1 =head1 BackupPC Introduction
3 This documentation describes BackupPC version __VERSION__,
4 released on __RELEASEDATE__.
8 BackupPC is a high-performance, enterprise-grade system for backing up
9 Linux and WinXX PCs, desktops and laptops to a server's disk. BackupPC
10 is highly configurable and easy to install and maintain.
12 Given the ever decreasing cost of disks and raid systems, it is now
13 practical and cost effective to backup a large number of machines onto a
14 server's local disk or network storage. For some sites this might be
15 the complete backup solution. For other sites additional permanent
16 archives could be created by periodically backing up the server to tape.
24 A clever pooling scheme minimizes disk storage and disk I/O.
25 Identical files across multiple backups of the same or different PC
26 are stored only once (using hard links), resulting in substantial
27 savings in disk storage and disk writes.
31 Optional compression provides additional reductions in storage
32 (around 40%). The CPU impact of compression is low since only
33 new files (those not already in the pool) need to be compressed.
37 A powerful http/cgi user interface allows administrators to view log
38 files, configuration, current status and allows users to initiate and
39 cancel backups and browse and restore files from backups.
43 The http/cgi user interface has internationalization (i18n) support,
44 currently prodiving English, French and Spanish.
48 No client-side software is needed. On WinXX the standard smb
49 protocol is used to extract backup data. On linux or unix clients,
50 rsync or tar (over ssh/rsh/nfs) is used to extract backup data.
51 Alternatively, rsync can also be used on WinXX (using cygwin),
52 and Samba could be installed on the linux or unix client to
57 Flexible restore options. Single files can be downloaded from
58 any backup directly from the CGI interface. Zip or Tar archives
59 for selected files or directories from any backup can also be
60 downloaded from the CGI interface. Finally, direct restore to
61 the client machine (using smb or tar) for selected files or
62 directories is also supported from the CGI interface.
66 BackupPC supports mobile environments where laptops are only
67 intermittently connected to the network and have dynamic IP addresses
68 (DHCP). Configuration settings allow machines connected via slower WAN
69 connections (eg: dial up, DSL, cable) to not be backed up, even if they
70 use the same fixed or dynamic IP address as when they are connected
75 Flexible configuration parameters allow multiple backups to be performed
76 in parallel, specification of which shares to backup, which directories
77 to backup or not backup, various schedules for full and incremental
78 backups, schedules for email reminders to users and so on. Configuration
79 parameters can be set system-wide or also on a per-PC basis.
83 Users are sent periodic email reminders if their PC has not
84 recently been backed up. Email content, timing and policies
89 BackupPC is Open Source software hosted by SourceForge.
99 A full backup is a complete backup of a share. BackupPC can be configured to
100 do a full backup at a regular interval (often weekly). BackupPC can also
101 be configured to keep a certain number of full backups, and to keep
102 a smaller number of very old full backups.
104 =item Incremental Backup
106 An incremental backup is a backup of files that have changed (based on their
107 modification time) since the last successful full backup. For SMB and
108 tar, BackupPC backups all files that have changed since one hour prior to the
109 start of the last successful full backup. Rsync is more clever: any files
110 who attributes have changed (ie: uid, gid, mtime, modes, size) since the
111 last full are backed up. Deleted and new files are also detected by
112 Rsync incrementals (SMB and tar are not able to detect deleted files or
113 new files whose modification time is prior to the last full dump.
115 BackupPC can also be configured to keep a certain number of incremental
116 backups, and to keep a smaller number of very old incremental backups.
117 (BackupPC does not support multi-level incremental backups, although it
118 would be easy to do so.)
120 BackupPC's CGI interface "fills-in" incremental backups based on the
121 last full backup, giving every backup a "full" appearance. This makes
122 browsing and restoring backups easier.
124 =item Identical Files
126 BackupPC pools identical files using hardlinks. By "identical
127 files" we mean files with identical contents, not necessary the
128 same permissions, ownership or modification time. Two files might
129 have different permissions, ownership, or modification time but
130 will still be pooled whenever the contents are identical. This
131 is possible since BackupPC stores the file meta-data (permissions,
132 ownership, and modification time) separately from the file contents.
136 Based on your site's requirements you need to decide what your backup
137 policy is. BackupPC is not designed to provide exact re-imaging of
138 failed disks. See L<Limitations|limitations> for more information.
139 However, the addition of tar transport for linux/unix clients, plus
140 full support for special file types and unix attributes in v1.4.0
141 likely means an exact image of a linux/unix file system can be made.
143 BackupPC saves backups onto disk. Because of pooling you can relatively
144 economically keep several weeks of old backups. But BackupPC does not
145 provide permanent storage to tape. Other Open Source applications can do
146 this by backing up BackupPC's pool directories to tape.
148 At some sites the disk-based backup will be adequate, without a
149 secondary tape backup. This system is robust to any single failure: if a
150 client disk fails or loses files, the BackupPC server can be used to
151 restore files. If the server disk fails, BackupPC can be restarted on a
152 fresh file system, and create new backups from the clients. The chance
153 of the server disk failing can be made very small by spending more money
154 on increasingly better RAID systems.
156 At other sites a secondary tape backup will be required. This tape
157 backup can be done perhaps weekly from the BackupPC pool file system.
165 =item BackupPC home page
167 The BackupPC Open Source project is hosted on SourceForge. The
168 home page can be found at:
170 http://backuppc.sourceforge.net
172 This page has links to the current documentation, the SourceForge
173 project page and general information.
175 =item SourceForge project
177 The SourceForge project page is at:
179 http://sourceforge.net/projects/backuppc
181 This page has links to the current releases of BackupPC.
185 Three BackupPC mailing lists exist for announcements (backuppc-announce),
186 developers (backuppc-devel), and a general user list for support, asking
187 questions or any other topic relevant to BackupPC (backuppc-users).
189 You can subscribe to these lists by visiting:
191 http://lists.sourceforge.net/lists/listinfo/backuppc-announce
192 http://lists.sourceforge.net/lists/listinfo/backuppc-users
193 http://lists.sourceforge.net/lists/listinfo/backuppc-devel
195 The backuppc-announce list is moderated and is used only for
196 important announcements (eg: new versions). It is low traffic.
197 You only need to subscribe to one of backuppc-announce and
198 backuppc-users: backuppc-users also receives any messages on
201 The backuppc-devel list is only for developers who are working on BackupPC.
202 Do not post questions or support requests there. But detailed technical
203 discussions should happen on this list.
205 To post a message to the backuppc-users list, send an email to
207 backuppc-users@lists.sourceforge.net
209 Do not send subscription requests to this address!
211 =item Other Programs of Interest
213 If you want to mirror linux or unix files or directories to a remote server
214 you should consider rsync, L<http://rsync.samba.org>. BackupPC now uses
215 rsync as a transport mechanism; if you are already an rsync user you
216 can think of BackupPC as adding efficient storage (compression and
217 pooling) and a convenient user interface to rsync.
219 Unison is a utility that can do two-way, interactive, synchronization.
220 See L<http://www.cis.upenn.edu/~bcpierce/unison>.
222 Three popular open source packages that do tape backup are
223 Amanda (L<http://www.amanda.org>),
224 afbackup (L<http://sourceforge.net/projects/afbackup>), and
225 Bacula (L<http://www.bacula.org>).
226 Amanda can also backup WinXX machines to tape using samba.
227 These packages can be used as back ends to BackupPC to backup the
228 BackupPC server data to tape.
230 Various programs and scripts use rsync to provide hardlinked backups.
231 See, for example, Mike Rubel's site (L<http://www.mikerubel.org>),
232 J. W. Schultz's dirvish (L<http://www.pegasys.ws/dirvish>),
233 and John Bowman's rlbackup (L<http://www.math.ualberta.ca/imaging/rlbackup>).
234 BackupPC provides many additional features, such as compressed storage,
235 hardlinking any matching files (rather than just files with the same name),
236 and storing special files without root privileges. But these other scripts
237 provide simple and effective solutions and are worthy of consideration.
243 Here are some ideas for new features that might appear in future
244 releases of BackupPC:
250 Adding hardlink support to rsync.
254 Adding block and file checksum caching to rsync. This will significantly
255 increase performance since the server doesn't have to read each file
256 (twice) to compute the block and file checksums.
260 Adding a trip wire feature for notification when files below certain
261 directories change. For example, if you are backing up a DMZ machine,
262 you could request that you get sent email if any files below /bin,
263 /sbin or /usr change.
267 Allow editing of config parameters via the CGI interface. Users should
268 have permission to edit a subset of the parameters for their clients.
269 Additionally, allow an optional self-service capability so that users
270 can sign up and setup their own clients with no need for IT support.
274 Add backend SQL support for various BackupPC metadata, including
275 configuration parameters, client lists, and backup and restore
276 information. At installation time the backend data engine will
277 be specified (eg: MySQL, ascii text etc).
281 Disconnect the notion of a physical host and a backup client.
282 Currently there is a one-to-one match between physical hosts
283 and backup clients. Instead, the current notion of a host
284 should be replaced by a backup client. Each backup client
285 corresponds to a physical host. A physical host could have
286 several backup clients. This is useful for backing up
287 different types of data, or backing up different portions
288 of a machine with different frequencies or settings.
290 (Note: this has already been implemented in 2.0.0.)
294 Resuming incomplete full backups. Useful if a machine
295 (eg: laptop) is disconnected from the network during a backup,
296 or if the user manually stops a backup. This would be supported
297 initially for rsync. The partial dump would be kept, and be
298 browsable. When the next dump starts, an incremental against
299 the partial dump would be done to make sure it was up to date,
300 and then the rest of the full dump would be done.
304 Replacing smbclient with the perl module FileSys::SmbClient. This
305 gives much more direct control of the smb transfer, allowing
306 incrementals to depend on any attribute change (eg: exist, mtime,
307 file size, uid, gid), and better support for include and exclude.
308 Currently smbclient incrementals only depend upon mtime, so
309 deleted files or renamed files are not detected. FileSys::SmbClient
310 would also allow resuming of incomplete full backups in the
311 same manner as rsync will.
315 Support --listed-incremental or --incremental for tar,
316 so that incrementals will depend upon any attribute change (eg: exist,
317 mtime, file size, uid, gid), rather than just mtime. This will allow
318 tar to be to as capable as FileSys::SmbClient and rsync.
322 For rysnc (and smb when FileSys::SmbClient is supported, and tar when
323 --listed-incremental is supported) support multi-level incrementals.
324 In fact, since incrementals will now be more "accurate", you could
325 choose to never to full dumps (except the first time), or at a
326 minimum do them infrequently: each incremental would depend upon
327 the last, giving a continuous chain of differential dumps.
331 Add a backup browsing feature that shows backup history by file.
332 So rather than a single directory view, it would be a table showing
333 the files (down) and the backups (across). The internal hardlinks
334 encode which files are identical across backups. You could immediately
335 see which files changed on which backups.
339 More speculative: Storing binary file deltas (in fact, reverse deltas)
340 for files that have the same name as a previous backup, but that aren't
341 already in the pool. This will save storage for things like mailbox
342 files or documents that change slightly between backups. Running some
343 benchmarks on a large pool suggests that the potential savings are
344 around 15-20%, which isn't spectacular, and likely not worth the
345 implementation effort. The program xdelta (v1) on SourceForge (see
346 L<http://sourceforge.net/projects/xdelta>) uses an rsync algorithm for
347 doing efficient binary file deltas. Rather than using an external
348 program, File::RsyncP will eventually get the necessary delta
349 generataion code from rsync.
353 Comments and suggestions are welcome.
357 BackupPC is free. I work on BackupPC because I enjoy doing it and I like
358 to contribute to the open source community.
360 BackupPC already has more than enough features for my own needs. The
361 main compensation for continuing to work on BackupPC is knowing that
362 more and more people find it useful. So feedback is certainly
363 appreciated. Even negative feedback is helpful, for example "We
364 evaluated BackupPC but didn't use it because it doesn't ...".
