without a pass-phrase:
929 ssh-keygen -t rsa -N ''
931 This will save the public key in ~/.ssh/id_rsa.pub and the private
932 key in ~/.ssh/id_rsa.
936 Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server.
937 Make a copy of the public key to make it recognizable, eg:
939 ssh-keygen -t rsa -N ''
940 cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
942 See the ssh and sshd manual pages for extra configuration information.
946 To allow BackupPC to ssh to the client as root, you need to place
947 BackupPC's public key into root's authorized list on the client.
948 Append BackupPC's public key (BackupPC_id_rsa.pub) to root's
949 ~/.ssh/authorized_keys2 file on the client:
951 touch ~/.ssh/authorized_keys2
952 cat BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2
954 You should edit ~/.ssh/authorized_keys2 and add further specifiers,
955 eg: from, to limit which hosts can login using this key. For example,
956 if your BackupPC host is called backuppc.my.com, there should be
957 one line in ~/.ssh/authorized_keys2 that looks like:
959 from="backuppc.my.com" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
961 =item Fix permissions
963 You will probably need to make sure that all the files
964 in ~/.ssh have no group or other read/write permission:
966 chmod -R go-rwx ~/.ssh
968 You should do the same thing for the BackupPC user on the server.
972 As the BackupPC user on the server, verify that this command:
974 ssh -l root clientHostName whoami
980 You might be prompted the first time to accept the client's host key and
981 you might be prompted for root's password on the client. Make sure that
982 this command runs cleanly with no prompts after the first time. You
983 might need to check /etc/hosts.equiv on the client. Look at the
984 man pages for more information. The "-v" option to ssh is a good way
985 to get detailed information about what fails.
989 =item SSH2 Instructions
995 As root on the client machine, use ssh-keygen2 to generate a
996 public/private key pair, without a pass-phrase:
998 ssh-keygen2 -t rsa -P
1002 ssh-keygen -t rsa -N ''
1004 (This command might just be called ssh-keygen on your machine.)
1006 This will save the public key in /.ssh2/id_rsa_1024_a.pub and the private
1007 key in /.ssh2/id_rsa_1024_a.
1009 =item Identification
1011 Create the identification file /.ssh2/identification:
1013 echo "IdKey id_rsa_1024_a" > /.ssh2/identification
1015 =item BackupPC setup
1017 Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server.
1018 Rename the key files to recognizable names, eg:
1020 ssh-keygen2 -t rsa -P
1021 mv ~/.ssh2/id_rsa_1024_a.pub ~/.ssh2/BackupPC_id_rsa_1024_a.pub
1022 mv ~/.ssh2/id_rsa_1024_a ~/.ssh2/BackupPC_id_rsa_1024_a
1023 echo "IdKey BackupPC_id_rsa_1024_a" > ~/.ssh2/identification
1025 Based on your ssh2 configuration, you might also need to turn off
1026 StrictHostKeyChecking and PasswordAuthentication:
1028 touch ~/.ssh2/ssh2_config
1029 echo "StrictHostKeyChecking ask" >> ~/.ssh2/ssh2_config
1030 echo "PasswordAuthentication no" >> ~/.ssh2/ssh2_config
1034 To allow BackupPC to ssh to the client as root, you need to place
1035 BackupPC's public key into root's authorized list on the client.
1036 Copy BackupPC's public key (BackupPC_id_rsa_1024_a.pub) to the
1037 /.ssh2 directory on the client. Add the following line to the
1038 /.ssh2/authorization file on the client (as root):
1040 touch /.ssh2/authorization
1041 echo "Key BackupPC_id_rsa_1024_a.pub" >> /.ssh2/authorization
1043 =item Fix permissions
1045 You will probably need to make sure that all the files
1046 in ~/.ssh2 have no group or other read/write permission:
1048 chmod -R go-rwx ~/.ssh2
1050 You should do the same thing for the BackupPC user on the server.
1054 As the BackupPC user on the server, verify that this command:
1056 ssh2 -l root clientHostName whoami
1062 You might be prompted the first time to accept the client's host key and
1063 you might be prompted for root's password on the client. Make sure that
1064 this command runs cleanly with no prompts after the first time. You
1065 might need to check /etc/hosts.equiv on the client. Look at the
1066 man pages for more information. The "-v" option to ssh2 is a good way
1067 to get detailed information about what fails.
1071 =item SSH version 1 Instructions
1073 The concept is identical and the steps are similar, but the specific
1074 commands and file names are slightly different.
1076 First, run ssh-keygen on the client (as root) and server (as the BackupPC
1077 user) and simply hit enter when prompted for the pass-phrase:
1081 This will save the public key in /.ssh/identity.pub and the private
1082 key in /.ssh/identity.
1084 Next, append BackupPC's ~/.ssh/identity.pub (from the server) to root's
1085 /.ssh/authorized_keys file on the client. It's a single long line that
1086 you can cut-and-paste with an editor (make sure it remains a single line).
1088 Next, force protocol version 1 by adding:
1092 to BackupPC's ~/.ssh/config on the server.
1094 Next, run "chmod -R go-rwx ~/.ssh" on the server and "chmod -R go-rwx ~/.ssh"
1097 Finally, test using:
1099 ssh -l root clientHostName whoami
1103 Finally, if this machine uses DHCP you will need to run nmbd (the
1104 NetBios name server) from the Samba distribution so that the machine
1105 responds to a NetBios name request. See the manual page and Samba
1106 documentation for more information.
1110 =head2 Step 6: Running BackupPC
1112 The installation contains an init.d backuppc script that can be copied
1113 to /etc/init.d so that BackupPC can auto-start on boot.
1114 See init.d/README for further instructions.
1116 BackupPC should be ready to start. If you installed the init.d script,
1117 then you should be able to run BackupPC with:
1119 /etc/init.d/backuppc start
1121 (This script can also be invoked with "stop" to stop BackupPC and "reload"
1122 to tell BackupPC to reload config.pl and the hosts file.)
1126 __INSTALLDIR__/bin/BackupPC -d
1128 as user __BACKUPPCUSER__. The -d option tells BackupPC to run as a daemon
1129 (ie: it does an additional fork).
1131 Any immediate errors will be printed to stderr and BackupPC will quit.
1132 Otherwise, look in __TOPDIR__/log/LOG and verify that BackupPC reports
1133 it has started and all is ok.
1135 =head2 Step 7: Talking to BackupPC
1137 Note: as of version 1.5.0, BackupPC no longer supports telnet
1138 to its TCP port. First off, a unix domain socket is used
1139 instead of a TCP port. (The TCP port can still be re-enabled
1140 if your installation has apache and BackupPC running on different
1141 machines.) Secondly, even if you still use the TCP port, the
1142 messages exchanged over this interface are now protected by
1143 an MD5 digest based on a shared secret (see $Conf{ServerMesgSecret})
1144 as well as sequence numbers and per-session unique keys, preventing
1145 forgery and replay attacks.
1147 You should verify that BackupPC is running by using BackupPC_serverMesg.
1148 This sends a message to BackupPC via the unix (or TCP) socket and prints
1151 You can request status information and start and stop backups using this
1152 interface. This socket interface is mainly provided for the CGI interface
1153 (and some of the BackupPC sub-programs use it too). But right now we just
1154 want to make sure BackupPC is happy. Each of these commands should
1155 produce some status output:
1157 __INSTALLDIR__/bin/BackupPC_serverMesg status info
1158 __INSTALLDIR__/bin/BackupPC_serverMesg status jobs
1159 __INSTALLDIR__/bin/BackupPC_serverMesg status hosts
1161 The output should be some hashes printed with Data::Dumper. If it
1162 looks cryptic and confusing, and doesn't look like an error message,
1165 The jobs status should initially show just BackupPC_trashClean.
1166 The hosts status should produce a list of every host you have listed
1167 in __TOPDIR__/conf/hosts as part of a big cryptic output line.
1169 You can also request that all hosts be queued:
1171 __INSTALLDIR__/bin/BackupPC_serverMesg backup all
1173 At this point you should make sure the CGI interface works since
1174 it will be much easier to see what is going on. That's our
1177 =head2 Step 8: CGI interface
1179 The CGI interface script, BackupPC_Admin, is a powerful and flexible
1180 way to see and control what BackupPC is doing. It is written for an
1181 Apache server. If you don't have Apache, see L<http://www.apache.org>.
1183 There are two options for setting up the CGI interface: standard
1184 mode and using mod_perl. Mod_perl provides much higher performance
1185 (around 15x) and is the best choice if your Apache was built with
1186 mod_perl support. To see if your apache was built with mod_perl
1189 httpd -l | egrep mod_perl
1191 If this prints mod_perl.c then your Apache supports mod_perl.
1193 Using mod_perl with BackupPC_Admin requires a dedicated Apache
1194 to be run as the BackupPC user (__BACKUPPCUSER__). This is
1195 because BackupPC_Admin needs permission to access various files
1196 in BackupPC's data directories. In contrast, the standard
1197 installation (without mod_perl) solves this problem by having
1198 BackupPC_Admin installed as setuid to the BackupPC user, so that
1199 BackupPC_Admin runs as the BackuPC user.
1201 Here are some specifics for each setup:
1205 =item Standard Setup
1207 The CGI interface should have been installed by the configure.pl script
1208 in __CGIDIR__/BackupPC_Admin. BackupPC_Admin should have been installed
1209 as setuid to the BackupPC user (__BACKUPPCUSER__), in addition to user
1210 and group execute permission.
