=head1 BackupPC Introduction This documentation describes BackupPC version __VERSION__, released on __RELEASEDATE__. =head2 Overview BackupPC is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain. Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape. Features include: =over 4 =item * A clever pooling scheme minimizes disk storage and disk I/O. Identical files across multiple backups of the same or different PC are stored only once (using hard links), resulting in substantial savings in disk storage and disk writes. =item * Optional compression provides additional reductions in storage (around 40%). The CPU impact of compression is low since only new files (those not already in the pool) need to be compressed. =item * A powerful http/cgi user interface allows administrators to view the current status, edit configuration, add/delete hosts, view log files, and allows users to initiate and cancel backups and browse and restore files from backups. =item * The http/cgi user interface has internationalization (i18n) support, currently providing English, French, German, Spanish, Italian, Dutch, Polish, Portuguese-Brazilian and Chinese =item * No client-side software is needed. On WinXX the standard smb protocol is used to extract backup data. On linux, unix or MacOSX clients, rsync, tar (over ssh/rsh/nfs) or ftp is used to extract backup data. Alternatively, rsync can also be used on WinXX (using cygwin), and Samba could be installed on the linux or unix client to provide smb shares). =item * Flexible restore options. Single files can be downloaded from any backup directly from the CGI interface. Zip or Tar archives for selected files or directories from any backup can also be downloaded from the CGI interface. Finally, direct restore to the client machine (using smb or tar) for selected files or directories is also supported from the CGI interface. =item * BackupPC supports mobile environments where laptops are only intermittently connected to the network and have dynamic IP addresses (DHCP). Configuration settings allow machines connected via slower WAN connections (eg: dial up, DSL, cable) to not be backed up, even if they use the same fixed or dynamic IP address as when they are connected directly to the LAN. =item * Flexible configuration parameters allow multiple backups to be performed in parallel, specification of which shares to backup, which directories to backup or not backup, various schedules for full and incremental backups, schedules for email reminders to users and so on. Configuration parameters can be set system-wide or also on a per-PC basis. =item * Users are sent periodic email reminders if their PC has not recently been backed up. Email content, timing and policies are configurable. =item * BackupPC is Open Source software hosted by SourceForge. =back =head2 Backup basics =over 4 =item Full Backup A full backup is a complete backup of a share. BackupPC can be configured to do a full backup at a regular interval (typically weekly). BackupPC can be configured to keep a certain number of full backups. Exponential expiry is also supported, allowing full backups with various vintages to be kept (for example, a settable number of most recent weekly fulls, plus a settable number of older fulls that are 2, 4, 8, or 16 weeks apart). =item Incremental Backup An incremental backup is a backup of files that have changed since the last successful full or incremental backup. Starting in BackupPC 3.0 multi-level incrementals are supported. A full backup has level 0. A new incremental of level N will backup all files that have changed since the most recent backup of a lower level. $Conf{IncrLevels} is used to specify the level of each successive incremental. The default value is all level 1, which makes the behavior the same as earlier versions of BackupPC: each incremental will back up all the files that changed since the last full (level 0). For SMB and tar, BackupPC uses the modification time (mtime) to determine which files have changed since the last lower-level backup. That means SMB and tar incrementals are not able to detect deleted files, renamed files or new files whose modification time is prior to the last lower-level backup. Rsync is more clever: any files whose attributes have changed (ie: uid, gid, mtime, modes, size) since the last full are backed up. Deleted, new files and renamed files are detected by Rsync incrementals. BackupPC can also be configured to keep a certain number of incremental backups, and to keep a smaller number of very old incremental backups. If multi-level incrementals are specified then it is likely that more incrementals will need to be kept since lower-level incrementals (and the full backup) are needed to reconstruct a higher-level incremental. BackupPC "fills-in" incremental backups when browsing or restoring, based on the levels of each backup, giving every backup a "full" appearance. This makes browsing and restoring backups much easier: you can restore from any one backup independent of whether it was an incremental or full. =item Partial Backup When a full backup fails or is canceled, and some files have already been backed up, BackupPC keeps a partial backup containing just the files that were backed up successfully. The partial backup is removed when the next successful backup completes, or if another full backup fails resulting in a newer partial backup. A failed full backup that has not backed up any files, or any failed incremental backup, is removed; no partial backup is saved in these cases. The partial backup may be browsed or used to restore files just like a successful full or incremental backup. With the rsync transfer method the partial backup is used to resume the next full backup, avoiding the need to retransfer the file data already in the partial backup. =item Identical