366 Beyond being a satisfied user and telling other people about it, everyone
367 is encouraged to add links to L<http://backuppc.sourceforge.net> (I'll
368 see then via Google) or otherwise publicize BackupPC. Unlike the
369 commercial products in this space, I have a zero budget (in both
370 time and money) for marketing, PR and advertising, so it's up to
373 Also, everyone is encouraged to contribute patches, bug reports, feature
374 and design suggestions, code, and documentation corrections or
377 =head1 Installing BackupPC
387 A linux, solaris, or unix based server with a substantial amount of free
388 disk space (see the next section for what that means). The CPU and disk
389 performance on this server will determine how many simultaneous backups
390 you can run. You should be able to run 4-8 simultaneous backups on a
391 moderately configured server.
393 When BackupPC starts with an empty pool, all the backup data will be
394 written to the pool on disk. After more backups are done, a higher
395 percentage of incoming files will already be in the pool. BackupPC is
396 able to avoid writing to disk new files that are already in the pool.
397 So over time disk writes will reduce significantly (by perhaps a factor
398 of 20 or more), since eventually 95% or more of incoming backup files
399 are typically in the pool. Disk reads from the pool are still needed to
400 do file compares to verify files are an exact match. So, with a mature
401 pool, if a relatively fast client generates data at say 1MB/sec, and you
402 run 4 simultaneous backups, there will be an average server disk load of
403 about 4MB/sec reads and 0.2MB/sec writes (assuming 95% of the incoming
404 files are in the pool). These rates will be perhaps 40% lower if
409 Perl version 5.6.0 or later. BackupPC has been tested with
410 version 5.6.0 and 5.6.1. If you don't have perl, please see
411 L<http://www.cpan.org>.
415 Perl modules Compress::Zlib, Archive::Zip and File::RsyncP. Try "perldoc
416 Compress::Zlib" and "perldoc Archive::Zip" to see if you have these
417 modules. If not, fetch them from L<http://www.cpan.org> and see the
418 instructions below for how to build and install them.
420 The File::RsyncP module is available from L<http://perlrsync.sourceforge.net>
421 or CPAN. You'll need to install the File::RsyncP module if you want to use
422 Rsync as a transport method.
426 If you are using smb to backup WinXX machines you need smbclient and
427 nmblookup from the samba package. You will also need nmblookup if
428 you are backing up linux/unix DHCP machines. See L<http://www.samba.org>.
429 Version 2.2.0 or later of Samba is required (smbclient's tar feature in
430 2.0.8 and prior has bugs for file path lengths around 100 characters
431 and generates bad output when file lengths change during the backup).
433 See L<http://www.samba.org> for source and binaries. It's pretty easy to
434 fetch and compile samba, and just grab smbclient and nmblookup, without
435 doing the installation. Alternatively, L<http://www.samba.org> has binary
436 distributions for most platforms.
440 If you are using tar to backup linux/unix machines you should have version
441 1.13.7 at a minimum, with version 1.13.20 or higher recommended. Use
442 "tar --version" to check your version. Various GNU mirrors have the newest
443 versions of tar, see for example L<http://www.funet.fi/pub/gnu/alpha/gnu/tar>.
444 As of February 2003 the latest version is 1.13.25.
448 If you are using rsync to backup linux/unix machines you should have
449 version 2.5.5 on each client machine. See L<http://rsync.samba.org>.
450 Use "rsync --version" to check your version.
452 For BackupPC to use Rsync you will also need to install the perl
453 File::RsyncP module, which is available from
454 L<http://perlrsync.sourceforge.net>. Version 0.31 or later is required.
458 The Apache web server, see L<http://www.apache.org>, preferably built
459 with mod_perl support.
463 =head2 How much disk space do I need?
465 Here's one real example for an environment that is backing up 65 laptops
466 with compression off. Each full backup averages 3.2GB. Each incremental
467 backup averages about 0.2GB. Storing one full backup and two incremental
468 backups per laptop is around 240GB of raw data. But because of the
469 pooling of identical files, only 87GB is used. This is without
472 Another example, with compression on: backing up 95 laptops, where
473 each backup averages 3.6GB and each incremental averages about 0.3GB.
474 Keeping three weekly full backups, and six incrementals is around
475 1200GB of raw data. Because of pooling and compression, only 150GB
478 Here's a rule of thumb. Add up the C drive usage of all the machines you
479 want to backup (210GB in the first example above). This is a rough
480 minimum space estimate that should allow a couple of full backups and at
481 least half a dozen incremental backups per machine. If compression is on
482 you can reduce the storage requirements by maybe 30-40%. Add some margin
483 in case you add more machines or decide to keep more old backups.
485 Your actual mileage will depend upon the types of clients, operating
486 systems and applications you have. The more uniform the clients and
487 applications the bigger the benefit from pooling common files.
489 For example, the Eudora email tool stores each mail folder in a separate
490 file, and attachments are extracted as separate files. So in the sadly
491 common case of a large attachment emailed to many recipients, Eudora
492 will extract the attachment into a new file. When these machines are
493 backed up, only one copy of the file will be stored on the server, even
494 though the file appears in many different full or incremental backups. In
495 this sense Eudora is a "friendly" application from the point of view of
496 backup storage requirements.
498 An example at the other end of the spectrum is Outlook. Everything
499 (email bodies, attachments, calendar, contact lists) is stored in a
500 single file, which often becomes huge. Any change to this file requires
501 a separate copy of the file to be saved during backup. Outlook is even
502 more troublesome, since it keeps this file locked all the time, so it
503 cannot be read by smbclient whenever Outlook is running. See the
504 L<Limitations|limitations> section for more discussion of this problem.
506 =head2 Step 1: Getting BackupPC
508 Download the latest version from L<http://backuppc.sourceforge.net>.
510 =head2 Step 2: Installing the distribution
512 First off, there are three perl modules you should install.
513 These are all optional, but highly recommended:
519 To enable compression, you will need to install Compress::Zlib
520 from L<http://www.cpan.org>.
521 You can run "perldoc Compress::Zlib" to see if this module is installed.
525 To support restore via Zip archives you will need to install
526 Archive::Zip, also from L<http://www.cpan.org>.
527 You can run "perldoc Archive::Zip" to see if this module is installed.
531 To use rsync and rsyncd with BackupPC you will need to install File::RsyncP.
532 You can run "perldoc File::RsyncP" to see if this module is installed.
533 File::RsyncP is available from L<http://perlrsync.sourceforge.net>.
534 Version 0.31 or later is required.
538 To build and install these packages, fetch the tar.gz file and
539 then run these commands:
541 tar zxvf Archive-Zip-1.01.tar.gz
548 The same sequence of commands can be used for each module.
550 Now let's move onto BackupPC itself. After fetching
551 BackupPC-__VERSION__.tar.gz, run these commands as root:
553 tar zxf BackupPC-__VERSION__.tar.gz
554 cd BackupPC-__VERSION__
557 You will be prompted for the full paths of various executables, and
558 you will be prompted for the following information:
564 It is best if BackupPC runs as a special user, eg backuppc, that has
565 limited privileges. It is preferred that backuppc belongs to a system
566 administrator group so that sys admin members can browse backuppc files,
567 edit the configuration files and so on. Although configurable, the
568 default settings leave group read permission on pool files, so make
569 sure the BackupPC user's group is chosen restrictively.
571 On this installation, this is __BACKUPPCUSER__.
575 You need to decide where to put the data directory, below which
576 all the BackupPC data is stored. This needs to be a big file system.
578 On this installation, this is __TOPDIR__.
580 =item Install Directory
582 You should decide where the BackupPC scripts, libraries and documentation
583 should be installed, eg: /opt/local/BackupPC.
585 On this installation, this is __INSTALLDIR__.
587 =item CGI bin Directory
589 You should decide where the BackupPC CGI script resides. This will
590 usually below Apache's cgi-bin directory.
592 On this installation, this is __CGIDIR__.
594 =item Apache image directory
596 A directory where BackupPC's images are stored so that Apache can
597 serve them. This should be somewhere under Apache's DocumentRoot
602 =head2 Step 3: Setting up config.pl
604 After running configure.pl, browse through the config file,
605 __INSTALLDIR__/conf/config.pl, and make sure all the default settings
606 are correct. In particular, you will need to decide whether to use
607 smb or tar transport (or whether to set it on a per-PC basis),
608 set the smb share password (if using smb), set the backup policies
609 and modify the email message headers and bodies.
611 BackupPC needs to know the smb share user name and password for each PC
612 that uses smb (ie: all the WinXX clients). The user name is specified
613 in $Conf{SmbShareUserName}. There are four ways to tell BackupPC the smb
620 As an environment variable BPC_SMB_PASSWD set before BackupPC starts.
621 If you start BackupPC manually the BPC_SMB_PASSWD variable must be set
622 manually first. For backward compatibility for v1.5.0 and prior, the
623 environment variable PASSWD can be used if BPC_SMB_PASSWD is not set.
624 Warning: on some systems it is possible to see environment variables of
629 Alternatively the BPC_SMB_PASSWD setting can be included in
630 /etc/init.d/backuppc, in which case you must make sure this file
631 is not world (other) readable.
635 As a configuration variable $Conf{SmbSharePasswd} in
636 __TOPDIR__/conf/config.pl. If you put the password
637 here you must make sure this file is not world (other) readable.
641 As a configuration variable $Conf{SmbSharePasswd} in the per-PC
642 configuration file, __TOPDIR__/pc/$host/config.pl. You will have to
643 use this option if the smb share password is different for each host.
644 If you put the password here you must make sure this file is not
645 world (other) readable.
649 Placement and protection of the smb share password is a possible
650 security risk, so please double-check the file and directory
651 permissions. In a future version there might be support for
652 encryption of this password, but a private key will still have to
653 be stored in a protected place. Suggestions are welcome.
655 =head2 Step 4: Setting up the hosts file
657 The file __TOPDIR__/conf/hosts contains the list of clients to backup.
658 BackupPC reads this file in three cases:
668 When BackupPC is sent a HUP (-1) signal. Assuming you installed the
669 init.d script, you can also do this with "/etc/init.d/backuppc reload".
673 When the modification time of the hosts file changes. BackupPC
674 checks the modification time once during each regular wakeup.
678 Whenever you change the hosts file (to add or remove a host) you can
679 either do a kill -HUP BackupPC_pid or simply wait until the next regular
682 Each line in the hosts file contains three fields, separated
689 This is typically the host name or NetBios name of the client machine
690 and should be in lower case. The host name can contain spaces (escape
691 with a backslash), but it is not recommended.
693 Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>.
695 In certain cases you might want several distinct clients to refer
696 to the same physical machine. For example, you might have a database
697 you want to backup, and you want to bracket the backup of the database
698 with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}.
699 But you also want to backup the rest of the machine while the database
700 is still running. In the case you can specify two different clients in
701 the host file, using any mnemonic name (eg: myhost_mysql and myhost), and
702 use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the
703 real host name of the machine.
707 Starting with v2.0.0 the way hosts are discovered has changed and now
708 in most cases you should specify 0 for the DHCP flag, even if the host
709 has a dynamically assigned IP address.
710 Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>
711 to understand whether you need to set the DHCP flag.
713 You only need to set DHCP to 1 if your client machine doesn't
714 respond to the NetBios multicast request:
718 but does respond to a request directed to its IP address:
722 If you do set DHCP to 1 on any client you will need to specify the range of
723 DHCP addresses to search is specified in $Conf{DHCPAddressRanges}.
725 Note also that the $Conf{ClientNameAlias} feature does not work for
726 clients with DHCP set to 1.
730 This should be the unix login/email name of the user who "owns" or uses
731 this machine. This is the user who will be sent email about this
732 machine, and this user will have permission to stop/start/browse/restore
733 backups for this host. Leave this blank if no specific person should
734 receive email or be allowed to stop/start/browse/restore backups
735 for this host. Administrators will still have full permissions.
739 Additional user names, separate by commas and with no white space,
740 can be specified. These users will also have full permission in
741 the CGI interface to stop/start/browse/restore backups for this host.
742 These users will not be sent email about this host.
746 The first non-comment line of the hosts file is special: it contains
747 the names of the columns and should not be edited.