1212 You should be very careful about permissions on BackupPC_Admin and
1213 the directory __CGIDIR__: it is important that normal users cannot
1214 directly execute or change BackupPC_Admin, otherwise they can access
1215 backup files for any PC. You might need to change the group ownership
1216 of BackupPC_Admin to a group that Apache belongs to so that Apache
1217 can execute it (don't add "other" execute permission!).
1218 The permissions should look like this:
1220 ls -l __CGIDIR__/BackupPC_Admin
1221 -swxr-x--- 1 __BACKUPPCUSER__ web 82406 Jun 17 22:58 __CGIDIR__/BackupPC_Admin
1223 The setuid script won't work unless perl on your machine was installed
1224 with setuid emulation. This is likely the problem if you get an error
1225 saying such as "Wrong user: my userid is 25, instead of 150", meaning
1226 the script is running as the httpd user, not the BackupPC user.
1227 This is because setuid scripts are disabled by the kernel in most
1228 flavors of unix and linux.
1230 To see if your perl has setuid emulation, see if there is a program
1231 called sperl5.6.0 or sperl5.6.1 in the place where perl is installed.
1232 If you can't find this program, then you have two options: rebuild
1233 and reinstall perl with the setuid emulation turned on (answer "y" to
1234 the question "Do you want to do setuid/setgid emulation?" when you
1235 run perl's configure script), or switch to the mod_perl alternative
1236 for the CGI script (which doesn't need setuid to work).
1238 =item Mod_perl Setup
1240 The advantage of the mod_perl setup is that no setuid script is needed,
1241 and there is a huge performance advantage. Not only does all the perl
1242 code need to be parsed just once, the config.pl and hosts files, plus
1243 the connection to the BackupPC server are cached between requests. The
1244 typical speedup is around 15 times.
1246 To use mod_perl you need to run Apache as user __BACKUPPCUSER__.
1247 If you need to run multiple Apache's for different services then
1248 you need to create multiple top-level Apache directories, each
1249 with their own config file. You can make copies of /etc/init.d/httpd
1250 and use the -d option to httpd to point each http to a different
1251 top-level directory. Or you can use the -f option to explicitly
1252 point to the config file. Multiple Apache's will run on different
1253 Ports (eg: 80 is standard, 8080 is a typical alternative port accessed
1254 via http://yourhost.com:8080).
1256 Inside BackupPC's Apache http.conf file you should check the
1257 settings for ServerRoot, DocumentRoot, User, Group, and Port. See
1258 L<http://httpd.apache.org/docs/server-wide.html> for more details.
1260 For mod_perl, BackupPC_Admin should not have setuid permission, so
1261 you should turn it off:
1263 chmod u-s __CGIDIR__/BackupPC_Admin
1265 To tell Apache to use mod_perl to execute BackupPC_Admin, add this
1266 to Apache's 1.x httpd.conf file:
1268 <IfModule mod_perl.c>
1269 PerlModule Apache::Registry
1271 <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed
1272 SetHandler perl-script
1273 PerlHandler Apache::Registry
1279 Apache 2.0.44 with Perl 5.8.0 on RedHat 7.1, Don Silvia reports that
1280 this works (with tweaks from Michael Tuzi):
1282 LoadModule perl_module modules/mod_perl.so
1285 <Directory /path/to/cgi/>
1286 SetHandler perl-script
1287 PerlResponseHandler ModPerl::Registry
1288 PerlOptions +ParseHeaders
1293 Allow from 192.168.0
1294 AuthName "Backup Admin"
1296 AuthUserFile /path/to/user_file
1300 There are other optimizations and options with mod_perl. For
1301 example, you can tell mod_perl to preload various perl modules,
1302 which saves memory compared to loading separate copies in every
1303 Apache process after they are forked. See Stas's definitive
1304 mod_perl guide at L<http://perl.apache.org/guide>.
1308 BackupPC_Admin requires that users are authenticated by Apache.
1309 Specifically, it expects that Apache sets the REMOTE_USER environment
1310 variable when it runs. There are several ways to do this. One way
1311 is to create a .htaccess file in the cgi-bin directory that looks like:
1313 AuthGroupFile /etc/httpd/conf/group # <--- change path as needed
1314 AuthUserFile /etc/http/conf/passwd # <--- change path as needed
1319 You will also need "AllowOverride Indexes AuthConfig" in the Apache
1320 httpd.conf file to enable the .htaccess file. Alternatively, everything
1321 can go in the Apache httpd.conf file inside a Location directive. The
1322 list of users and password file above can be extracted from the NIS
1325 One alternative is to use LDAP. In Apache's http.conf add these lines:
1327 LoadModule auth_ldap_module modules/auth_ldap.so
1328 AddModule auth_ldap.c
1330 # cgi-bin - auth via LDAP (for BackupPC)
1331 <Location /cgi-binBackupPC/BackupPC_Admin> # <--- change path as needed
1333 AuthName "BackupPC login"
1334 # replace MYDOMAIN, PORT, ORG and CO as needed
1335 AuthLDAPURL ldap://ldap.MYDOMAIN.com:PORT/o=ORG,c=CO?uid?sub?(objectClass=*)
1339 If you want to disable the user authentication you can set
1340 $Conf{CgiAdminUsers} to '*', which allows any user to have
1341 full access to all hosts and backups. In this case the REMOTE_USER
1342 environment variable does not have to be set by Apache.
1344 Alternatively, you can force a particular user name by getting Apache
1345 to set REMOTE_USER, eg, to hardcode the user to www you could add
1346 this to Apache's httpd.conf:
1348 <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed
1349 Setenv REMOTE_USER www
1352 Finally, you should also edit the config.pl file and adjust, as necessary,
1353 the CGI-specific settings. They're near the end of the config file. In
1354 particular, you should specify which users or groups have administrator
1355 (privileged) access: see the config settings $Conf{CgiAdminUserGroup}
1356 and $Conf{CgiAdminUsers}. Also, the configure.pl script placed various
1357 images into $Conf{CgiImageDir} that BackupPC_Admin needs to serve
1358 up. You should make sure that $Conf{CgiImageDirURL} is the correct
1359 URL for the image directory.
1361 See the section L<Debugging installation problems|debugging installation problems> for suggestions on debugging the Apache authentication setup.
1363 =head2 How BackupPC Finds Hosts
1365 Starting with v2.0.0 the way hosts are discovered has changed. In most
1366 cases you should specify 0 for the DHCP flag in the conf/hosts file,
1367 even if the host has a dynamically assigned IP address.
1369 BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner:
1375 First DNS is used to lookup the IP address given the client's name
1376 using perl's gethostbyname() function. This should succeed for machines
1377 that have fixed IP addresses that are known via DNS. You can manually
1378 see whether a given host have a DNS entry according to perls'
1379 gethostbyname function with this command:
1381 perl -e 'print(gethostbyname("myhost") ? "ok\n" : "not found\n");'
1385 If gethostbyname() fails, BackupPC then attempts a NetBios multicast to
1386 find the host. Provided your client machine is configured properly,
1387 it should respond to this NetBios multicast request. Specifically,
1388 BackupPC runs a command of this form:
1392 If this fails you will see output like:
1394 querying myhost on 10.10.255.255
1395 name_query failed to find name myhost
1397 If this success you will see output like:
1399 querying myhost on 10.10.255.255
1400 10.10.1.73 myhost<00>
1402 Depending on your netmask you might need to specify the -B option to
1403 nmblookup. For example:
1405 nmblookup -B 10.10.1.255 myhost
1407 If necessary, experiment on the nmblookup command that will return the
1408 IP address of the client given its name. Then update
1409 $Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup.
1413 For hosts that have the DHCP flag set to 1, these machines are
1414 discovered as follows:
1420 A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified.
1421 BackupPC will check the NetBIOS name of each machine in the range using
1422 a command of the form:
1424 nmblookup -A W.X.Y.Z
1426 where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}.
1427 Any host that has a valid NetBIOS name returned by this command (ie:
1428 matching an entry in the hosts file) will be backed up. You can
1429 modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}.
1433 You only need to use this DHCP feature if your client machine doesn't
1434 respond to the NetBios multicast request:
1438 but does respond to a request directed to its IP address:
1440 nmblookup -A W.X.Y.Z
1444 =head2 Other installation topics
1448 =item Removing a client
1450 If there is a machine that no longer needs to be backed up (eg: a retired
1451 machine) you have two choices. First, you can keep the backups accessible
1452 and browsable, but disable all new backups. Alternatively, you can
1453 completely remove the client and all its backups.
1455 To disable backups for a client there are two special values for
1456 $Conf{FullPeriod} in that client's per-PC config.pl file:
1462 Don't do any regular backups on this machine. Manually
1463 requested backups (via the CGI interface) will still occur.
1467 Don't do any backups on this machine. Manually requested
1468 backups (via the CGI interface) will be ignored.
1472 This will still allow that client's old backups to be browsable
1475 To completely remove a client and all its backups, you should remove its
1476 entry in the conf/hosts file, and then delete the __TOPDIR__/pc/$host
1477 directory. Whenever you change the hosts file, you should send
1478 BackupPC a HUP (-1) signal so that it re-reads the hosts file.
1479 If you don't do this, BackupPC will automatically re-read the
1480 hosts file at the next regular wakeup.
1482 Note that when you remove a client's backups you won't initially recover
1483 a lot of disk space. That's because the client's files are still in
1484 the pool. Overnight, when BackupPC_nightly next runs, all the unused
1485 pool files will be deleted and this will recover the disk space used
1486 by the client's backups.
1488 =item Copying the pool
1490 If the pool disk requirements grow you might need to copy the entire
1491 data directory to a new (bigger) file system. Hopefully you are lucky
1492 enough to avoid this by having the data directory on a RAID file system
1493 or LVM that allows the capacity to be grown in place by adding disks.
1495 The backup data directories contain large numbers of hardlinks. If
1496 you try to copy the pool the target directory will occupy a lot more
1497 space if the hardlinks aren't re-established.
1499 The GNU cp program with the -a option is aware of hardlinks and knows
1500 to re-establish them. So GNU cp -a is the recommended way to copy
1501 the data directory and pool. Don't forget to stop BackupPC while
1504 =item Compressing an existing pool
1506 If you are upgrading BackupPC and want to turn compression on you have
1513 Simply turn on compression. All new backups will be compressed. Both old
1514 (uncompressed) and new (compressed) backups can be browsed and viewed.
1515 Eventually, the old backups will expire and all the pool data will be
1516 compressed. However, until the old backups expire, this approach could
1517 require 60% or more additional pool storage space to store both
1518 uncompressed and compressed versions of the backup files.
1522 Convert all the uncompressed pool files and backups to compressed.
1523 The script __INSTALLDIR__/bin/BackupPC_compressPool does this.
1524 BackupPC must not be running when you run BackupPC_compressPool.
1525 Also, there must be no existing compressed backups when you
1526 run BackupPC_compressPool.
1528 BackupPC_compressPool compresses all the files in the uncompressed pool
1529 (__TOPDIR__/pool) and moves them to the compressed pool
1530 (__TOPDIR__/cpool). It rewrites the files in place, so that the
1531 existing hardlinks are not disturbed.
1535 The rest of this section discusses how to run BackupPC_compressPool.
1537 BackupPC_compressPool takes three command line options:
1543 Test mode: do everything except actually replace the pool files.
1544 Useful for estimating total run time without making any real
1549 Read check: re-read the compressed file and compare it against
1550 the original uncompressed file. Can only be used in test mode.
1554 Number of children to fork. BackupPC_compressPool can take a long time
1555 to run, so to speed things up it spawns four children, each working on a
1556 different part of the pool. You can change the number of children with
1561 Here are the recommended steps for running BackupPC_compressPool:
1567 Stop BackupPC (eg: "/etc/init.d/backuppc stop").
1571 Set $Conf{CompressLevel} to a non-zero number (eg: 3).
1575 Do a dry run of BackupPC_compressPool. Make sure you run this as
1576 the BackupPC user (__BACKUPPCUSER__):
1578 BackupPC_compressPool -t -r
1580 The -t option (test mode) makes BackupPC_compressPool do all the steps,
1581 but not actually change anything. The -r option re-reads the compressed
1582 file and compares it against the original.
1584 BackupPC_compressPool gives a status as it completes each 1% of the job.
1585 It also shows the cumulative compression ratio and estimated completion
1586 time. Once you are comfortable that things look ok, you can kill
1587 BackupPC_compressPool or wait for it to finish.
1591 Now you are ready to run BackupPC_compressPool for real. Once again,
1592 as the BackupPC user (__BACKUPPCUSER__), run:
1594 BackupPC_compressPool
1596 You should put the output into a file and tail this file. (The running
1597 time could be twice as long as the test mode since the test mode file
1598 writes are immediately followed by an unlink, so in test mode it is
1599 likely the file writes never make it to disk.)
1601 It is B<critical> that BackupPC_compressPool runs to completion before
1602 re-starting BackupPC. Before BackupPC_compressPool completes, none of
1603 the existing backups will be in a consistent state. If you must stop
1604 BackupPC_compressPool for some reason, send it an INT or TERM signal
1605 and give it several seconds (or more) to clean up gracefully.
1606 After that, you can re-run BackupPC_compressPool and it will start
1607 again where it left off. Once again, it is critical that it runs
1612 After BackupPC_compressPool completes you should have a complete set
1613 of compressed backups (and your disk usage should be lower). You
1614 can now re-start BackupPC.
1618 =head2 Debugging installation problems
1620 This section will probably grow based on the types of questions on
1621 the BackupPC mail list. Eventually the FAQ at
1622 L<http://backuppc.sourceforge.net/faq/> will include more details
1627 =item Check log files
1629 Assuming BackupPC can start correctly you should inspect __TOPDIR__/log/LOG
1630 for any errors. Assuming backups for a particular host start, you
1631 should be able to look in __TOPDIR__/pc/$host/LOG for error messages
1632 specific to that host. Always check both log files.
1634 =item CGI script doesn't run
1636 Perhaps the most common program with the installation is getting the
1637 CGI script to run. Often the setuid isn't configured correctly, or
1638 doesn't work on your system.
1640 First, try running BackupPC_Admin manually as the BackupPC user, eg:
1643 __CGIDIR__/BackupPC_Admin
1645 Now try running it as the httpd user (which ever user apache runs as);
1648 __CGIDIR__/BackupPC_Admin
1650 In both cases do you get normal html output?
1652 If the first case works but the second case fails with an error that
1653 the wrong user is running the script then you have a setuid problem.
1654 (This assumes you are running BackupPC_Admin without mod_perl, and
1655 you therefore need seduid to work. If you are using mod_perl then
1656 apache should run as user __BACKUPPCUSER__.)
1658 First you should make sure the cgi-bin directory is on a file system
1659 that doesn't have the "nosuid" mount option.
1661 Next, experiment by creating this script:
1665 printf("My userid is $> (%s)\n", (getpwuid($>))[0]);
1667 then chown it to backuppc and chmod u+s:
1669 root# chown backuppc testsetuid
1670 root# chmod u+s testsetuid
1671 root# chmod a+x testsetuid
1672 root# ls -l testsetuid
1673 -rwsr-xr-x 1 backuppc wheel 76 Aug 26 09:46 testsetuid*
1675 Now run this program as a normal user. What uid does it print?
1676 Try changing the first line of the script to directly call sperl:
1678 #!/usr/bin/sperl5.8.0
1680 (modify according to your version and path). Does this work
1683 Finally, you should invoke the CGI script from a browser, using
1686 http://myHost/cgi-bin/BackupPC/BackupPC_Admin
1688 You should make sure REMOTE_USER is being set by apache (see the
1689 earlier section) so that user authentication works. Make sure
1690 the config settings $Conf{CgiAdminUserGroup} and $Conf{CgiAdminUsers}
1691 correctly specify the privileged administrator users.
1693 =item You cannot access per-host information in the CGI interface
1695 If you get the error
1697 Only privileged users can view information about host xyz
1699 it means that BackupPC_Admin is unable to match the user's login
1700 name (supplied by Apache via the REMOTE_USER environment variable)
1701 with either that host's user name (in the conf/hosts file) or
1702 with the administrators specified in the $Conf{CgiAdminUsers}
1703 or $Conf{CgiAdminUserGroup} settings.
1705 The most common problem is that REMOTE_USER is not set because the
1706 Apache authentication is not correctly configured. In this case
1707 BackupPC_Admin will report this additional error:
1709 Note: $ENV{REMOTE_USER} is not set, which could mean there is an
1710 installation problem. BackupPC_Admin expects Apache to authenticate
1711 the user and pass their user name into this script as the REMOTE_USER
1712 environment variable. See the documentation.
1714 You should review the configuration instructions to setup Apache
1715 authentication correctly. To test if REMOTE_USER is being set
1716 correctly, there is a simple script called printenv that is
1717 included with Apache. This is a simple CGI script that prints
1718 out all the environment variables. Place this script in the
1719 same directory as BackupPC_Admin and run it with a URL like:
1721 http://myHost/cgi-bin/BackupPC/printenv
1723 Check the value of the REMOTE_USER environment variable.
1724 Here's a copy of the printenv script:
1728 ## printenv -- demo CGI program which just prints its environment
1731 print "Content-type: text/plain\n\n";
1732 foreach $var (sort(keys(%ENV))) {
1736 print "${var}=\"${val}\"\n";
1739 =item Can't ping or find host
1741 Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>.
1743 The BackupPC_dump command now has a -v option, so the easiest way to
1744 debug backup problems on a specific host is to run BackupPC_dump
1745 manually as the BackupPC user:
1748 __INSTALLDIR__/bin/BackupPC_dump -v -f hostName
1750 This will run a full dump on hostName (replace with your host name).
1751 It will show each command (eg: ping, nmblookup and the full dump
1752 commands) and the output from each command. Reading the output
1753 carefully should show you what the problem is.
1755 You can also verify that nmblookup correctly returns the netbios name.
1756 This is essential for DHCP hosts, and depending upon the setting of
1757 $Conf{FixedIPNetBiosNameCheck} might also be required for fixed IP
1758 address hosts too. Run this command:
1760 nmblookup -A hostName
1762 Verify that the host name is printed. The output might look like:
1765 DELLLS13 <00> - P <ACTIVE>
1766 DOMAINNAME <00> - <GROUP> P <ACTIVE>
1767 DELLLS13 <20> - P <ACTIVE>
1768 DOMAINNAME <1e> - <GROUP> P <ACTIVE>
1769 DELLLS13 <03> - P <ACTIVE>
1770 DELLLS13$ <03> - P <ACTIVE>
1771 CRAIG <03> - P <ACTIVE>
1773 The first name, converted to lower case, is used for the host name.
1775 =item Transport method doesn't work
1777 The BackupPC_dump command has a -v option, so the easiest way to
1778 debug backup problems on a specific host is to run BackupPC_dump
1779 manually as the BackupPC user:
1782 __INSTALLDIR__/bin/BackupPC_dump -v -f hostName
1784 This will run a full dump on hostName (replace with your host name)
1785 and will print all the output from each command, including the log
1788 The most likely problems will relate to connecting to the smb shares on
1789 each host. On each failed backup, a file __TOPDIR__/pc/$host/XferLOG.bad.z
1790 will be created. This is the stderr output from the transport program.