749 Here's a simple example of a hosts file:
751 host dhcp user moreUsers
752 farside 0 craig jim,dave
755 =head2 Step 5: Client Setup
757 Two methods for getting backup data from a client are
758 supported: smb and tar. Smb is the preferred method for WinXX clients
759 and tar is preferred method for linux/unix clients.
761 The transfer method is set using the $Conf{XferMethod} configuration
762 setting. If you have a mixed environment (ie: you will use smb for some
763 clients and tar for others), you will need to pick the most common
764 choice for $Conf{XferMethod} for the main config.pl file, and then
765 override it in the per-PC config file for those hosts that will use
766 the other method. (Or you could run two completely separate instances
767 of BackupPC, with different data directories, one for WinXX and the
768 other for linux/unix, but then common files between the different
769 machine types will duplicated.)
771 Here are some brief client setup notes:
777 The preferred setup for WinXX clients is to set $Conf{XferMethod} to "smb".
778 (Actually, for v2.0.0, rsyncd is the better method for WinXX if you are
779 prepared to run rsync/cygwin on your WinXX client. More information
780 about this will be provided via the FAQ.)
782 You need to create shares for the data you want to backup.
783 Open "My Computer", right click on the drive (eg: C), and
784 select "Sharing..." (or select "Properties" and select the
785 "Sharing" tab). In this dialog box you can enable sharing,
786 select the share name and permissions.
788 If this machine uses DHCP you will also need to make sure the
789 NetBios name is set. Go to Control Panel|System|Network Identification
790 (on Win2K) or Control Panel|System|Computer Name (on WinXP).
791 Also, you should go to Control Panel|Network Connections|Local Area
792 Connection|Properties|Internet Protocol (TCP/IP)|Properties|Advanced|WINS
793 and verify that NetBios is not disabled.
795 As an alternative to setting $Conf{XferMethod} to "smb" (using
796 smbclient) for WinXX clients, you can use an smb network filesystem (eg:
797 ksmbfs or similar) on your linux/unix server to mount the share,
798 and then set $Conf{XferMethod} to "tar" (use tar on the network
799 mounted file system).
801 Also, to make sure that file names with 8-bit characters are correctly
802 transferred by smbclient you should add this to samba's smb.conf file:
805 # Accept the windows charset
806 client code page = 850
807 character set = ISO8859-1
809 This setting should work for western europe.
810 See L<http://www.oreilly.com/catalog/samba/chapter/book/ch08_03.html>
811 for more information about settings for other languages.
815 The preferred setup for linux/unix clients is to set $Conf{XferMethod}
816 to "rsync", "rsyncd" or "tar".
818 You can use either rsync, smb, or tar for linux/unix machines. Smb requires
819 that the Samba server (smbd) be run to provide the shares. Since the smb
820 protocol can't represent special files like symbolic links and fifos,
821 tar and rsync are the better transport methods for linux/unix machines.
822 (In fact, by default samba makes symbolic links look like the file or
823 directory that they point to, so you could get an infinite loop if a
824 symbolic link points to the current or parent directory. If you really
825 need to use Samba shares for linux/unix backups you should turn off the
826 "follow symlinks" samba config setting. See the smb.conf manual page.)
828 The requirements for each Xfer Method are:
834 You must have GNU tar on the client machine. Use "tar --version"
835 or "gtar --version" to verify. The version should be at least
836 1.13.7, and 1.13.20 or greater is recommended. Tar is run on
837 the client machine via rsh or ssh.
839 The relevant configuration settings are $Conf{TarClientPath},
840 $Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs},
841 $Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}.
845 You should have at least rsync 2.5.5, and the latest version 2.5.6
846 is recommended. Rsync is run on the remote client via rsh or ssh.
848 The relevant configuration settings are $Conf{RsyncClientPath},
849 $Conf{RsyncClientCmd}, $Conf{RsyncClientRestoreCmd}, $Conf{RsyncShareName},
850 $Conf{RsyncArgs}, $Conf{RsyncRestoreArgs} and $Conf{RsyncLogLevel}.
854 You should have at least rsync 2.5.5, and the latest version 2.5.6
855 is recommended. In this case the rsync daemon should be running on
856 the client machine and BackupPC connects directly to it.
858 The relevant configuration settings are $Conf{RsyncdClientPort},
859 $Conf{RsyncdUserName}, $Conf{RsyncdPasswd}, $Conf{RsyncdAuthRequired},
860 $Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncRestoreArgs}
861 and $Conf{RsyncLogLevel}. In the case of rsyncd, $Conf{RsyncShareName}
862 is the name of an rsync module (ie: the thing in square brackets in
863 rsyncd's conf file -- see rsyncd.conf), not a file system path.
867 For linux/unix machines you should not backup "/proc". This directory
868 contains a variety of files that look like regular files but they are
869 special files that don't need to be backed up (eg: /proc/kcore is a
870 regular file that contains physical memory). See $Conf{BackupFilesExclude}.
871 It is safe to back up /dev since it contains mostly character-special
872 and block-special files, which are correctly handed by BackupPC
873 (eg: backing up /dev/hda5 just saves the block-special file information,
874 not the contents of the disk).
876 Alternatively, rather than backup all the file systems as a single
877 share ("/"), it is easier to restore a single file system if you backup
878 each file system separately. To do this you should list each file system
879 mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the
880 --one-file-system option to $Conf{TarClientCmd} or add --one-file-system
881 (note the different punctuation) to $Conf{RsyncArgs}. In this case there
882 is no need to exclude /proc explicitly since it looks like a different
885 Next you should decide whether to run tar over ssh, rsh or nfs. Ssh is
886 the preferred method. Rsh is not secure and therefore not recommended.
887 Nfs will work, but you need to make sure that the BackupPC user (running
888 on the server) has sufficient permissions to read all the files below
891 Ssh allows BackupPC to run as a privileged user on the client (eg:
892 root), since it needs sufficient permissions to read all the backup
893 files. Ssh is setup so that BackupPC on the server (an otherwise low
894 privileged user) can ssh as root on the client, without being prompted
895 for a password. There are two common versions of ssh: v1 and v2. Here
896 are some instructions for one way to setup ssh. (Check which version
897 of SSH you have by typing "ssh" or "man ssh".)
901 =item OpenSSH Instructions
903 Depending upon your OpenSSH installation, many of these steps can be
904 replaced by running the scripts ssh-user-config and ssh-host-config
905 included with OpenSSH. You still need to manually exchange the keys.
911 As root on the client machine, use ssh-keygen to generate a
912 public/private key pair, without a pass-phrase:
914 ssh-keygen -t rsa -N ''
916 This will save the public key in ~/.ssh/id_rsa.pub and the private
917 key in ~/.ssh/id_rsa.
921 Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server.
922 Make a copy of the public key to make it recognizable, eg:
924 ssh-keygen -t rsa -N ''
925 cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
927 See the ssh and sshd manual pages for extra configuration information.
931 To allow BackupPC to ssh to the client as root, you need to place
932 BackupPC's public key into root's authorized list on the client.
933 Append BackupPC's public key (BackupPC_id_rsa.pub) to root's
934 ~/.ssh/authorized_keys2 file on the client:
936 touch ~/.ssh/authorized_keys2
937 cat BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2
939 You should edit ~/.ssh/authorized_keys2 and add further specifiers,
940 eg: from, to limit which hosts can login using this key. For example,
941 if your BackupPC host is called backuppc.my.com, there should be
942 one line in ~/.ssh/authorized_keys2 that looks like:
944 from="backuppc.my.com" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
946 =item Fix permissions
948 You will probably need to make sure that all the files
949 in ~/.ssh have no group or other read/write permission:
951 chmod -R go-rwx ~/.ssh
953 You should do the same thing for the BackupPC user on the server.
957 As the BackupPC user on the server, verify that this command:
959 ssh -l root clientHostName whoami
965 You might be prompted the first time to accept the client's host key and
966 you might be prompted for root's password on the client. Make sure that
967 this command runs cleanly with no prompts after the first time. You
968 might need to check /etc/hosts.equiv on the client. Look at the
969 man pages for more information. The "-v" option to ssh is a good way
970 to get detailed information about what fails.
974 =item SSH2 Instructions
980 As root on the client machine, use ssh-keygen2 to generate a
981 public/private key pair, without a pass-phrase:
983 ssh-keygen2 -t rsa -P
987 ssh-keygen -t rsa -N ''
989 (This command might just be called ssh-keygen on your machine.)
991 This will save the public key in /.ssh2/id_rsa_1024_a.pub and the private
992 key in /.ssh2/id_rsa_1024_a.
996 Create the identification file /.ssh2/identification:
998 echo "IdKey id_rsa_1024_a" > /.ssh2/identification
1000 =item BackupPC setup
1002 Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server.
1003 Rename the key files to recognizable names, eg:
1005 ssh-keygen2 -t rsa -P
1006 mv ~/.ssh2/id_rsa_1024_a.pub ~/.ssh2/BackupPC_id_rsa_1024_a.pub
1007 mv ~/.ssh2/id_rsa_1024_a ~/.ssh2/BackupPC_id_rsa_1024_a
1008 echo "IdKey BackupPC_id_rsa_1024_a" > ~/.ssh2/identification
1010 Based on your ssh2 configuration, you might also need to turn off
1011 StrictHostKeyChecking and PasswordAuthentication:
1013 touch ~/.ssh2/ssh2_config
1014 echo "StrictHostKeyChecking ask" >> ~/.ssh2/ssh2_config
1015 echo "PasswordAuthentication no" >> ~/.ssh2/ssh2_config
1019 To allow BackupPC to ssh to the client as root, you need to place
1020 BackupPC's public key into root's authorized list on the client.
1021 Copy BackupPC's public key (BackupPC_id_rsa_1024_a.pub) to the
1022 /.ssh2 directory on the client. Add the following line to the
1023 /.ssh2/authorization file on the client (as root):
1025 touch /.ssh2/authorization
1026 echo "Key BackupPC_id_rsa_1024_a.pub" >> /.ssh2/authorization
1028 =item Fix permissions
1030 You will probably need to make sure that all the files
1031 in /.ssh2 have no group or other read/write permission:
1033 chmod -R go-rwx /.ssh2
1035 You should do the same thing for the BackupPC user on the server.
1039 As the BackupPC user on the server, verify that this command:
1041 ssh2 -l root clientHostName whoami
1047 You might be prompted the first time to accept the client's host key and
1048 you might be prompted for root's password on the client. Make sure that
1049 this command runs cleanly with no prompts after the first time. You
1050 might need to check /etc/hosts.equiv on the client. Look at the
1051 man pages for more information. The "-v" option to ssh2 is a good way
1052 to get detailed information about what fails.
1056 =item SSH version 1 Instructions
1058 The concept is identical and the steps are similar, but the specific
1059 commands and file names are slightly different.
1061 First, run ssh-keygen on the client (as root) and server (as the BackupPC
1062 user) and simply hit enter when prompted for the pass-phrase:
1066 This will save the public key in /.ssh/identity.pub and the private
1067 key in /.ssh/identity.
1069 Next, append BackupPC's ~/.ssh/identity.pub (from the server) to root's
1070 /.ssh/authorized_keys file on the client. It's a single long line that
1071 you can cut-and-paste with an editor (make sure it remains a single line).
1073 Next, force protocol version 1 by adding:
1077 to BackupPC's ~/.ssh/config on the server.
1079 Next, run "chmod -R go-rwx ~/.ssh" on the server and "chmod -R go-rwx /.ssh"
1082 Finally, test using:
1084 ssh -l root clientHostName whoami
1088 Finally, if this machine uses DHCP you will need to run nmbd (the
1089 NetBios name server) from the Samba distribution so that the machine
1090 responds to a NetBios name request. See the manual page and Samba
1091 documentation for more information.
1095 =head2 Step 6: Running BackupPC
1097 The installation contains an init.d backuppc script that can be copied
1098 to /etc/init.d so that BackupPC can auto-start on boot.
1099 See init.d/README for further instructions.
1101 BackupPC should be ready to start. If you installed the init.d script,
1102 then you should be able to run BackupPC with:
1104 /etc/init.d/backuppc start
1106 (This script can also be invoked with "stop" to stop BackupPC and "reload"
1107 to tell BackupPC to reload config.pl and the hosts file.)