1791 You can view this file via the CGI interface, or manually uncompress it
1794 __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/$host/XferLOG.bad.z | more
1796 The first line will show the full command that was run (eg: rsync, tar
1797 or smbclient). Based on the error messages you should figure out what
1798 is wrong. Possible errors on the server side are invalid host, invalid
1799 share name, bad username or password. Possible errors on the client
1800 side are misconfiguration of the share, username or password.
1802 You should try running the command manually to see what happens.
1803 For example, for smbclient you should it manually and verify that
1804 you can connect to the host in interactive mode, eg:
1806 smbclient '\\hostName\shareName' -U userName
1808 shareName should match the $Conf{SmbShareName} setting and userName
1809 should match the the $Conf{SmbShareUserName} setting.
1811 You will be prompted for the password. You should then see this prompt:
1815 Verify that "ls" works and then type "quit" to exit.
1819 =head1 Restore functions
1821 BackupPC supports several different methods for restoring files. The
1822 most convenient restore options are provided via the CGI interface.
1823 Alternatively, backup files can be restored using manual commands.
1825 =head2 CGI restore options
1827 By selecting a host in the CGI interface, a list of all the backups
1828 for that machine will be displayed. By selecting the backup number
1829 you can navigate the shares and directory tree for that backup.
1831 BackupPC's CGI interface automatically fills incremental backups
1832 with the corresponding full backup, which means each backup has
1833 a filled appearance. Therefore, there is no need to do multiple
1834 restores from the incremental and full backups: BackupPC does all
1835 the hard work for you. You simply select the files and directories
1836 you want from the correct backup vintage in one step.
1838 You can download a single backup file at any time simply by selecting
1839 it. Your browser should prompt you with the file name and ask you
1840 whether to open the file or save it to disk.
1842 Alternatively, you can select one or more files or directories in
1843 the currently selected directory and select "Restore selected files".
1844 (If you need to restore selected files and directories from several
1845 different parent directories you will need to do that in multiple
1848 If you select all the files in a directory, BackupPC will replace
1849 the list of files with the parent directory. You will be presented
1850 with a screen that has three options:
1854 =item Option 1: Direct Restore
1856 With this option the selected files and directories are restored
1857 directly back onto the host, by default in their original location.
1858 Any old files with the same name will be overwritten, so use caution.
1859 You can optionally change the target host name, target share name,
1860 and target path prefix for the restore, allowing you to restore the
1861 files to a different location.
1863 Once you select "Start Restore" you will be prompted one last time
1864 with a summary of the exact source and target files and directories
1865 before you commit. When you give the final go ahead the restore
1866 operation will be queued like a normal backup job, meaning that it
1867 will be deferred if there is a backup currently running for that host.
1868 When the restore job is run, smbclient or tar is used (depending upon
1869 $Conf{XferMethod}) to actually restore the files. Sorry, there is
1870 currently no option to cancel a restore that has been started.
1872 A record of the restore request, including the result and list of
1873 files and directories, is kept. It can be browsed from the host's
1874 home page. $Conf{RestoreInfoKeepCnt} specifies how many old restore
1875 status files to keep.
1877 =item Option 2: Download Zip archive
1879 With this option a zip file containing the selected files and directories
1880 is downloaded. The zip file can then be unpacked or individual files
1881 extracted as necessary on the host machine. The compression level can be
1882 specified. A value of 0 turns off compression.
1884 When you select "Download Zip File" you should be prompted where to
1885 save the restore.zip file.
1887 BackupPC does not consider downloading a zip file as an actual
1888 restore operation, so the details are not saved for later browsing
1889 as in the first case. However, a mention that a zip file was
1890 downloaded by a particular user, and a list of the files, does
1891 appear in BackupPC's log file.
1893 =item Option 3: Download Tar archive
1895 This is identical to the previous option, except a tar file is downloaded
1896 rather than a zip file (and there is currently no compression option).
1900 =head2 Command-line restore options
1902 Apart from the CGI interface, BackupPC allows you to restore files
1903 and directories from the command line. The following programs can
1910 For each file name argument it inflates (uncompresses) the file and
1911 writes it to stdout. To use BackupPC_zcat you could give it the
1914 __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/host/5/fc/fcraig/fexample.txt > example.txt
1916 It's your responsibility to make sure the file is really compressed:
1917 BackupPC_zcat doesn't check which backup the requested file is from.
1919 =item BackupPC_tarCreate
1921 BackupPC_tarCreate creates a tar file for any files or directories in
1922 a particular backup. Merging of incrementals is done automatically,
1923 so you don't need to worry about whether certain files appear in the
1924 incremental or full backup.
1928 BackupPC_tarCreate [-t] [-h host] [-n dumpNum] [-s shareName]
1929 [-r pathRemove] [-p pathAdd]
1930 files/directories...
1932 The command-line files and directories are relative to the specified
1933 shareName. The tar file is written to stdout.
1935 The required options are:
1941 host from which the tar archive is created
1945 dump number from which the tar archive is created
1949 share name from which the tar archive is created
1959 print summary totals
1963 path prefix that will be replaced with pathAdd
1971 The -h, -n and -s options specify which dump is used to generate
1972 the tar archive. The -r and -p options can be used to relocate
1973 the paths in the tar archive so extracted files can be placed
1974 in a location different from their original location.
1976 =item BackupPC_zipCreate
1978 BackupPC_zipCreate creates a zip file for any files or directories in
1979 a particular backup. Merging of incrementals is done automatically,
1980 so you don't need to worry about whether certain files appear in the
1981 incremental or full backup.
1985 BackupPC_zipCreate [-t] [-h host] [-n dumpNum] [-s shareName]
1986 [-r pathRemove] [-p pathAdd] [-c compressionLevel]
1987 files/directories...
1989 The command-line files and directories are relative to the specified
1990 shareName. The zip file is written to stdout.
1992 The required options are:
1998 host from which the zip archive is created
2002 dump number from which the zip archive is created
2006 share name from which the zip archive is created
2016 print summary totals
2020 path prefix that will be replaced with pathAdd
2028 compression level (default is 0, no compression)
2032 The -h, -n and -s options specify which dump is used to generate
2033 the zip archive. The -r and -p options can be used to relocate
2034 the paths in the zip archive so extracted files can be placed
2035 in a location different from their original location.
2039 Each of these programs reside in __INSTALLDIR__/bin.
2041 =head1 Archive functions
2043 BackupPC supports archiving to removable media. For users that require
2044 offsite backups, BackupPC can create archives that stream to tape
2045 devices, or create files of specified sizes to fit onto cd or dvd media.
2047 Each archive type is specified by a BackupPC host with its XferMethod
2048 set to 'archive'. This allows for multiple configurations at sites where
2049 there might be a combination of tape and cd/dvd backups being made.
2051 BackupPC provides a menu that allows one or more hosts to be archived.
2052 The most recent backup of each host is archived using BackupPC_tarCreate,
2053 and the output is optionally compressed and split into fixed-sized
2056 The archive for each host is done by default using
2057 __INSTALLDIR__/BackupPC_archiveHost. This script can be copied
2058 and customized as needed.
2060 =head2 Configuring an Archive Host
2062 To create an Archive Host, add it to the hosts file just as any other host
2063 and call it a name that best describes the type of archive, e.g. ArchiveDLT
2065 To tell BackupPC that the Host is for Archives, create a config.pl file in
2066 the Archive Hosts's pc directory, adding the following line:
2068 $Conf{XferMethod} = 'archive';
2070 To further customise the archive's parameters you can adding the changed
2071 parameters in the host's config.pl file. The parameters are explained in
2072 the config.pl file. Parameters may be fixed or the user can be allowed
2073 to change them (eg: output device).
2075 The per-host archive command is $Conf{ArchiveClientCmd}. By default
2076 this invokes __INSTALLDIR__/BackupPC_archiveHost, which you can
2077 copy and customize as necessary.
2079 =head2 Starting an Archive
2081 In the web interface, click on the Archive Host you wish to use. You will see a
2082 list of previous archives and a summary on each. By clicking the "Start Archive"
2083 button you are presented with the list of hosts and the approximate backup size
2084 (note this is raw size, not projected compressed size) Select the hosts you wish
2085 to archive and press the "Archive Selected Hosts" button.
2087 The next screen allows you to adjust the parameters for this archive run.
2088 Press the "Start the Archive" to start archiving the selected hosts with the
2089 parameters displayed.
2091 =head1 BackupPC Design
2093 =head2 Some design issues
2097 =item Pooling common files
2099 To quickly see if a file is already in the pool, an MD5 digest of the
2100 file length and contents is used as the file name in the pool. This
2101 can't guarantee a file is identical: it just reduces the search to
2102 often a single file or handful of files. A complete file comparison
2103 is always done to verify if two files are really the same.
2105 Identical files on multiples backups are represented by hard links.
2106 Hardlinks are used so that identical files all refer to the same
2107 physical file on the server's disk. Also, hard links maintain
2108 reference counts so that BackupPC knows when to delete unused files
2111 For the computer-science majors among you, you can think of the pooling
2112 system used by BackupPC as just a chained hash table stored on a (big)
2115 =item The hashing function
2117 There is a tradeoff between how much of file is used for the MD5 digest
2118 and the time taken comparing all the files that have the same hash.
2120 Using the file length and just the first 4096 bytes of the file for the
2121 MD5 digest produces some repetitions. One example: with 900,000 unique
2122 files in the pool, this hash gives about 7,000 repeated files, and in
2123 the worst case 500 files have the same hash. That's not bad: we only
2124 have to do a single file compare 99.2% of the time. But in the worst
2125 case we have to compare as many as 500 files checking for a match.
2127 With a modest increase in CPU time, if we use the file length and the
2128 first 256K of the file we now only have 500 repeated files and in the
2129 worst case around 20 files have the same hash. Furthermore, if we
2130 instead use the first and last 128K of the file (more specifically, the
2131 first and eighth 128K chunks for files larger than 1MB) we get only 300
2132 repeated files and in the worst case around 20 files have the same hash.
2134 Based on this experimentation, this is the hash function used by BackupPC.
2135 It is important that you don't change the hash function after files
2136 are already in the pool. Otherwise your pool will grow to twice the
2137 size until all the old backups (and all the old files with old hashes)
2142 BackupPC supports compression. It uses the deflate and inflate methods
2143 in the Compress::Zlib module, which is based on the zlib compression
2144 library (see L<http://www.gzip.org/zlib/>).
2146 The $Conf{CompressLevel} setting specifies the compression level to use.
2147 Zero (0) means no compression. Compression levels can be from 1 (least
2148 cpu time, slightly worse compression) to 9 (most cpu time, slightly
2149 better compression). The recommended value is 3. Changing it to 5, for
2150 example, will take maybe 20% more cpu time and will get another 2-3%
2151 additional compression. Diminishing returns set in above 5. See the zlib
2152 documentation for more information about compression levels.
2154 BackupPC implements compression with minimal CPU load. Rather than
2155 compressing every incoming backup file and then trying to match it
2156 against the pool, BackupPC computes the MD5 digest based on the
2157 uncompressed file, and matches against the candidate pool files by
2158 comparing each uncompressed pool file against the incoming backup file.
2159 Since inflating a file takes roughly a factor of 10 less CPU time than
2160 deflating there is a big saving in CPU time.
2162 The combination of pooling common files and compression can yield
2163 a factor of 8 or more overall saving in backup storage.
2167 =head2 BackupPC operation
2169 BackupPC reads the configuration information from
2170 __TOPDIR__/conf/config.pl. It then runs and manages all the backup
2171 activity. It maintains queues of pending backup requests, user backup
2172 requests and administrative commands. Based on the configuration various
2173 requests will be executed simultaneously.
2175 As specified by $Conf{WakeupSchedule}, BackupPC wakes up periodically
2176 to queue backups on all the PCs. This is a four step process:
2182 For each host and DHCP address backup requests are queued on the
2183 background command queue.
2187 For each PC, BackupPC_dump is forked. Several of these may be run in
2188 parallel, based on the configuration. First a ping is done to see if the
2189 machine is alive. If this is a DHCP address, nmblookup is run to get
2190 the netbios name, which is used as the host name. The file
2191 __TOPDIR__/pc/$host/backups is read to decide whether a full or
2192 incremental backup needs to be run. If no backup is scheduled, or the ping
2193 to $host fails, then BackupPC_dump exits.
2195 The backup is done using samba's smbclient or tar over ssh/rsh/nfs piped
2196 into BackupPC_tarExtract, extracting the backup into __TOPDIR__/pc/$host/new.
2197 The smbclient or tar output is put into __TOPDIR__/pc/$host/XferLOG.
2199 As BackupPC_tarExtract extracts the files from smbclient, it checks each
2200 file in the backup to see if it is identical to an existing file from
2201 any previous backup of any PC. It does this without needed to write the
2202 file to disk. If the file matches an existing file, a hardlink is
2203 created to the existing file in the pool. If the file does not match any
2204 existing files, the file is written to disk and the file name is saved
2205 in __TOPDIR__/pc/$host/NewFileList for later processing by
2206 BackupPC_link. BackupPC_tarExtract can handle arbitrarily large
2207 files and multiple candidate matching files without needing to
2208 write the file to disk in the case of a match. This significantly
2209 reduces disk writes (and also reads, since the pool file comparison
2210 is done disk to memory, rather than disk to disk).
2212 Based on the configuration settings, BackupPC_dump checks each
2213 old backup to see if any should be removed. Any expired backups
2214 are moved to __TOPDIR__/trash for later removal by BackupPC_trashClean.
2218 For each complete, good, backup, BackupPC_link is run.
2219 To avoid race conditions as new files are linked into the
2220 pool area, only a single BackupPC_link program runs
2221 at a time and the rest are queued.
2223 BackupPC_link reads the NewFileList written by BackupPC_dump and
2224 inspects each new file in the backup. It re-checks if there is a
2225 matching file in the pool (another BackupPC_link
2226 could have added the file since BackupPC_dump checked). If so, the file
2227 is removed and replaced by a hard link to the existing file. If the file
2228 is new, a hard link to the file is made in the pool area, so that this
2229 file is available for checking against each new file and new backup.
2231 Then, assuming $Conf{IncrFill} is set, for each incremental backup,
2232 hard links are made in the new backup to all files that were not extracted
2233 during the incremental backups. The means the incremental backup looks
2234 like a complete image of the PC (with the exception that files
2235 that were removed on the PC since the last full backup will still
2236 appear in the backup directory tree).
2238 As of v1.03, the CGI interface knows how to merge unfilled
2239 incremental backups will the most recent prior filled (full)
2240 backup, giving the incremental backups a filled appearance. The
2241 default for $Conf{IncrFill} is off, since there is now no need to
2242 fill incremental backups. This saves some level of disk activity,
2243 since lots of extra hardlinks are no longer needed (and don't have
2244 to be deleted when the backup expires).
2248 BackupPC_trashClean is always run in the background to remove any
2249 expired backups. Every 5 minutes it wakes up and removes all the files
2250 in __TOPDIR__/trash.
2252 Also, once each night, BackupPC_nightly is run to complete some additional
2253 administrative tasks, such as cleaning the pool. This involves removing
2254 any files in the pool that only have a single hard link (meaning no backups
2255 are using that file). Again, to avoid race conditions, BackupPC_nightly
2256 is only run when there are no BackupPC_dump or BackupPC_link processes
2261 BackupPC also listens for TCP connections on $Conf{ServerPort}, which
2262 is used by the CGI script BackupPC_Admin for status reporting and
2263 user-initiated backup or backup cancel requests.
2265 =head2 Storage layout
2267 BackupPC resides in three directories:
2271 =item __INSTALLDIR__
2273 Perl scripts comprising BackupPC reside in __INSTALLDIR__/bin,
2274 libraries are in __INSTALLDIR__/lib and documentation
2275 is in __INSTALLDIR__/doc.
2279 The CGI script BackupPC_Admin resides in this cgi binary directory.
2283 All of BackupPC's data (PC backup images, logs, configuration information)
2284 is stored below this directory.
2288 Below __TOPDIR__ are several directories:
2292 =item __TOPDIR__/conf
2294 The directory __TOPDIR__/conf contains:
2300 Configuration file. See L<Configuration file|configuration file>
2301 below for more details.
2305 Hosts file, which lists all the PCs to backup.
2309 =item __TOPDIR__/log
2311 The directory __TOPDIR__/log contains:
2317 Current (today's) log file output from BackupPC.
2319 =item LOG.0 or LOG.0.z
2321 Yesterday's log file output. Log files are aged daily and compressed
2322 (if compression is enabled), and old LOG files are deleted.
2326 Contains BackupPC's process id.
2330 A summary of BackupPC's status written periodically by BackupPC so
2331 that certain state information can be maintained if BackupPC is
2332 restarted. Should not be edited.
2334 =item UserEmailInfo.pl
2336 A summary of what email was last sent to each user, and when the
2337 last email was sent. Should not be edited.
2341 =item __TOPDIR__/trash
2343 Any directories and files below this directory are periodically deleted
2344 whenever BackupPC_trashClean checks. When a backup is aborted or when an
2345 old backup expires, BackupPC_dump simply moves the directory to
2346 __TOPDIR__/trash for later removal by BackupPC_trashClean.
2348 =item __TOPDIR__/pool
2350 All uncompressed files from PC backups are stored below __TOPDIR__/pool.
2351 Each file's name is based on the MD5 hex digest of the file contents.
2352 Specifically, for files less than 256K, the file length and the entire
2353 file is used. For files up to 1MB, the file length and the first and
2354 last 128K are used. Finally, for files longer than 1MB, the file length,
2355 and the first and eighth 128K chunks for the file are used.
2357 Each file is stored in a subdirectory X/Y/Z, where X, Y, Z are the
2358 first 3 hex digits of the MD5 digest.
2360 For example, if a file has an MD5 digest of 123456789abcdef0,
2361 the file is stored in __TOPDIR__/pool/1/2/3/123456789abcdef0.
2363 The MD5 digest might not be unique (especially since not all the file's
2364 contents are used for files bigger than 256K). Different files that have
2365 the same MD5 digest are stored with a trailing suffix "_n" where n is
2366 an incrementing number starting at 0. So, for example, if two additional
2367 files were identical to the first, except the last byte was different,
2368 and assuming the file was larger than 1MB (so the MD5 digests are the
2369 same but the files are actually different), the three files would be
2372 __TOPDIR__/pool/1/2/3/123456789abcdef0
2373 __TOPDIR__/pool/1/2/3/123456789abcdef0_0
2374 __TOPDIR__/pool/1/2/3/123456789abcdef0_1
2376 Both BackupPC_dump (actually, BackupPC_tarExtract) and BackupPC_link are
2377 responsible for checking newly backed up files against the pool. For
2378 each file, the MD5 digest is used to generate a file name in the pool
2379 directory. If the file exists in the pool, the contents are compared.