1111 __INSTALLDIR__/bin/BackupPC -d
1113 as user __BACKUPPCUSER__. The -d option tells BackupPC to run as a daemon
1114 (ie: it does an additional fork).
1116 Any immediate errors will be printed to stderr and BackupPC will quit.
1117 Otherwise, look in __TOPDIR__/log/LOG and verify that BackupPC reports
1118 it has started and all is ok.
1120 =head2 Step 7: Talking to BackupPC
1122 Note: as of version 1.5.0, BackupPC no longer supports telnet
1123 to its TCP port. First off, a unix domain socket is used
1124 instead of a TCP port. (The TCP port can still be re-enabled
1125 if your installation has apache and BackupPC running on different
1126 machines.) Secondly, even if you still use the TCP port, the
1127 messages exchanged over this interface are now protected by
1128 an MD5 digest based on a shared secret (see $Conf{ServerMesgSecret})
1129 as well as sequence numbers and per-session unique keys, preventing
1130 forgery and replay attacks.
1132 You should verify that BackupPC is running by using BackupPC_serverMesg.
1133 This sends a message to BackupPC via the unix (or TCP) socket and prints
1136 You can request status information and start and stop backups using this
1137 interface. This socket interface is mainly provided for the CGI interface
1138 (and some of the BackupPC sub-programs use it too). But right now we just
1139 want to make sure BackupPC is happy. Each of these commands should
1140 produce some status output:
1142 __INSTALLDIR__/bin/BackupPC_serverMesg status info
1143 __INSTALLDIR__/bin/BackupPC_serverMesg status jobs
1144 __INSTALLDIR__/bin/BackupPC_serverMesg status hosts
1146 The output should be some hashes printed with Data::Dumper. If it
1147 looks cryptic and confusing, and doesn't look like an error message,
1150 The jobs status should initially show just BackupPC_trashClean.
1151 The hosts status should produce a list of every host you have listed
1152 in __TOPDIR__/conf/hosts as part of a big cryptic output line.
1154 You can also request that all hosts be queued:
1156 __INSTALLDIR__/bin/BackupPC_serverMesg backup all
1158 At this point you should make sure the CGI interface works since
1159 it will be much easier to see what is going on. That's our
1162 =head2 Step 8: CGI interface
1164 The CGI interface script, BackupPC_Admin, is a powerful and flexible
1165 way to see and control what BackupPC is doing. It is written for an
1166 Apache server. If you don't have Apache, see L<http://www.apache.org>.
1168 There are two options for setting up the CGI interface: standard
1169 mode and using mod_perl. Mod_perl provides much higher performance
1170 (around 15x) and is the best choice if your Apache was built with
1171 mod_perl support. To see if your apache was built with mod_perl
1174 httpd -l | egrep mod_perl
1176 If this prints mod_perl.c then your Apache supports mod_perl.
1178 Using mod_perl with BackupPC_Admin requires a dedicated Apache
1179 to be run as the BackupPC user (__BACKUPPCUSER__). This is
1180 because BackupPC_Admin needs permission to access various files
1181 in BackupPC's data directories. In contrast, the standard
1182 installation (without mod_perl) solves this problem by having
1183 BackupPC_Admin installed as setuid to the BackupPC user, so that
1184 BackupPC_Admin runs as the BackuPC user.
1186 Here are some specifics for each setup:
1190 =item Standard Setup
1192 The CGI interface should have been installed by the configure.pl script
1193 in __CGIDIR__/BackupPC_Admin. BackupPC_Admin should have been installed
1194 as setuid to the BackupPC user (__BACKUPPCUSER__), in addition to user
1195 and group execute permission.
1197 You should be very careful about permissions on BackupPC_Admin and
1198 the directory __CGIDIR__: it is important that normal users cannot
1199 directly execute or change BackupPC_Admin, otherwise they can access
1200 backup files for any PC. You might need to change the group ownership
1201 of BackupPC_Admin to a group that Apache belongs to so that Apache
1202 can execute it (don't add "other" execute permission!).
1203 The permissions should look like this:
1205 ls -l __CGIDIR__/BackupPC_Admin
1206 -swxr-x--- 1 __BACKUPPCUSER__ web 82406 Jun 17 22:58 __CGIDIR__/BackupPC_Admin
1208 The setuid script won't work unless perl on your machine was installed
1209 with setuid emulation. This is likely the problem if you get an error
1210 saying such as "Wrong user: my userid is 25, instead of 150", meaning
1211 the script is running as the httpd user, not the BackupPC user.
1212 This is because setuid scripts are disabled by the kernel in most
1213 flavors of unix and linux.
1215 To see if your perl has setuid emulation, see if there is a program
1216 called sperl5.6.0 or sperl5.6.1 in the place where perl is installed.
1217 If you can't find this program, then you have two options: rebuild
1218 and reinstall perl with the setuid emulation turned on (answer "y" to
1219 the question "Do you want to do setuid/setgid emulation?" when you
1220 run perl's configure script), or switch to the mod_perl alternative
1221 for the CGI script (which doesn't need setuid to work).
1223 =item Mod_perl Setup
1225 The advantage of the mod_perl setup is that no setuid script is needed,
1226 and there is a huge performance advantage. Not only does all the perl
1227 code need to be parsed just once, the config.pl and hosts files, plus
1228 the connection to the BackupPC server are cached between requests. The
1229 typical speedup is around 15 times.
1231 To use mod_perl you need to run Apache as user __BACKUPPCUSER__.
1232 If you need to run multiple Apache's for different services then
1233 you need to create multiple top-level Apache directories, each
1234 with their own config file. You can make copies of /etc/init.d/httpd
1235 and use the -d option to httpd to point each http to a different
1236 top-level directory. Or you can use the -f option to explicitly
1237 point to the config file. Multiple Apache's will run on different
1238 Ports (eg: 80 is standard, 8080 is a typical alternative port accessed
1239 via http://yourhost.com:8080).
1241 Inside BackupPC's Apache http.conf file you should check the
1242 settings for ServerRoot, DocumentRoot, User, Group, and Port. See
1243 L<http://httpd.apache.org/docs/server-wide.html> for more details.
1245 For mod_perl, BackupPC_Admin should not have setuid permission, so
1246 you should turn it off:
1248 chmod u-s __CGIDIR__/BackupPC_Admin
1250 To tell Apache to use mod_perl to execute BackupPC_Admin, add this
1251 to Apache's httpd.conf file:
1253 <IfModule mod_perl.c>
1254 PerlModule Apache::Registry
1256 <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed
1257 SetHandler perl-script
1258 PerlHandler Apache::Registry
1264 There are other optimizations and options with mod_perl. For
1265 example, you can tell mod_perl to preload various perl modules,
1266 which saves memory compared to loading separate copies in every
1267 Apache process after they are forked. See Stas's definitive
1268 mod_perl guide at L<http://perl.apache.org/guide>.
1272 BackupPC_Admin requires that users are authenticated by Apache.
1273 Specifically, it expects that Apache sets the REMOTE_USER environment
1274 variable when it runs. There are several ways to do this. One way
1275 is to create a .htaccess file in the cgi-bin directory that looks like:
1277 AuthGroupFile /etc/httpd/conf/group # <--- change path as needed
1278 AuthUserFile /etc/http/conf/passwd # <--- change path as needed
1283 You will also need "AllowOverride Indexes AuthConfig" in the Apache
1284 httpd.conf file to enable the .htaccess file. Alternatively, everything
1285 can go in the Apache httpd.conf file inside a Location directive. The
1286 list of users and password file above can be extracted from the NIS
1289 One alternative is to use LDAP. In Apache's http.conf add these lines:
1291 LoadModule auth_ldap_module modules/auth_ldap.so
1292 AddModule auth_ldap.c
1294 # cgi-bin - auth via LDAP (for BackupPC)
1295 <Location /cgi-binBackupPC/BackupPC_Admin> # <--- change path as needed
1297 AuthName "BackupPC login"
1298 # replace MYDOMAIN, PORT, ORG and CO as needed
1299 AuthLDAPURL ldap://ldap.MYDOMAIN.com:PORT/o=ORG,c=CO?uid?sub?(objectClass=*)
1303 If you want to defeat the user authentication you can force a
1304 particular user name by getting Apache to set REMOTE_USER, eg,
1305 to hardcode the user to www you could add this to httpd.conf:
1307 <Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed
1308 Setenv REMOTE_USER www
1311 Finally, you should also edit the config.pl file and adjust, as necessary,
1312 the CGI-specific settings. They're near the end of the config file. In
1313 particular, you should specify which users or groups have administrator
1314 (privileged) access. Also, the configure.pl script placed various
1315 images into $Conf{CgiImageDir} that BackupPC_Admin needs to serve
1316 up. You should make sure that $Conf{CgiImageDirURL} is the correct
1317 URL for the image directory.
1319 =head2 How BackupPC Finds Hosts
1321 Starting with v2.0.0 the way hosts are discovered has changed. In most
1322 cases you should specify 0 for the DHCP flag in the conf/hosts file,
1323 even if the host has a dynamically assigned IP address.
1325 BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner:
1331 First DNS is used to lookup the IP address given the client's name
1332 using perl's gethostbyname() function. This should succeed for machines
1333 that have fixed IP addresses that are known via DNS. You can manually
1334 see whether a given host have a DNS entry according to perls'
1335 gethostbyname function with this command:
1337 perl -e 'print(gethostbyname("myhost") ? "ok\n" : "not found\n");'
1341 If gethostbyname() fails, BackupPC then attempts a NetBios multicast to
1342 find the host. Provided your client machine is configured properly,
1343 it should respond to this NetBios multicast request. Specifically,
1344 BackupPC runs a command of this form:
1348 If this fails you will see output like:
1350 querying myhost on 10.10.255.255
1351 name_query failed to find name myhost
1353 If this success you will see output like:
1355 querying myhost on 10.10.255.255
1356 10.10.1.73 myhost<00>
1358 Depending on your netmask you might need to specify the -B option to
1359 nmblookup. For example:
1361 nmblookup -B 10.10.1.255 myhost
1363 If necessary, experiment on the nmblookup command that will return the
1364 IP address of the client given its name. Then update
1365 $Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup.
1369 For hosts that have the DHCP flag set to 1, these machines are
1370 discovered as follows:
1376 A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified.
1377 BackupPC will check the NetBIOS name of each machine in the range using
1378 a command of the form:
1380 nmblookup -A W.X.Y.Z
1382 where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}.
1383 Any host that has a valid NetBIOS name returned by this command (ie:
1384 matching an entry in the hosts file) will be backed up. You can
1385 modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}.
1389 You only need to use this DHCP feature if your client machine doesn't
1390 respond to the NetBios multicast request:
1394 but does respond to a request directed to its IP address:
1396 nmblookup -A W.X.Y.Z
1400 =head2 Other installation topics
1404 =item Copying the pool
1406 If the pool disk requirements grow you might need to copy the entire
1407 data directory to a new (bigger) file system. Hopefully you are lucky
1408 enough to avoid this by having the data directory on a RAID file system
1409 or LVM that allows the capacity to be grown in place by adding disks.
1411 The backup data directories contain large numbers of hardlinks. If
1412 you try to copy the pool the target directory will occupy a lot more
1413 space if the hardlinks aren't re-established.
1415 The GNU cp program with the -a option is aware of hardlinks and knows
1416 to re-establish them. So GNU cp -a is the recommended way to copy
1417 the data directory and pool. Don't forget to stop BackupPC while
1420 =item Compressing an existing pool
1422 If you are upgrading BackupPC and want to turn compression on you have
1429 Simply turn on compression. All new backups will be compressed. Both old
1430 (uncompressed) and new (compressed) backups can be browsed and viewed.
1431 Eventually, the old backups will expire and all the pool data will be
1432 compressed. However, until the old backups expire, this approach could
1433 require 60% or more additional pool storage space to store both
1434 uncompressed and compressed versions of the backup files.
1438 Convert all the uncompressed pool files and backups to compressed.
1439 The script __INSTALLDIR__/bin/BackupPC_compressPool does this.
1440 BackupPC must not be running when you run BackupPC_compressPool.
1441 Also, there must be no existing compressed backups when you
1442 run BackupPC_compressPool.