2380 If there is no match, additional files ending in "_n" are checked.
2381 (Actually, BackupPC_tarExtract compares multiple candidate files in
2382 parallel.) If the file contents exactly match, the file is created by
2383 simply making a hard link to the pool file (this is done by
2384 BackupPC_tarExtract as the backup proceeds). Otherwise,
2385 BackupPC_tarExtract writes the new file to disk and a new hard link is
2386 made in the pool to the file (this is done later by BackupPC_link).
2388 Therefore, every file in the pool will have at least 2 hard links
2389 (one for the pool file and one for the backup file below __TOPDIR__/pc).
2390 Identical files from different backups or PCs will all be linked to
2391 the same file. When old backups are deleted, some files in the pool
2392 might only have one link. BackupPC_nightly checks the entire pool
2393 and removes all files that have only a single link, thereby recovering
2394 the storage for that file.
2396 One other issue: zero length files are not pooled, since there are a lot
2397 of these files and on most file systems it doesn't save any disk space
2398 to turn these files into hard links.
2400 =item __TOPDIR__/cpool
2402 All compressed files from PC backups are stored below __TOPDIR__/cpool.
2403 Its layout is the same as __TOPDIR__/pool, and the hashing function
2404 is the same (and, importantly, based on the uncompressed file, not
2405 the compressed file).
2407 =item __TOPDIR__/pc/$host
2409 For each PC $host, all the backups for that PC are stored below
2410 the directory __TOPDIR__/pc/$host. This directory contains the
2417 Current log file for this PC from BackupPC_dump.
2419 =item LOG.0 or LOG.0.z
2421 Last month's log file. Log files are aged monthly and compressed
2422 (if compression is enabled), and old LOG files are deleted.
2424 =item XferERR or XferERR.z
2426 Output from the transport program (ie: smbclient or tar)
2427 for the most recent failed backup.
2431 Subdirectory in which the current backup is stored. This
2432 directory is renamed if the backup succeeds.
2434 =item XferLOG or XferLOG.z
2436 Output from the transport program (ie: smbclient or tar)
2437 for the current backup.
2439 =item nnn (an integer)
2441 Successful backups are in directories numbered sequentially starting at 0.
2443 =item XferLOG.nnn or XferLOG.nnn.z
2445 Output from the transport program (ie: smbclient or tar)
2446 corresponding to backup number nnn.
2448 =item RestoreInfo.nnn
2450 Information about restore request #nnn including who, what, when, and
2451 why. This file is in Data::Dumper format. (Note that the restore
2452 numbers are not related to the backup number.)
2454 =item RestoreLOG.nnn.z
2456 Output from smbclient or tar during restore #nnn. (Note that the restore
2457 numbers are not related to the backup number.)
2461 Optional configuration settings specific to this host. Settings in this
2462 file override the main configuration file.
2466 A tab-delimited ascii table listing information about each successful
2467 backup, one per row. The columns are:
2473 The backup number, an integer that starts at 0 and increments
2474 for each successive backup. The corresponding backup is stored
2475 in the directory num (eg: if this field is 5, then the backup is
2476 stored in __TOPDIR__/pc/$host/5).
2480 Set to "full" or "incr" for full or incremental backup.
2484 Start time of the backup in unix seconds.
2488 Stop time of the backup in unix seconds.
2492 Number of files backed up (as reported by smbclient or tar).
2496 Total file size backed up (as reported by smbclient or tar).
2500 Number of files that were already in the pool
2501 (as determined by BackupPC_dump and BackupPC_link).
2505 Total size of files that were already in the pool
2506 (as determined by BackupPC_dump and BackupPC_link).
2510 Number of files that were not in the pool
2511 (as determined by BackupPC_link).
2515 Total size of files that were not in the pool
2516 (as determined by BackupPC_link).
2520 Number of errors or warnings from smbclient (zero for tar).
2524 Number of errors from smbclient that were bad file errors (zero for tar).
2528 Number of errors from smbclient that were bad share errors (zero for tar).
2532 Number of errors from BackupPC_tarExtract.
2536 The compression level used on this backup. Zero or empty means no
2541 Total compressed size of files that were already in the pool
2542 (as determined by BackupPC_dump and BackupPC_link).
2546 Total compressed size of files that were not in the pool
2547 (as determined by BackupPC_link).
2551 Set if this backup has not been filled in with the most recent
2552 previous filled or full backup. See $Conf{IncrFill}.
2556 If this backup was filled (ie: noFill is 0) then this is the
2557 number of the backup that it was filled from
2561 Set if this backup has mangled file names and attributes. Always
2562 true for backups in v1.4.0 and above. False for all backups prior
2567 Set to the value of $Conf{XferMethod} when this dump was done.
2571 The level of this dump. A full dump is level 0. Currently incrementals
2572 are 1. But when multi-level incrementals are supported this will reflect
2573 each dump's incremental level.
2579 A tab-delimited ascii table listing information about each requested
2580 restore, one per row. The columns are:
2586 Restore number (matches the suffix of the RestoreInfo.nnn and
2587 RestoreLOG.nnn.z file), unrelated to the backup number.
2591 Start time of the restore in unix seconds.
2595 End time of the restore in unix seconds.
2599 Result (ok or failed).
2603 Error message if restore failed.
2607 Number of files restored.
2611 Size in bytes of the restored files.
2615 Number of errors from BackupPC_tarCreate during restore.
2619 Number of errors from smbclient or tar during restore.
2627 =head2 Compressed file format
2629 The compressed file format is as generated by Compress::Zlib::deflate
2630 with one minor, but important, tweak. Since Compress::Zlib::inflate
2631 fully inflates its argument in memory, it could take large amounts of
2632 memory if it was inflating a highly compressed file. For example, a
2633 200MB file of 0x0 bytes compresses to around 200K bytes. If
2634 Compress::Zlib::inflate was called with this single 200K buffer, it
2635 would need to allocate 200MB of memory to return the result.
2637 BackupPC watches how efficiently a file is compressing. If a big file
2638 has very high compression (meaning it will use too much memory when it
2639 is inflated), BackupPC calls the flush() method, which gracefully
2640 completes the current compression. BackupPC then starts another
2641 deflate and simply appends the output file. So the BackupPC compressed
2642 file format is one or more concatenated deflations/flushes. The specific
2643 ratios that BackupPC uses is that if a 6MB chunk compresses to less
2644 than 64K then a flush will be done.
2646 Back to the example of the 200MB file of 0x0 bytes. Adding flushes
2647 every 6MB adds only 200 or so bytes to the 200K output. So the
2648 storage cost of flushing is negligible.
2650 To easily decompress a BackupPC compressed file, the script
2651 BackupPC_zcat can be found in __INSTALLDIR__/bin. For each
2652 file name argument it inflates the file and writes it to stdout.
2654 =head2 File name mangling
2656 Backup file names are stored in "mangled" form. Each node of
2657 a path is preceded by "f" (mnemonic: file), and special characters
2658 (\n, \r, % and /) are URI-encoded as "%xx", where xx is the ascii
2659 character's hex value. So c:/craig/example.txt is now stored as
2660 fc/fcraig/fexample.txt.
2662 This was done mainly so meta-data could be stored alongside the backup
2663 files without name collisions. In particular, the attributes for the
2664 files in a directory are stored in a file called "attrib", and mangling
2665 avoids file name collisions (I discarded the idea of having a duplicate
2666 directory tree for every backup just to store the attributes). Other
2667 meta-data (eg: rsync checksums) could be stored in file names preceded
2668 by, eg, "c". There are two other benefits to mangling: the share name
2669 might contain "/" (eg: "/home/craig" for tar transport), and I wanted
2670 that represented as a single level in the storage tree. Secondly, as
2671 files are written to NewFileList for later processing by BackupPC_link,
2672 embedded newlines in the file's path will cause problems which are
2673 avoided by mangling.
2675 The CGI script undoes the mangling, so it is invisible to the user.
2676 Old (unmangled) backups are still supported by the CGI
2679 =head2 Special files
2681 Linux/unix file systems support several special file types: symbolic
2682 links, character and block device files, fifos (pipes) and unix-domain
2683 sockets. All except unix-domain sockets are supported by BackupPC
2684 (there's no point in backing up or restoring unix-domain sockets since
2685 they only have meaning after a process creates them). Symbolic links are
2686 stored as a plain file whose contents are the contents of the link (not
2687 the file it points to). This file is compressed and pooled like any
2688 normal file. Character and block device files are also stored as plain
2689 files, whose contents are two integers separated by a comma; the numbers
2690 are the major and minor device number. These files are compressed and
2691 pooled like any normal file. Fifo files are stored as empty plain files
2692 (which are not pooled since they have zero size). In all cases, the
2693 original file type is stored in the attrib file so it can be correctly
2696 Hardlinks are also supported. When GNU tar first encounters a file with
2697 more than one link (ie: hardlinks) it dumps it as a regular file. When
2698 it sees the second and subsequent hardlinks to the same file, it dumps
2699 just the hardlink information. BackupPC correctly recognizes these
2700 hardlinks and stores them just like symlinks: a regular text file
2701 whose contents is the path of the file linked to. The CGI script
2702 will download the original file when you click on a hardlink.
2704 Also, BackupPC_tarCreate has enough magic to re-create the hardlinks
2705 dynamically based on whether or not the original file and hardlinks
2706 are both included in the tar file. For example, imagine a/b/x is a
2707 hardlink to a/c/y. If you use BackupPC_tarCreate to restore directory
2708 a, then the tar file will include a/b/x as the original file and a/c/y
2709 will be a hardlink to a/b/x. If, instead you restore a/c, then the
2710 tar file will include a/c/y as the original file, not a hardlink.
2712 =head2 Attribute file format
2714 The unix attributes for the contents of a directory (all the files and
2715 directories in that directory) are stored in a file called attrib.
2716 There is a single attrib file for each directory in a backup.
2717 For example, if c:/craig contains a single file c:/craig/example.txt,
2718 that file would be stored as fc/fcraig/fexample.txt and there would be an
2719 attribute file in fc/fcraig/attrib (and also fc/attrib and ./attrib).
2720 The file fc/fcraig/attrib would contain a single entry containing the
2721 attributes for fc/fcraig/fexample.txt.
2723 The attrib file starts with a magic number, followed by the
2724 concatenation of the following information for each file:
2730 File name length in perl's pack "w" format (variable length base 128).
2738 The unix file type, mode, uid, gid and file size divided by 4GB and
2739 file size modulo 4GB (type mode uid gid sizeDiv4GB sizeMod4GB),
2740 in perl's pack "w" format (variable length base 128).
2744 The unix mtime (unix seconds) in perl's pack "N" format (32 bit integer).
2748 The attrib file is also compressed if compression is enabled.
2749 See the lib/BackupPC/Attrib.pm module for full details.
2751 Attribute files are pooled just like normal backup files. This saves
2752 space if all the files in a directory have the same attributes across
2753 multiple backups, which is common.
2755 =head2 Optimizations
2757 BackupPC doesn't care about the access time of files in the pool
2758 since it saves attribute meta-data separate from the files. Since
2759 BackupPC mostly does reads from disk, maintaining the access time of
2760 files generates a lot of unnecessary disk writes. So, provided
2761 BackupPC has a dedicated data disk, you should consider mounting
2762 BackupPC's data directory with the noatime attribute (see mount(1)).
2766 BackupPC isn't perfect (but it is getting better). Here are some
2767 limitations of BackupPC:
2771 =item Non-unix file attributes not backed up
2773 smbclient doesn't extract the WinXX ACLs, so file attributes other than
2774 the equivalent (as provided by smbclient) unix attributes are not
2777 =item Locked files are not backed up
2779 Under WinXX a locked file cannot be read by smbclient. Such files will
2780 not be backed up. This includes the WinXX system registry files.
2782 This is especially troublesome for Outlook, which stores all its data
2783 in a single large file and keeps it locked whenever it is running.
2784 Since many users keep Outlook running all the time their machine
2785 is up their Outlook file will not be backed up. Sadly, this file
2786 is the most important file to backup. As one workaround, Microsoft has
2787 a user-level application that periodically asks the user if they want to
2788 make a copy of their outlook.pst file. This copy can then be backed up
2789 by BackupPC. See L<http://office.microsoft.com/downloads/2002/pfbackup.aspx>.
2791 Similarly, all of the data for WinXX services like SQL databases,
2792 Exchange etc won't be backed up. If these applications support
2793 some kind of export or utility to save their data to disk then this
2794 can =used to create files that BackupPC can backup.
2796 So far, the best that BackupPC can do is send warning emails to
2797 the user saying that their outlook files haven't been backed up in
2798 X days. (X is configurable.) The message invites the user to
2799 exit Outlook and gives a URL to manually start a backup.
2801 I suspect there is a way of mirroring the outlook.pst file so
2802 that at least the mirror copy can be backed up. Or perhaps a
2803 manual copy can be started at login. Does some WinXX expert
2804 know how to do this?
2806 Comment: two users have noted that there are commercial OFM (open file
2807 manager) products that are designed to solve this problem, for example
2808 from St. Bernard or Columbia Data Products. Apparently Veritas and
2809 Legato bundle this product with their commercial products. See for
2810 example L<http://www.stbernard.com/products/docs/ofm_whitepaperV8.pdf>.
2811 If anyone tries these programs with BackupPC please tell us whether or
2814 =item Don't expect to reconstruct a complete WinXX drive
2816 The conclusion from the last few items is that BackupPC is not intended
2817 to allow a complete WinXX disk to be re-imaged from the backup. Our
2818 approach to system restore in the event of catastrophic failure is to
2819 re-image a new disk from a generic master, and then use the BackupPC
2820 archive to restore user files.
2822 It is likely that linux/unix backups done using tar (rather than
2823 smb) can be used to reconstruct a complete file system, although
2826 =item Maximum Backup File Sizes
2828 BackupPC can backup and manage very large file sizes, probably as large
2829 as 2^51 bytes (when a double-precision number's mantissa can no longer
2830 represent an integer exactly). In practice, several things outside
2831 BackupPC limit the maximum individual file size. Any one of the
2832 following items will limit the maximum individual file size:
2838 Perl needs to be compiled with uselargefiles defined. Check your
2841 perl -V | egrep largefiles
2843 Without this, the maximum file size will be 2GB.
2847 The BackupPC pool and data directories must be on a file system that
2848 supports large files.
2850 Without this, the maximum file size will be 2GB.
2854 The transport mechanism also limits the maximum individual file size.
2856 GNU tar maximum file size is limited by the tar header format. The tar
2857 header uses 11 octal digits to represent the file size, which is 33 bits
2858 or 8GB. I vaguely recall (but I haven't recently checked) that GNU tar
2859 uses an extra octal digit (replacing a trailing delimiter) if necessary,
2860 allowing 64GB files. So tar transport limits the maximum file size to
2861 8GB or perhaps 64GB. It is possible that files >= 8GB don't work; this
2862 needs to be looked into.
2864 Smbclient is limited to 4GB file sizes. Moreover, a bug in smbclient
2865 (mixing signed and unsigned 32 bit values) causes it to incorrectly
2866 do the tar octal conversion for file sizes from 2GB-4GB. BackupPC_tarExtract
2867 knows about this bug and can recover the correct file size. So smbclient
2868 transport works up to 4GB file sizes.
2870 Rsync running on Cygwin is limited to either 2GB or 4GB file sizes.
2871 More testing needs to be done to verify the file size limit for
2872 rsync on various platforms.
2876 =item Some tape backup systems aren't smart about hard links
2878 If you backup the BackupPC pool to tape you need to make sure that the
2879 tape backup system is smart about hard links. For example, if you
2880 simply try to tar the BackupPC pool to tape you will backup a lot more
2881 data than is necessary.
2883 Using the example at the start of the installation section, 65 hosts are
2884 backed up with each full backup averaging 3.2GB. Storing one full backup
2885 and two incremental backups per laptop is around 240GB of raw data. But
2886 because of the pooling of identical files, only 87GB is used (with
2887 compression the total is lower). If you run du or tar on the data
2888 directory, there will appear to be 240GB of data, plus the size of the
2889 pool (around 87GB), or 327GB total.
2891 If your tape backup system is not smart about hard links an alternative
2892 is to periodically backup just the last successful backup for each host
2893 to tape. Another alternative is to do a low-level dump of the pool
2894 file system (ie: /dev/hda1 or similar) using dump(1).
2896 Supporting more efficient tape backup is an area for further
2899 =item Incremental backups might included deleted files
2901 To make browsing and restoring backups easier, incremental backups
2902 are "filled-in" from the last complete backup when the backup is
2903 browsed or restored.
2905 However, if a file was deleted by a user after the last full backup, that
2906 file will still appear in the "filled-in" incremental backup. This is not
2907 really a specific problem with BackupPC, rather it is a general issue
2908 with the full/incremental backup paradigm. This minor problem could be
2909 solved by having smbclient list all files when it does the incremental
2910 backup. Volunteers anyone?
2914 Comments or suggestions on these issues are welcome.
2916 =head2 Security issues
2918 Please read this section and consider each of the issues carefully.
2922 =item Smb share password
2924 An important security risk is the manner in which the smb share
2925 passwords are stored. They are in plain text. As described in
2926 L<Step 3: Setting up config.pl|step 3: setting up config.pl> there are four
2927 ways to tell BackupPC the smb share password (manually setting an environment
2928 variable, setting the environment variable in /etc/init.d/backuppc,
2929 putting the password in __TOPDIR__/conf/config.pl, or putting the
2930 password in __TOPDIR__/pc/$host/config.pl). In the latter 3 cases the
2931 smb share password appears in plain text in a file.
2933 If you use any of the latter three methods please make sure that the file's
2934 permission is appropriately restricted. If you also use RCS or CVS, double
2935 check the file permissions of the config.pl,v file.
2937 In future versions there will probably be support for encryption of the
2938 smb share password, but a private key will still have to be stored in a
2939 protected place. Comments and suggestions are welcome.
2941 =item BackupPC socket server
2943 In v1.5.0 the primary method for communication between the CGI program
2944 (BackupPC_Admin) and the server (BackupPC) is via a unix-domain socket.
2945 Since this socket has restricted permissions, no local user should be
2946 able to connect to this port. No backup or restore data passes through
2947 this interface, but an attacker can start or stop backups and get status
2950 If the Apache server and BackupPC_Admin run on a different host to
2951 BackupPC then a TCP port must be enabled by setting $Conf{ServerPort}.
2952 Anyone can connect to this port. To avoid possible attacks via the TCP
2953 socket interface, every client message is protected by an MD5 digest.