1444 BackupPC_compressPool compresses all the files in the uncompressed pool
1445 (__TOPDIR__/pool) and moves them to the compressed pool
1446 (__TOPDIR__/cpool). It rewrites the files in place, so that the
1447 existing hardlinks are not disturbed.
1451 The rest of this section discusses how to run BackupPC_compressPool.
1453 BackupPC_compressPool takes three command line options:
1459 Test mode: do everything except actually replace the pool files.
1460 Useful for estimating total run time without making any real
1465 Read check: re-read the compressed file and compare it against
1466 the original uncompressed file. Can only be used in test mode.
1470 Number of children to fork. BackupPC_compressPool can take a long time
1471 to run, so to speed things up it spawns four children, each working on a
1472 different part of the pool. You can change the number of children with
1477 Here are the recommended steps for running BackupPC_compressPool:
1483 Stop BackupPC (eg: "/etc/init.d/backuppc stop").
1487 Set $Conf{CompressLevel} to a non-zero number (eg: 3).
1491 Do a dry run of BackupPC_compressPool. Make sure you run this as
1492 the BackupPC user (__BACKUPPCUSER__):
1494 BackupPC_compressPool -t -r
1496 The -t option (test mode) makes BackupPC_compressPool do all the steps,
1497 but not actually change anything. The -r option re-reads the compressed
1498 file and compares it against the original.
1500 BackupPC_compressPool gives a status as it completes each 1% of the job.
1501 It also shows the cumulative compression ratio and estimated completion
1502 time. Once you are comfortable that things look ok, you can kill
1503 BackupPC_compressPool or wait for it to finish.
1507 Now you are ready to run BackupPC_compressPool for real. Once again,
1508 as the BackupPC user (__BACKUPPCUSER__), run:
1510 BackupPC_compressPool
1512 You should put the output into a file and tail this file. (The running
1513 time could be twice as long as the test mode since the test mode file
1514 writes are immediately followed by an unlink, so in test mode it is
1515 likely the file writes never make it to disk.)
1517 It is B<critical> that BackupPC_compressPool runs to completion before
1518 re-starting BackupPC. Before BackupPC_compressPool completes, none of
1519 the existing backups will be in a consistent state. If you must stop
1520 BackupPC_compressPool for some reason, send it an INT or TERM signal
1521 and give it several seconds (or more) to clean up gracefully.
1522 After that, you can re-run BackupPC_compressPool and it will start
1523 again where it left off. Once again, it is critical that it runs
1528 After BackupPC_compressPool completes you should have a complete set
1529 of compressed backups (and your disk usage should be lower). You
1530 can now re-start BackupPC.
1534 =head2 Debugging installation problems
1536 This section will probably grow based on the types of questions on
1537 the BackupPC mail list.
1539 Assuming BackupPC can start correctly you should inspect __TOPDIR__/log/LOG
1540 for any errors. Assuming backups for a particular host start, you
1541 should be able to look in __TOPDIR__/pc/$host/LOG for error messages
1542 specific to that host.
1544 The most likely problems will relate to connecting to the smb shares on
1545 each host. On each failed backup, a file __TOPDIR__/pc/$host/XferERR will
1546 be created. This is the stderr output from smbclient. The first line
1547 will show the full smbclient command that was run. Based on the error
1548 messages you should figure out what is wrong. Possible errors on the
1549 server side are invalid host, invalid share name, bad username or password.
1550 Possible errors on the client side are misconfiguration of the share,
1551 username or password.
1553 You should run smbclient manually and verify that you can connect to
1554 the host in interactive mode, eg:
1556 smbclient '\\hostName\shareName' -U userName
1558 shareName should match the $Conf{SmbShareName} setting and userName
1559 should match the the $Conf{SmbShareUserName} setting.
1561 You will be prompted for the password. You should then see this prompt:
1565 Verify that "ls" works and then type "quit" to exit.
1567 Secondly, you should also verify that nmblookup correctly returns
1568 the netbios name. This is essential for DHCP hosts, and depending
1569 upon the setting of $Conf{FixedIPNetBiosNameCheck} might also be
1570 required for fixed IP address hosts too. Run this command:
1572 nmblookup -A hostName
1574 Verify that the host name is printed. The output might look like:
1577 DELLLS13 <00> - P <ACTIVE>
1578 DOMAINNAME <00> - <GROUP> P <ACTIVE>
1579 DELLLS13 <20> - P <ACTIVE>
1580 DOMAINNAME <1e> - <GROUP> P <ACTIVE>
1581 DELLLS13 <03> - P <ACTIVE>
1582 DELLLS13$ <03> - P <ACTIVE>
1583 CRAIG <03> - P <ACTIVE>
1585 The first name, converted to lower case, is used for the host name.
1587 =head1 Restore functions
1589 BackupPC supports several different methods for restoring files. The
1590 most convenient restore options are provided via the CGI interface.
1591 Alternatively, backup files can be restored using manual commands.
1593 =head2 CGI restore options
1595 By selecting a host in the CGI interface, a list of all the backups
1596 for that machine will be displayed. By selecting the backup number
1597 you can navigate the shares and directory tree for that backup.
1599 BackupPC's CGI interface automatically fills incremental backups
1600 with the corresponding full backup, which means each backup has
1601 a filled appearance. Therefore, there is no need to do multiple
1602 restores from the incremental and full backups: BackupPC does all
1603 the hard work for you. You simply select the files and directories
1604 you want from the correct backup vintage in one step.
1606 You can download a single backup file at any time simply by selecting
1607 it. Your browser should prompt you with the file name and ask you
1608 whether to open the file or save it to disk.
1610 Alternatively, you can select one or more files or directories in
1611 the currently selected directory and select "Restore selected files".
1612 (If you need to restore selected files and directories from several
1613 different parent directories you will need to do that in multiple
1616 If you select all the files in a directory, BackupPC will replace
1617 the list of files with the parent directory. You will be presented
1618 with a screen that has three options:
1622 =item Option 1: Direct Restore
1624 With this option the selected files and directories are restored
1625 directly back onto the host, by default in their original location.
1626 Any old files with the same name will be overwritten, so use caution.
1627 You can optionally change the target host name, target share name,
1628 and target path prefix for the restore, allowing you to restore the
1629 files to a different location.
1631 Once you select "Start Restore" you will be prompted one last time
1632 with a summary of the exact source and target files and directories
1633 before you commit. When you give the final go ahead the restore
1634 operation will be queued like a normal backup job, meaning that it
1635 will be deferred if there is a backup currently running for that host.
1636 When the restore job is run, smbclient or tar is used (depending upon
1637 $Conf{XferMethod}) to actually restore the files. Sorry, there is
1638 currently no option to cancel a restore that has been started.
1640 A record of the restore request, including the result and list of
1641 files and directories, is kept. It can be browsed from the host's
1642 home page. $Conf{RestoreInfoKeepCnt} specifies how many old restore
1643 status files to keep.
1645 =item Option 2: Download Zip archive
1647 With this option a zip file containing the selected files and directories
1648 is downloaded. The zip file can then be unpacked or individual files
1649 extracted as necessary on the host machine. The compression level can be
1650 specified. A value of 0 turns off compression.
1652 When you select "Download Zip File" you should be prompted where to
1653 save the restore.zip file.
1655 BackupPC does not consider downloading a zip file as an actual
1656 restore operation, so the details are not saved for later browsing
1657 as in the first case. However, a mention that a zip file was
1658 downloaded by a particular user, and a list of the files, does
1659 appear in BackupPC's log file.
1661 =item Option 3: Download Tar archive
1663 This is identical to the previous option, except a tar file is downloaded
1664 rather than a zip file (and there is currently no compression option).
1668 =head2 Command-line restore options
1670 Apart from the CGI interface, BackupPC allows you to restore files
1671 and directories from the command line. The following programs can
1678 For each file name argument it inflates (uncompresses) the file and
1679 writes it to stdout. To use BackupPC_zcat you could give it the
1682 __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/host/5/fc/fcraig/fexample.txt > example.txt
1684 It's your responsibility to make sure the file is really compressed:
1685 BackupPC_zcat doesn't check which backup the requested file is from.
1687 =item BackupPC_tarCreate
1689 BackupPC_tarCreate creates a tar file for any files or directories in
1690 a particular backup. Merging of incrementals is done automatically,
1691 so you don't need to worry about whether certain files appear in the
1692 incremental or full backup.
1696 BackupPC_tarCreate [-t] [-h host] [-n dumpNum] [-s shareName]
1697 [-r pathRemove] [-p pathAdd]
1698 files/directories...
1700 The command-line files and directories are relative to the specified
1701 shareName. The tar file is written to stdout.
1703 The required options are:
1709 host from which the tar archive is created
1713 dump number from which the tar archive is created
1717 share name from which the tar archive is created
1727 print summary totals
1731 path prefix that will be replaced with pathAdd
1739 The -h, -n and -s options specify which dump is used to generate
1740 the tar archive. The -r and -p options can be used to relocate
1741 the paths in the tar archive so extracted files can be placed
1742 in a location different from their original location.
1744 =item BackupPC_zipCreate
1746 BackupPC_zipCreate creates a zip file for any files or directories in
1747 a particular backup. Merging of incrementals is done automatically,
1748 so you don't need to worry about whether certain files appear in the
1749 incremental or full backup.
1753 BackupPC_zipCreate [-t] [-h host] [-n dumpNum] [-s shareName]
1754 [-r pathRemove] [-p pathAdd] [-c compressionLevel]
1755 files/directories...
1757 The command-line files and directories are relative to the specified
1758 shareName. The zip file is written to stdout.
1760 The required options are:
1766 host from which the zip archive is created
1770 dump number from which the zip archive is created
1774 share name from which the zip archive is created
1784 print summary totals
1788 path prefix that will be replaced with pathAdd
1796 compression level (default is 0, no compression)
1800 The -h, -n and -s options specify which dump is used to generate
1801 the zip archive. The -r and -p options can be used to relocate
1802 the paths in the zip archive so extracted files can be placed
1803 in a location different from their original location.
1807 Each of these programs reside in __INSTALLDIR__/bin.
1809 =head1 BackupPC Design
1811 =head2 Some design issues
1815 =item Pooling common files
1817 To quickly see if a file is already in the pool, an MD5 digest of the
1818 file length and contents is used as the file name in the pool. This
1819 can't guarantee a file is identical: it just reduces the search to
1820 often a single file or handful of files. A complete file comparison
1821 is always done to verify if two files are really the same.
1823 Identical files on multiples backups are represented by hard links.
1824 Hardlinks are used so that identical files all refer to the same
1825 physical file on the server's disk. Also, hard links maintain
1826 reference counts so that BackupPC knows when to delete unused files
1829 For the computer-science majors among you, you can think of the pooling
1830 system used by BackupPC as just a chained hash table stored on a (big)
1833 =item The hashing function
1835 There is a tradeoff between how much of file is used for the MD5 digest
1836 and the time taken comparing all the files that have the same hash.
1838 Using the file length and just the first 4096 bytes of the file for the
1839 MD5 digest produces some repetitions. One example: with 900,000 unique
1840 files in the pool, this hash gives about 7,000 repeated files, and in
1841 the worst case 500 files have the same hash. That's not bad: we only
1842 have to do a single file compare 99.2% of the time. But in the worst
1843 case we have to compare as many as 500 files checking for a match.
1845 With a modest increase in CPU time, if we use the file length and the
1846 first 256K of the file we now only have 500 repeated files and in the
1847 worst case around 20 files have the same hash. Furthermore, if we
1848 instead use the first and last 128K of the file (more specifically, the
1849 first and eighth 128K chunks for files larger than 1MB) we get only 300
1850 repeated files and in the worst case around 20 files have the same hash.
1852 Based on this experimentation, this is the hash function used by BackupPC.
1853 It is important that you don't change the hash function after files
1854 are already in the pool. Otherwise your pool will grow to twice the
1855 size until all the old backups (and all the old files with old hashes)
1860 BackupPC supports compression. It uses the deflate and inflate methods
1861 in the Compress::Zlib module, which is based on the zlib compression
1862 library (see L<http://www.gzip.org/zlib/>).