2954 The MD5 digest includes four items:
2960 a seed that is sent to the client when the connection opens
2964 a sequence number that increments for each message
2968 a shared secret that is stored in $Conf{ServerMesgSecret}
2976 The message is sent in plain text preceded by the MD5 digest. A
2977 snooper can see the plain-text seed sent by BackupPC and plain-text
2978 message from the client, but cannot construct a valid MD5 digest since
2979 the secret in $Conf{ServerMesgSecret} is unknown. A replay attack is
2980 not possible since the seed changes on a per-connection and
2983 So if you do enable the TCP port, please set $Conf{ServerMesgSecret}
2984 to some hard-to-guess string. A denial-of-service attack is possible
2985 with the TCP port enabled. Someone could simply connect many times
2986 to this port, until BackupPC had exhausted all its file descriptors,
2987 and this would cause new backups and the CGI interface to fail. The
2988 most secure solution is to run BackupPC and Apache on the same machine
2989 and disable the TCP port.
2991 By the way, if you have upgraded from a version of BackupPC prior to
2992 v1.5.0 you should set $Conf{ServerPort} to -1 to disable the TCP port.
2994 =item Installation permissions
2996 It is important to check that the BackupPC scripts in __INSTALLDIR__/bin
2997 and __INSTALLDIR__/lib cannot be edited by normal users. Check the
2998 directory permissions too.
3000 =item Pool permissions
3002 It is important to check that the data files in __TOPDIR__/pool,
3003 __TOPDIR__/pc and __TOPDIR__/trash cannot be read by normal users.
3004 Normal users should not be able to see anything below __TOPDIR__.
3008 Enabling shares on hosts carries security risks. If you are on a private
3009 network and you generally trust your users then there should not be a
3010 problem. But if you have a laptop that is sometimes on public networks
3011 (eg: broadband or even dialup) you should be concerned. A conservative
3012 approach is to use firewall software, and only enable the netbios and
3013 smb ports (137 and 139) on connections from the host running BackupPC.
3015 =item SSH key security
3017 Using ssh for linux/unix clients is quite secure, but the security is
3018 only as good as the protection of ssh's private keys. If an attacker can
3019 devise a way to run a shell as the BackupPC user then they will have
3020 access to BackupPC's private ssh keys. They can then, in turn, ssh to
3021 any client machine as root (or whichever user you have configured
3022 BackupPC to use). This represents a serious compromise of your entire
3023 network. So in vulnerable networks, think carefully about how to protect
3024 the machine running BackupPC and how to prevent attackers from gaining
3025 shell access (as the BackupPC user) to the machine.
3029 The CGI interface, __CGIDIR__/BackupPC_Admin, needs access to the pool
3030 files so it is installed setuid to __BACKUPPCUSER__. The permissions of
3031 this file need to checked carefully. It should be owned by
3032 __BACKUPPCUSER__ and have user and group (but not other) execute
3033 permission. To allow apache/httpd to execute it, the group ownership
3034 should be something that apache/httpd belongs to.
3036 The Apache configuration should be setup for AuthConfig style,
3037 using a .htaccess file so that the user's name is passed into
3038 the script as $ENV{REMOTE_USER}.
3040 If normal users could directly run BackupPC_Admin then there is a serious
3041 security hole: since it is setuid to __BACKUPPCUSER__ any user can
3042 browse and restore any backups. Be aware that anyone who is allowed to
3043 edit or create cgi scripts on your server can execute BackupPC_Admin as
3044 any user! They simply write a cgi script that sets $ENV{REMOTE_USER} and
3045 then execs BackupPC_Admin. The exec succeeds since httpd runs the first
3046 script as user httpd/apache, which in turn has group permission to
3047 execute BackupPC_Admin.
3049 While this setup should be safe, a more conservative approach is to
3050 run a dedicated Apache as user __BACKUPPCUSER__ on a different port.
3051 Then BackupPC_Admin no longer needs to be setuid, and the cgi
3052 directories can be locked down from normal users. Moreover, this
3053 setup is exactly the one used to support mod_perl, so this provides
3054 both the highest performance and the lowest security risk.
3058 Comments and suggestions are welcome.
3060 =head1 Configuration File
3062 The BackupPC configuration file resides in __TOPDIR__/conf/config.pl.
3063 Optional per-PC configuration files reside in __TOPDIR__/pc/$host/config.pl.
3064 This file can be used to override settings just for a particular PC.
3066 =head2 Modifying the main configuration file
3068 The configuration file is a perl script that is executed by BackupPC, so
3069 you should be careful to preserve the file syntax (punctuation, quotes
3070 etc) when you edit it. It is recommended that you use CVS, RCS or some
3071 other method of source control for changing config.pl.
3073 BackupPC reads or re-reads the main configuration file and
3074 the hosts file in three cases:
3084 When BackupPC is sent a HUP (-1) signal. Assuming you installed the
3085 init.d script, you can also do this with "/etc/init.d/backuppc reload".
3089 When the modification time of config.pl file changes. BackupPC
3090 checks the modification time once during each regular wakeup.
3094 Whenever you change the configuration file you can either do
3095 a kill -HUP BackupPC_pid or simply wait until the next regular
3098 Each time the configuration file is re-read a message is reported in the
3099 LOG file, so you can tail it (or view it via the CGI interface) to make
3100 sure your kill -HUP worked. Errors in parsing the configuration file are
3101 also reported in the LOG file.
3103 The optional per-PC configuration file (__TOPDIR__/pc/$host/config.pl)
3104 is read whenever it is needed by BackupPC_dump, BackupPC_link and others.
3106 =head2 Configuration file includes
3108 If you have a heterogeneous set of clients (eg: a variety of WinXX and
3109 linux/unix machines) you will need to create host-specific config.pl files
3110 for some or all of these machines to customize the default settings from
3111 the master config.pl file (at a minimum to set $Conf{XferMethod}).
3113 Since the config.pl file is just regular perl code, you can include
3114 one config file from another. For example, imagine you had three general
3115 classes of machines: WinXX desktops, linux machines in the DMZ and
3116 linux desktops. You could create three config files in __TOPDIR__/conf:
3118 __TOPDIR__/conf/ConfigWinDesktop.pl
3119 __TOPDIR__/conf/ConfigLinuxDMZ.pl
3120 __TOPDIR__/conf/ConfigLinuxDesktop.pl
3122 From each client's directory you can either add a symbolic link to
3123 the appropriate config file:
3125 cd __TOPDIR__/pc/$host
3126 ln -s ../../conf/ConfigWinDesktop.pl config.pl
3128 or, better yet, create a config.pl file in __TOPDIR__/pc/$host
3129 that includes the default config.pl file using perl's "do"
3132 do "__TOPDIR__/conf/ConfigWinDesktop.pl";
3134 This alternative allows you to set other configuration options
3135 specific to each host after the "do" command (perhaps even
3136 overriding the settings in the included file).
3138 Note that you could also include snippets of configuration settings
3139 from the main configuration file. However, be aware that the
3140 modification-time checking that BackupPC does only applies to the
3141 main configuration file: if you change one of the included files,
3142 BackupPC won't notice. You will need to either touch the main
3143 configuration file too, or send BackupPC a HUP (-1) signal.
3145 =head1 Configuration Parameters
3147 The configuration parameters are divided into five general groups.
3148 The first group (general server configuration) provides general
3149 configuration for BackupPC. The next two groups describe what to
3150 backup, when to do it, and how long to keep it. The fourth group
3151 are settings for email reminders, and the final group contains
3152 settings for the CGI interface.
3154 All configuration settings in the second through fifth groups can
3155 be overridden by the per-PC config.pl file.
3159 =head1 Version Numbers
3161 Starting with v1.4.0 BackupPC switched to a X.Y.Z version numbering
3162 system, instead of X.0Y. The first digit is for major new releases, the
3163 middle digit is for significant feature releases and improvements (most
3164 of the releases have been in this category), and the last digit is for
3165 bug fixes. You should think of the old 1.00, 1.01, 1.02 and 1.03 as
3166 1.0.0, 1.1.0, 1.2.0 and 1.3.0.
3170 Craig Barratt <cbarratt@users.sourceforge.net>
3172 See L<http://backuppc.sourceforge.net>.
3176 Copyright (C) 2001-2004 Craig Barratt
3180 Xavier Nicollet, with additions from Guillaume Filion, added the
3181 internationalization (i18n) support to the CGI interface for v2.0.0.
3182 Xavier provided the French translation fr.pm, with additions from
3185 Ryan Kucera contributed the directory navigation code and images
3186 for v1.5.0. He contributed the first skeleton of BackupPC_restore.
3187 He also added a significant revision to the CGI interface, including
3188 CSS tags, in v2.1.0.
3190 Guillaume Filion wrote BackupPC_zipCreate and added the CGI support
3191 for zip download, in addition to some CGI cleanup, for v1.5.0.
3192 Guillaume continues to support fr.pm updates for each
3195 Josh Marshall implemented the Archive feature in v2.1.0.
3197 Javier Gonzalez provided the Spanish translation, es.pm for v2.0.0.
3199 Manfred Herrmann provided the German translation, de.pm for v2.0.0.
3200 Manfred continues to support de.pm updates for each new version.
3202 Lorenzo Cappelletti provided the Italian translation, it.pm for v2.1.0.
3204 Many people have reported bugs, made useful suggestions and helped
3205 with testing; see the ChangeLog and the mail lists.
3207 Your name could appear here in the next version!
3211 This program is free software; you can redistribute it and/or modify it
3212 under the terms of the GNU General Public License as published by the
3213 Free Software Foundation; either version 2 of the License, or (at your
3214 option) any later version.
3216 This program is distributed in the hope that it will be useful,
3217 but WITHOUT ANY WARRANTY; without even the implied warranty of
3218 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
3219 General Public License for more details.
3221 You should have received a copy of the GNU General Public License in the
3222 LICENSE file along with this program; if not, write to the Free Software
3223 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.