1864 The $Conf{CompressLevel} setting specifies the compression level to use.
1865 Zero (0) means no compression. Compression levels can be from 1 (least
1866 cpu time, slightly worse compression) to 9 (most cpu time, slightly
1867 better compression). The recommended value is 3. Changing it to 5, for
1868 example, will take maybe 20% more cpu time and will get another 2-3%
1869 additional compression. Diminishing returns set in above 5. See the zlib
1870 documentation for more information about compression levels.
1872 BackupPC implements compression with minimal CPU load. Rather than
1873 compressing every incoming backup file and then trying to match it
1874 against the pool, BackupPC computes the MD5 digest based on the
1875 uncompressed file, and matches against the candidate pool files by
1876 comparing each uncompressed pool file against the incoming backup file.
1877 Since inflating a file takes roughly a factor of 10 less CPU time than
1878 deflating there is a big saving in CPU time.
1880 The combination of pooling common files and compression can yield
1881 a factor of 8 or more overall saving in backup storage.
1885 =head2 BackupPC operation
1887 BackupPC reads the configuration information from
1888 __TOPDIR__/conf/config.pl. It then runs and manages all the backup
1889 activity. It maintains queues of pending backup requests, user backup
1890 requests and administrative commands. Based on the configuration various
1891 requests will be executed simultaneously.
1893 As specified by $Conf{WakeupSchedule}, BackupPC wakes up periodically
1894 to queue backups on all the PCs. This is a four step process:
1900 For each host and DHCP address backup requests are queued on the
1901 background command queue.
1905 For each PC, BackupPC_dump is forked. Several of these may be run in
1906 parallel, based on the configuration. First a ping is done to see if the
1907 machine is alive. If this is a DHCP address, nmblookup is run to get
1908 the netbios name, which is used as the host name. The file
1909 __TOPDIR__/pc/$host/backups is read to decide whether a full or
1910 incremental backup needs to be run. If no backup is scheduled, or the ping
1911 to $host fails, then BackupPC_dump exits.
1913 The backup is done using samba's smbclient or tar over ssh/rsh/nfs piped
1914 into BackupPC_tarExtract, extracting the backup into __TOPDIR__/pc/$host/new.
1915 The smbclient or tar output is put into __TOPDIR__/pc/$host/XferLOG.
1917 As BackupPC_tarExtract extracts the files from smbclient, it checks each
1918 file in the backup to see if it is identical to an existing file from
1919 any previous backup of any PC. It does this without needed to write the
1920 file to disk. If the file matches an existing file, a hardlink is
1921 created to the existing file in the pool. If the file does not match any
1922 existing files, the file is written to disk and the file name is saved
1923 in __TOPDIR__/pc/$host/NewFileList for later processing by
1924 BackupPC_link. BackupPC_tarExtract can handle arbitrarily large
1925 files and multiple candidate matching files without needing to
1926 write the file to disk in the case of a match. This significantly
1927 reduces disk writes (and also reads, since the pool file comparison
1928 is done disk to memory, rather than disk to disk).
1930 Based on the configuration settings, BackupPC_dump checks each
1931 old backup to see if any should be removed. Any expired backups
1932 are moved to __TOPDIR__/trash for later removal by BackupPC_trashClean.
1936 For each complete, good, backup, BackupPC_link is run.
1937 To avoid race conditions as new files are linked into the
1938 pool area, only a single BackupPC_link program runs
1939 at a time and the rest are queued.
1941 BackupPC_link reads the NewFileList written by BackupPC_dump and
1942 inspects each new file in the backup. It re-checks if there is a
1943 matching file in the pool (another BackupPC_link
1944 could have added the file since BackupPC_dump checked). If so, the file
1945 is removed and replaced by a hard link to the existing file. If the file
1946 is new, a hard link to the file is made in the pool area, so that this
1947 file is available for checking against each new file and new backup.
1949 Then, assuming $Conf{IncrFill} is set, for each incremental backup,
1950 hard links are made in the new backup to all files that were not extracted
1951 during the incremental backups. The means the incremental backup looks
1952 like a complete image of the PC (with the exception that files
1953 that were removed on the PC since the last full backup will still
1954 appear in the backup directory tree).
1956 As of v1.03, the CGI interface knows how to merge unfilled
1957 incremental backups will the most recent prior filled (full)
1958 backup, giving the incremental backups a filled appearance. The
1959 default for $Conf{IncrFill} is off, since there is now no need to
1960 fill incremental backups. This saves some level of disk activity,
1961 since lots of extra hardlinks are no longer needed (and don't have
1962 to be deleted when the backup expires).
1966 BackupPC_trashClean is always run in the background to remove any
1967 expired backups. Every 5 minutes it wakes up and removes all the files
1968 in __TOPDIR__/trash.
1970 Also, once each night, BackupPC_nightly is run to complete some additional
1971 administrative tasks, such as cleaning the pool. This involves removing
1972 any files in the pool that only have a single hard link (meaning no backups
1973 are using that file). Again, to avoid race conditions, BackupPC_nightly
1974 is only run when there are no BackupPC_dump or BackupPC_link processes
1979 BackupPC also listens for TCP connections on $Conf{ServerPort}, which
1980 is used by the CGI script BackupPC_Admin for status reporting and
1981 user-initiated backup or backup cancel requests.
1983 =head2 Storage layout
1985 BackupPC resides in three directories:
1989 =item __INSTALLDIR__
1991 Perl scripts comprising BackupPC reside in __INSTALLDIR__/bin,
1992 libraries are in __INSTALLDIR__/lib and documentation
1993 is in __INSTALLDIR__/doc.
1997 The CGI script BackupPC_Admin resides in this cgi binary directory.
2001 All of BackupPC's data (PC backup images, logs, configuration information)
2002 is stored below this directory.
2006 Below __TOPDIR__ are several directories:
2010 =item __TOPDIR__/conf
2012 The directory __TOPDIR__/conf contains:
2018 Configuration file. See L<Configuration file|configuration file>
2019 below for more details.
2023 Hosts file, which lists all the PCs to backup.
2027 =item __TOPDIR__/log
2029 The directory __TOPDIR__/log contains:
2035 Current (today's) log file output from BackupPC.
2037 =item LOG.0 or LOG.0.z
2039 Yesterday's log file output. Log files are aged daily and compressed
2040 (if compression is enabled), and old LOG files are deleted.
2044 Contains BackupPC's process id.
2048 A summary of BackupPC's status written periodically by BackupPC so
2049 that certain state information can be maintained if BackupPC is
2050 restarted. Should not be edited.
2052 =item UserEmailInfo.pl
2054 A summary of what email was last sent to each user, and when the
2055 last email was sent. Should not be edited.
2059 =item __TOPDIR__/trash
2061 Any directories and files below this directory are periodically deleted
2062 whenever BackupPC_trashClean checks. When a backup is aborted or when an
2063 old backup expires, BackupPC_dump simply moves the directory to
2064 __TOPDIR__/trash for later removal by BackupPC_trashClean.
2066 =item __TOPDIR__/pool
2068 All uncompressed files from PC backups are stored below __TOPDIR__/pool.
2069 Each file's name is based on the MD5 hex digest of the file contents.
2070 Specifically, for files less than 256K, the file length and the entire
2071 file is used. For files up to 1MB, the file length and the first and
2072 last 128K are used. Finally, for files longer than 1MB, the file length,
2073 and the first and eighth 128K chunks for the file are used.
2075 Each file is stored in a subdirectory X/Y/Z, where X, Y, Z are the
2076 first 3 hex digits of the MD5 digest.
2078 For example, if a file has an MD5 digest of 123456789abcdef0,
2079 the file is stored in __TOPDIR__/pool/1/2/3/123456789abcdef0.
2081 The MD5 digest might not be unique (especially since not all the file's
2082 contents are used for files bigger than 256K). Different files that have
2083 the same MD5 digest are stored with a trailing suffix "_n" where n is
2084 an incrementing number starting at 0. So, for example, if two additional
2085 files were identical to the first, except the last byte was different,
2086 and assuming the file was larger than 1MB (so the MD5 digests are the
2087 same but the files are actually different), the three files would be
2090 __TOPDIR__/pool/1/2/3/123456789abcdef0
2091 __TOPDIR__/pool/1/2/3/123456789abcdef0_0
2092 __TOPDIR__/pool/1/2/3/123456789abcdef0_1
2094 Both BackupPC_dump (actually, BackupPC_tarExtract) and BackupPC_link are
2095 responsible for checking newly backed up files against the pool. For
2096 each file, the MD5 digest is used to generate a file name in the pool
2097 directory. If the file exists in the pool, the contents are compared.
2098 If there is no match, additional files ending in "_n" are checked.
2099 (Actually, BackupPC_tarExtract compares multiple candidate files in
2100 parallel.) If the file contents exactly match, the file is created by
2101 simply making a hard link to the pool file (this is done by
2102 BackupPC_tarExtract as the backup proceeds). Otherwise,
2103 BackupPC_tarExtract writes the new file to disk and a new hard link is
2104 made in the pool to the file (this is done later by BackupPC_link).
2106 Therefore, every file in the pool will have at least 2 hard links
2107 (one for the pool file and one for the backup file below __TOPDIR__/pc).
2108 Identical files from different backups or PCs will all be linked to
2109 the same file. When old backups are deleted, some files in the pool
2110 might only have one link. BackupPC_nightly checks the entire pool
2111 and removes all files that have only a single link, thereby recovering
2112 the storage for that file.
2114 One other issue: zero length files are not pooled, since there are a lot
2115 of these files and on most file systems it doesn't save any disk space
2116 to turn these files into hard links.
2118 =item __TOPDIR__/cpool
2120 All compressed files from PC backups are stored below __TOPDIR__/cpool.
2121 Its layout is the same as __TOPDIR__/pool, and the hashing function
2122 is the same (and, importantly, based on the uncompressed file, not
2123 the compressed file).
2125 =item __TOPDIR__/pc/$host
2127 For each PC $host, all the backups for that PC are stored below
2128 the directory __TOPDIR__/pc/$host. This directory contains the
2135 Current log file for this PC from BackupPC_dump.
2137 =item LOG.0 or LOG.0.z
2139 Last month's log file. Log files are aged monthly and compressed
2140 (if compression is enabled), and old LOG files are deleted.
2142 =item XferERR or XferERR.z
2144 Output from the transport program (ie: smbclient or tar)
2145 for the most recent failed backup.
2149 Subdirectory in which the current backup is stored. This
2150 directory is renamed if the backup succeeds.
2152 =item XferLOG or XferLOG.z
2154 Output from the transport program (ie: smbclient or tar)
2155 for the current backup.
2157 =item nnn (an integer)
2159 Successful backups are in directories numbered sequentially starting at 0.
2161 =item XferLOG.nnn or XferLOG.nnn.z
2163 Output from the transport program (ie: smbclient or tar)
2164 corresponding to backup number nnn.
2166 =item RestoreInfo.nnn
2168 Information about restore request #nnn including who, what, when, and
2169 why. This file is in Data::Dumper format. (Note that the restore
2170 numbers are not related to the backup number.)
2172 =item RestoreLOG.nnn.z
2174 Output from smbclient or tar during restore #nnn. (Note that the restore
2175 numbers are not related to the backup number.)
2179 Optional configuration settings specific to this host. Settings in this
2180 file override the main configuration file.
2184 A tab-delimited ascii table listing information about each successful
2185 backup, one per row. The columns are:
2191 The backup number, an integer that starts at 0 and increments
2192 for each successive backup. The corresponding backup is stored
2193 in the directory num (eg: if this field is 5, then the backup is
2194 stored in __TOPDIR__/pc/$host/5).
2198 Set to "full" or "incr" for full or incremental backup.
2202 Start time of the backup in unix seconds.
2206 Stop time of the backup in unix seconds.
2210 Number of files backed up (as reported by smbclient or tar).
2214 Total file size backed up (as reported by smbclient or tar).
2218 Number of files that were already in the pool
2219 (as determined by BackupPC_dump and BackupPC_link).
2223 Total size of files that were already in the pool
2224 (as determined by BackupPC_dump and BackupPC_link).
2228 Number of files that were not in the pool
2229 (as determined by BackupPC_link).
2233 Total size of files that were not in the pool
2234 (as determined by BackupPC_link).
2238 Number of errors or warnings from smbclient (zero for tar).
2242 Number of errors from smbclient that were bad file errors (zero for tar).
2246 Number of errors from smbclient that were bad share errors (zero for tar).
2250 Number of errors from BackupPC_tarExtract.
2254 The compression level used on this backup. Zero or empty means no
2259 Total compressed size of files that were already in the pool
2260 (as determined by BackupPC_dump and BackupPC_link).
2264 Total compressed size of files that were not in the pool
2265 (as determined by BackupPC_link).
2269 Set if this backup has not been filled in with the most recent
2270 previous filled or full backup. See $Conf{IncrFill}.
2274 If this backup was filled (ie: noFill is 0) then this is the
2275 number of the backup that it was filled from
2279 Set if this backup has mangled file names and attributes. Always
2280 true for backups in v1.4.0 and above. False for all backups prior
2285 Set to the value of $Conf{XferMethod} when this dump was done.
2289 The level of this dump. A full dump is level 0. Currently incrementals
2290 are 1. But when multi-level incrementals are supported this will reflect
2291 each dump's incremental level.
2297 A tab-delimited ascii table listing information about each requested
2298 restore, one per row. The columns are:
2304 Restore number (matches the suffix of the RestoreInfo.nnn and
2305 RestoreLOG.nnn.z file), unrelated to the backup number.
2309 Start time of the restore in unix seconds.
2313 End time of the restore in unix seconds.
2317 Result (ok or failed).
2321 Error message if restore failed.
2325 Number of files restored.
2329 Size in bytes of the restored files.
2333 Number of errors from BackupPC_tarCreate during restore.
2337 Number of errors from smbclient or tar during restore.
2345 =head2 Compressed file format
2347 The compressed file format is as generated by Compress::Zlib::deflate
2348 with one minor, but important, tweak. Since Compress::Zlib::inflate
2349 fully inflates its argument in memory, it could take large amounts of
2350 memory if it was inflating a highly compressed file. For example, a
2351 200MB file of 0x0 bytes compresses to around 200K bytes. If
2352 Compress::Zlib::inflate was called with this single 200K buffer, it
2353 would need to allocate 200MB of memory to return the result.
2355 BackupPC watches how efficiently a file is compressing. If a big file
2356 has very high compression (meaning it will use too much memory when it
2357 is inflated), BackupPC calls the flush() method, which gracefully
2358 completes the current compression. BackupPC then starts another
2359 deflate and simply appends the output file. So the BackupPC compressed
2360 file format is one or more concatenated deflations/flushes. The specific
2361 ratios that BackupPC uses is that if a 6MB chunk compresses to less
2362 than 64K then a flush will be done.
2364 Back to the example of the 200MB file of 0x0 bytes. Adding flushes
2365 every 6MB adds only 200 or so bytes to the 200K output. So the
2366 storage cost of flushing is negligible.
2368 To easily decompress a BackupPC compressed file, the script
2369 BackupPC_zcat can be found in __INSTALLDIR__/bin. For each
2370 file name argument it inflates the file and writes it to stdout.
2372 =head2 File name mangling
2374 Backup file names are stored in "mangled" form. Each node of
2375 a path is preceded by "f" (mnemonic: file), and special characters
2376 (\n, \r, % and /) are URI-encoded as "%xx", where xx is the ascii
2377 character's hex value. So c:/craig/example.txt is now stored as
2378 fc/fcraig/fexample.txt.
2380 This was done mainly so meta-data could be stored alongside the backup
2381 files without name collisions. In particular, the attributes for the
2382 files in a directory are stored in a file called "attrib", and mangling
2383 avoids file name collisions (I discarded the idea of having a duplicate
2384 directory tree for every backup just to store the attributes). Other
2385 meta-data (eg: rsync checksums) could be stored in file names preceded
2386 by, eg, "c". There are two other benefits to mangling: the share name
2387 might contain "/" (eg: "/home/craig" for tar transport), and I wanted
2388 that represented as a single level in the storage tree. Secondly, as
2389 files are written to NewFileList for later processing by BackupPC_link,
2390 embedded newlines in the file's path will cause problems which are
2391 avoided by mangling.
2393 The CGI script undoes the mangling, so it is invisible to the user.
2394 Old (unmangled) backups are still supported by the CGI
2397 =head2 Special files
2399 Linux/unix file systems support several special file types: symbolic
2400 links, character and block device files, fifos (pipes) and unix-domain
2401 sockets. All except unix-domain sockets are supported by BackupPC
2402 (there's no point in backing up or restoring unix-domain sockets since
2403 they only have meaning after a process creates them). Symbolic links are
2404 stored as a plain file whose contents are the contents of the link (not
2405 the file it points to). This file is compressed and pooled like any
2406 normal file. Character and block device files are also stored as plain
2407 files, whose contents are two integers separated by a comma; the numbers
2408 are the major and minor device number. These files are compressed and
2409 pooled like any normal file. Fifo files are stored as empty plain files
2410 (which are not pooled since they have zero size). In all cases, the
2411 original file type is stored in the attrib file so it can be correctly
2414 Hardlinks are also supported. When GNU tar first encounters a file with
2415 more than one link (ie: hardlinks) it dumps it as a regular file. When
2416 it sees the second and subsequent hardlinks to the same file, it dumps
2417 just the hardlink information. BackupPC correctly recognizes these
2418 hardlinks and stores them just like symlinks: a regular text file
2419 whose contents is the path of the file linked to. The CGI script
2420 will download the original file when you click on a hardlink.
2422 Also, BackupPC_tarCreate has enough magic to re-create the hardlinks
2423 dynamically based on whether or not the original file and hardlinks
2424 are both included in the tar file. For example, imagine a/b/x is a
2425 hardlink to a/c/y. If you use BackupPC_tarCreate to restore directory
2426 a, then the tar file will include a/b/x as the original file and a/c/y
2427 will be a hardlink to a/b/x. If, instead you restore a/c, then the
2428 tar file will include a/c/y as the original file, not a hardlink.
2430 =head2 Attribute file format
2432 The unix attributes for the contents of a directory (all the files and
2433 directories in that directory) are stored in a file called attrib.
2434 There is a single attrib file for each directory in a backup.
2435 For example, if c:/craig contains a single file c:/craig/example.txt,
2436 that file would be stored as fc/fcraig/fexample.txt and there would be an
2437 attribute file in fc/fcraig/attrib (and also fc/attrib and ./attrib).
2438 The file fc/fcraig/attrib would contain a single entry containing the
2439 attributes for fc/fcraig/fexample.txt.
2441 The attrib file starts with a magic number, followed by the
2442 concatenation of the following information for each file:
2448 File name length in perl's pack "w" format (variable length base 128).
2456 The unix file type, mode, uid, gid and file size divided by 4GB and
2457 file size modulo 4GB (type mode uid gid sizeDiv4GB sizeMod4GB),
2458 in perl's pack "w" format (variable length base 128).
2462 The unix mtime (unix seconds) in perl's pack "N" format (32 bit integer).
2466 The attrib file is also compressed if compression is enabled.
2467 See the lib/BackupPC/Attrib.pm module for full details.
2469 Attribute files are pooled just like normal backup files. This saves
2470 space if all the files in a directory have the same attributes across
2471 multiple backups, which is common.
2473 =head2 Optimizations
2475 BackupPC doesn't care about the access time of files in the pool
2476 since it saves attribute meta-data separate from the files. Since
2477 BackupPC mostly does reads from disk, maintaining the access time of
2478 files generates a lot of unnecessary disk writes. So, provided
2479 BackupPC has a dedicated data disk, you should consider mounting
2480 BackupPC's data directory with the noatime attribute (see mount(1)).
2484 BackupPC isn't perfect (but it is getting better). Here are some
2485 limitations of BackupPC:
2489 =item Non-unix file attributes not backed up
2491 smbclient doesn't extract the WinXX ACLs, so file attributes other than
2492 the equivalent (as provided by smbclient) unix attributes are not
2495 =item Locked files are not backed up
2497 Under WinXX a locked file cannot be read by smbclient. Such files will
2498 not be backed up. This includes the WinXX system registry files.
2500 This is especially troublesome for Outlook, which stores all its data
2501 in a single large file and keeps it locked whenever it is running.
2502 Since many users keep Outlook running all the time their machine
2503 is up their Outlook file will not be backed up. Sadly, this file
2504 is the most important file to backup. As one workaround, Microsoft has
2505 a user-level application that periodically asks the user if they want to
2506 make a copy of their outlook.pst file. This copy can then be backed up
2507 by BackupPC. See L<http://office.microsoft.com/downloads/2002/pfbackup.aspx>.
2509 Similarly, all of the data for WinXX services like SQL databases,
2510 Exchange etc won't be backed up. If these applications support
2511 some kind of export or utility to save their data to disk then this
2512 can =used to create files that BackupPC can backup.
2514 So far, the best that BackupPC can do is send warning emails to
2515 the user saying that their outlook files haven't been backed up in
2516 X days. (X is configurable.) The message invites the user to
2517 exit Outlook and gives a URL to manually start a backup.
2519 I suspect there is a way of mirroring the outlook.pst file so
2520 that at least the mirror copy can be backed up. Or perhaps a
2521 manual copy can be started at login. Does some WinXX expert
2522 know how to do this?
2524 Comment: two users have noted that there are commercial OFM (open file
2525 manager) products that are designed to solve this problem, for example
2526 from St. Bernard or Columbia Data Products. Apparently Veritas and
2527 Legato bundle this product with their commercial products. See for
2528 example L<http://www.stbernard.com/products/docs/ofm_whitepaperV8.pdf>.
2529 If anyone tries these programs with BackupPC please tell us whether or
2532 =item Don't expect to reconstruct a complete WinXX drive
2534 The conclusion from the last few items is that BackupPC is not intended
2535 to allow a complete WinXX disk to be re-imaged from the backup. Our
2536 approach to system restore in the event of catastrophic failure is to
2537 re-image a new disk from a generic master, and then use the BackupPC
2538 archive to restore user files.
2540 It is likely that linux/unix backups done using tar (rather than
2541 smb) can be used to reconstruct a complete file system, although
2544 =item Maximum Backup File Sizes
2546 BackupPC can backup and manage very large file sizes, probably as large
2547 as 2^51 bytes (when a double-precision number's mantissa can no longer
2548 represent an integer exactly). In practice, several things outside
2549 BackupPC limit the maximum individual file size. Any one of the
2550 following items will limit the maximum individual file size:
2556 Perl needs to be compiled with uselargefiles defined. Check your
2559 perl -V | egrep largefiles
2561 Without this, the maximum file size will be 2GB.
2565 The BackupPC pool and data directories must be on a file system that
2566 supports large files.
2568 Without this, the maximum file size will be 2GB.
2572 The transport mechanism also limits the maximum individual file size.
2574 GNU tar maximum file size is limited by the tar header format. The tar
2575 header uses 11 octal digits to represent the file size, which is 33 bits
2576 or 8GB. I vaguely recall (but I haven't recently checked) that GNU tar
2577 uses an extra octal digit (replacing a trailing delimiter) if necessary,
2578 allowing 64GB files. So tar transport limits the maximum file size to
2579 8GB or perhaps 64GB. It is possible that files >= 8GB don't work; this
2580 needs to be looked into.
2582 Smbclient is limited to 4GB file sizes. Moreover, a bug in smbclient
2583 (mixing signed and unsigned 32 bit values) causes it to incorrectly
2584 do the tar octal conversion for file sizes from 2GB-4GB. BackupPC_tarExtract
2585 knows about this bug and can recover the correct file size. So smbclient
2586 transport works up to 4GB file sizes.
2590 =item Some tape backup systems aren't smart about hard links
2592 If you backup the BackupPC pool to tape you need to make sure that the
2593 tape backup system is smart about hard links. For example, if you
2594 simply try to tar the BackupPC pool to tape you will backup a lot more
2595 data than is necessary.
2597 Using the example at the start of the installation section, 65 hosts are
2598 backed up with each full backup averaging 3.2GB. Storing one full backup
2599 and two incremental backups per laptop is around 240GB of raw data. But
2600 because of the pooling of identical files, only 87GB is used (with
2601 compression the total is lower). If you run du or tar on the data
2602 directory, there will appear to be 240GB of data, plus the size of the
2603 pool (around 87GB), or 327GB total.
2605 If your tape backup system is not smart about hard links an alternative
2606 is to periodically backup just the last successful backup for each host
2607 to tape. Another alternative is to do a low-level dump of the pool
2608 file system (ie: /dev/hda1 or similar) using dump(1).
2610 Supporting more efficient tape backup is an area for further
2613 =item Incremental backups might included deleted files
2615 To make browsing and restoring backups easier, incremental backups
2616 are "filled-in" from the last complete backup when the backup is
2617 browsed or restored.
2619 However, if a file was deleted by a user after the last full backup, that
2620 file will still appear in the "filled-in" incremental backup. This is not
2621 really a specific problem with BackupPC, rather it is a general issue
2622 with the full/incremental backup paradigm. This minor problem could be
2623 solved by having smbclient list all files when it does the incremental
2624 backup. Volunteers anyone?
2628 Comments or suggestions on these issues are welcome.
2630 =head2 Security issues
2632 Please read this section and consider each of the issues carefully.
2636 =item Smb share password
2638 An important security risk is the manner in which the smb share
2639 passwords are stored. They are in plain text. As described in
2640 L<Step 3: Setting up config.pl|step 3: setting up config.pl> there are four
2641 ways to tell BackupPC the smb share password (manually setting an environment
2642 variable, setting the environment variable in /etc/init.d/backuppc,
2643 putting the password in __TOPDIR__/conf/config.pl, or putting the
2644 password in __TOPDIR__/pc/$host/config.pl). In the latter 3 cases the
2645 smb share password appears in plain text in a file.
2647 If you use any of the latter three methods please make sure that the file's
2648 permission is appropriately restricted. If you also use RCS or CVS, double
2649 check the file permissions of the config.pl,v file.
2651 In future versions there will probably be support for encryption of the
2652 smb share password, but a private key will still have to be stored in a
2653 protected place. Comments and suggestions are welcome.
2655 =item BackupPC socket server
2657 In v1.5.0 the primary method for communication between the CGI program
2658 (BackupPC_Admin) and the server (BackupPC) is via a unix-domain socket.
2659 Since this socket has restricted permissions, no local user should be
2660 able to connect to this port. No backup or restore data passes through
2661 this interface, but an attacker can start or stop backups and get status
2664 If the Apache server and BackupPC_Admin run on a different host to
2665 BackupPC then a TCP port must be enabled by setting $Conf{ServerPort}.
2666 Anyone can connect to this port. To avoid possible attacks via the TCP
2667 socket interface, every client message is protected by an MD5 digest.
2668 The MD5 digest includes four items:
2674 a seed that is sent to the client when the connection opens
2678 a sequence number that increments for each message
2682 a shared secret that is stored in $Conf{ServerMesgSecret}
2690 The message is sent in plain text preceded by the MD5 digest. A
2691 snooper can see the plain-text seed sent by BackupPC and plain-text
2692 message from the client, but cannot construct a valid MD5 digest since
2693 the secret in $Conf{ServerMesgSecret} is unknown. A replay attack is
2694 not possible since the seed changes on a per-connection and
2697 So if you do enable the TCP port, please set $Conf{ServerMesgSecret}
2698 to some hard-to-guess string. A denial-of-service attack is possible
2699 with the TCP port enabled. Someone could simply connect many times
2700 to this port, until BackupPC had exhausted all its file descriptors,
2701 and this would cause new backups and the CGI interface to fail. The
2702 most secure solution is to run BackupPC and Apache on the same machine
2703 and disable the TCP port.
2705 By the way, if you have upgraded from a version of BackupPC prior to
2706 v1.5.0 you should set $Conf{ServerPort} to -1 to disable the TCP port.
2708 =item Installation permissions
2710 It is important to check that the BackupPC scripts in __INSTALLDIR__/bin
2711 and __INSTALLDIR__/lib cannot be edited by normal users. Check the
2712 directory permissions too.
2714 =item Pool permissions
2716 It is important to check that the data files in __TOPDIR__/pool,
2717 __TOPDIR__/pc and __TOPDIR__/trash cannot be read by normal users.
2718 Normal users should not be able to see anything below __TOPDIR__.
2722 Enabling shares on hosts carries security risks. If you are on a private
2723 network and you generally trust your users then there should not be a
2724 problem. But if you have a laptop that is sometimes on public networks
2725 (eg: broadband or even dialup) you should be concerned. A conservative
2726 approach is to use firewall software, and only enable the netbios and
2727 smb ports (137 and 139) on connections from the host running BackupPC.
2729 =item SSH key security
2731 Using ssh for linux/unix clients is quite secure, but the security is
2732 only as good as the protection of ssh's private keys. If an attacker can
2733 devise a way to run a shell as the BackupPC user then they will have
2734 access to BackupPC's private ssh keys. They can then, in turn, ssh to
2735 any client machine as root (or whichever user you have configured
2736 BackupPC to use). This represents a serious compromise of your entire
2737 network. So in vulnerable networks, think carefully about how to protect
2738 the machine running BackupPC and how to prevent attackers from gaining
2739 shell access (as the BackupPC user) to the machine.
2743 The CGI interface, __CGIDIR__/BackupPC_Admin, needs access to the pool
2744 files so it is installed setuid to __BACKUPPCUSER__. The permissions of
2745 this file need to checked carefully. It should be owned by
2746 __BACKUPPCUSER__ and have user and group (but not other) execute
2747 permission. To allow apache/httpd to execute it, the group ownership
2748 should be something that apache/httpd belongs to.
2750 The Apache configuration should be setup for AuthConfig style,
2751 using a .htaccess file so that the user's name is passed into
2752 the script as $ENV{REMOTE_USER}.
2754 If normal users could directly run BackupPC_Admin then there is a serious
2755 security hole: since it is setuid to __BACKUPPCUSER__ any user can
2756 browse and restore any backups. Be aware that anyone who is allowed to
2757 edit or create cgi scripts on your server can execute BackupPC_Admin as
2758 any user! They simply write a cgi script that sets $ENV{REMOTE_USER} and
2759 then execs BackupPC_Admin. The exec succeeds since httpd runs the first
2760 script as user httpd/apache, which in turn has group permission to
2761 execute BackupPC_Admin.
2763 While this setup should be safe, a more conservative approach is to
2764 run a dedicated Apache as user __BACKUPPCUSER__ on a different port.
2765 Then BackupPC_Admin no longer needs to be setuid, and the cgi
2766 directories can be locked down from normal users. Moreover, this
2767 setup is exactly the one used to support mod_perl, so this provides
2768 both the highest performance and the lowest security risk.
2772 Comments and suggestions are welcome.
2774 =head1 Configuration File
2776 The BackupPC configuration file resides in __TOPDIR__/conf/config.pl.
2777 Optional per-PC configuration files reside in __TOPDIR__/pc/$host/config.pl.
2778 This file can be used to override settings just for a particular PC.
2780 =head2 Modifying the main configuration file
2782 The configuration file is a perl script that is executed by BackupPC, so
2783 you should be careful to preserve the file syntax (punctuation, quotes
2784 etc) when you edit it. It is recommended that you use CVS, RCS or some
2785 other method of source control for changing config.pl.
2787 BackupPC reads or re-reads the main configuration file and
2788 the hosts file in three cases:
2798 When BackupPC is sent a HUP (-1) signal. Assuming you installed the
2799 init.d script, you can also do this with "/etc/init.d/backuppc reload".
2803 When the modification time of config.pl file changes. BackupPC
2804 checks the modification time once during each regular wakeup.
2808 Whenever you change the configuration file you can either do
2809 a kill -HUP BackupPC_pid or simply wait until the next regular
2812 Each time the configuration file is re-read a message is reported in the
2813 LOG file, so you can tail it (or view it via the CGI interface) to make
2814 sure your kill -HUP worked. Errors in parsing the configuration file are
2815 also reported in the LOG file.
2817 The optional per-PC configuration file (__TOPDIR__/pc/$host/config.pl)
2818 is read whenever it is needed by BackupPC_dump, BackupPC_link and others.
2820 =head2 Configuration file includes
2822 If you have a heterogeneous set of clients (eg: a variety of WinXX and
2823 linux/unix machines) you will need to create host-specific config.pl files
2824 for some or all of these machines to customize the default settings from
2825 the master config.pl file (at a minimum to set $Conf{XferMethod}).
2827 Since the config.pl file is just regular perl code, you can include
2828 one config file from another. For example, imagine you had three general
2829 classes of machines: WinXX desktops, linux machines in the DMZ and
2830 linux desktops. You could create three config files in __TOPDIR__/conf:
2832 __TOPDIR__/conf/ConfigWinDesktop.pl
2833 __TOPDIR__/conf/ConfigLinuxDMZ.pl
2834 __TOPDIR__/conf/ConfigLinuxDesktop.pl
2836 From each client's directory you can either add a symbolic link to
2837 the appropriate config file:
2839 cd __TOPDIR__/pc/$host
2840 ln -s ../../conf/ConfigWinDesktop.pl config.pl
2842 or, better yet, create a config.pl file in __TOPDIR__/pc/$host
2843 that contains this line:
2845 do "../../conf/ConfigWinDesktop.pl";
2847 This alternative allows you to set other configuration options
2848 specific to each host (perhaps even overriding the settings in
2851 Note that you could also include snippets of configuration settings
2852 from the main configuration file. However, be aware that the
2853 modification-time checking that BackupPC does only applies to the
2854 main configuration file: if you change one of the included files,
2855 BackupPC won't notice. You will need to either touch the main
2856 configuration file too, or send BackupPC a HUP (-1) signal.
2858 =head1 Configuration Parameters
2860 The configuration parameters are divided into five general groups.
2861 The first group (general server configuration) provides general
2862 configuration for BackupPC. The next two groups describe what to
2863 backup, when to do it, and how long to keep it. The fourth group
2864 are settings for email reminders, and the final group contains
2865 settings for the CGI interface.
2867 All configuration settings in the second through fifth groups can
2868 be overridden by the per-PC config.pl file.
2872 =head1 Version Numbers
2874 Starting with v1.4.0 BackupPC switched to a X.Y.Z version numbering
2875 system, instead of X.0Y. The first digit is for major new releases, the
2876 middle digit is for significant feature releases and improvements (most
2877 of the releases have been in this category), and the last digit is for
2878 bug fixes. You should think of the old 1.00, 1.01, 1.02 and 1.03 as
2879 1.0.0, 1.1.0, 1.2.0 and 1.3.0.
2883 Craig Barratt <cbarratt@users.sourceforge.net>
2885 See L<http://backuppc.sourceforge.net>.
2889 Copyright (C) 2001-2003 Craig Barratt
2893 Xavier Nicollet, with additions from Guillaume Filion, added the
2894 internationalization (i18n) support to the CGI interface for v2.0.0.
2895 Xavier provided the French translation fr.pm, with additions from
2898 Ryan Kucera contributed the directory navigation code and images
2899 for v1.5.0. He also contributed the first skeleton of BackupPC_restore.
2901 Guillaume Filion wrote BackupPC_zipCreate and added the CGI support
2902 for zip download, in addition to some CGI cleanup, for v1.5.0.
2904 Javier provided the Spanish translation, es.pm.
2906 Many people have reported bugs, made useful suggestions and helped
2907 with testing; see the ChangeLog and the mail lists.
2909 Your name could appear here in the next version!
2913 This program is free software; you can redistribute it and/or modify it
2914 under the terms of the GNU General Public License as published by the
2915 Free Software Foundation; either version 2 of the License, or (at your
2916 option) any later version.
2918 This program is distributed in the hope that it will be useful,
2919 but WITHOUT ANY WARRANTY; without even the implied warranty of
2920 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
2921 General Public License for more details.
2923 You should have received a copy of the GNU General Public License in the
2924 LICENSE file along with this program; if not, write to the Free Software
2925 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.