Files BackupPC pools identical files using hardlinks. By "identical files" we mean files with identical contents, not necessary the same permissions, ownership or modification time. Two files might have different permissions, ownership, or modification time but will still be pooled whenever the contents are identical. This is possible since BackupPC stores the file meta-data (permissions, ownership, and modification time) separately from the file contents. =item Backup Policy Based on your site's requirements you need to decide what your backup policy is. BackupPC is not designed to provide exact re-imaging of failed disks. See L for more information. However, the addition of tar transport for linux/unix clients, plus full support for special file types and unix attributes in v1.4.0 likely means an exact image of a linux/unix file system can be made. BackupPC saves backups onto disk. Because of pooling you can relatively economically keep several weeks of old backups. At some sites the disk-based backup will be adequate, without a secondary tape backup. This system is robust to any single failure: if a client disk fails or loses files, the BackupPC server can be used to restore files. If the server disk fails, BackupPC can be restarted on a fresh file system, and create new backups from the clients. The chance of the server disk failing can be made very small by spending more money on increasingly better RAID systems. However, there is still the risk of catastrophic events like fires or earthquakes that can destroy both the BackupPC server and the clients it is backing up if they are physically nearby. Some sites might choose to do periodic backups to tape or cd/dvd. This backup can be done perhaps weekly using the archive function of BackupPC. Other users have reported success with removable disks to rotate the BackupPC data drives, or using rsync to mirror the BackupPC data pool offsite. =back =head2 Resources =over 4 =item BackupPC home page The BackupPC Open Source project is hosted on SourceForge. The home page can be found at: http://backuppc.sourceforge.net This page has links to the current documentation, the SourceForge project page and general information. =item SourceForge project The SourceForge project page is at: http://sourceforge.net/projects/backuppc This page has links to the current releases of BackupPC. =item BackupPC Wiki BackupPC has a Wiki at L. Everyone is encouraged to contribute to the Wiki. Anyone with a SourceForge account can edit the Wiki. The old FAQ is at L, but is deprecated in favor of the Wiki. =item Mailing lists Three BackupPC mailing lists exist for announcements (backuppc-announce), developers (backuppc-devel), and a general user list for support, asking questions or any other topic relevant to BackupPC (backuppc-users). The lists are archived on SourceForge and Gmane. The SourceForge lists are not always up to date and the searching is limited, so Gmane is a good alternative. See: http://news.gmane.org/index.php?prefix=gmane.comp.sysutils.backup.backuppc http://sourceforge.net/mailarchive/forum.php?forum=backuppc-users You can subscribe to these lists by visiting: http://lists.sourceforge.net/lists/listinfo/backuppc-announce http://lists.sourceforge.net/lists/listinfo/backuppc-users http://lists.sourceforge.net/lists/listinfo/backuppc-devel The backuppc-announce list is moderated and is used only for important announcements (eg: new versions). It is low traffic. You only need to subscribe to one of backuppc-announce and backuppc-users: backuppc-users also receives any messages on backuppc-announce. The backuppc-devel list is only for developers who are working on BackupPC. Do not post questions or support requests there. But detailed technical discussions should happen on this list. To post a message to the backuppc-users list, send an email to backuppc-users@lists.sourceforge.net Do not send subscription requests to this address! =item Other Programs of Interest If you want to mirror linux or unix files or directories to a remote server you should use rsync, L. BackupPC uses rsync as a transport mechanism; if you are already an rsync user you can think of BackupPC as adding efficient storage (compression and pooling) and a convenient user interface to rsync. Two popular open source packages that do tape backup are Amanda (L) and Bacula (L). These packages can be used as complete solutions, or also as back ends to BackupPC to backup the BackupPC server data to tape. Various programs and scripts use rsync to provide hardlinked backups. See, for example, Mike Rubel's site (L), JW Schultz's dirvish (L), Ben Escoto's rdiff-backup (L), and John Bowman's rlbackup (L). Unison is a utility that can do two-way, interactive, synchronization. See L. An external wrapper around rsync that maintains transfer data to enable two-way synchronization is drsync; see L. BackupPC provides many additional features, such as compressed storage, hardlinking any matching files (rather than just files with the same name), and storing special files without root privileges. But these other programs provide simple, effective and fast solutions and are definitely worthy of consideration. =back =head2 Road map The new features planned for future releases of BackupPC are on the Wiki at L. Comments and suggestions are welcome. =head2 You can help BackupPC is free. I work on BackupPC because I enjoy doing it and I like to contribute to the open source community. BackupPC already has more than enough features for my own needs. The main compensation for continuing to work on BackupPC is knowing that more and more people find it useful. So feedback is certainly appreciated, both positive and negative. Beyond being a satisfied user and telling other people about it, everyone is encouraged to add links to L (I'll see them via Google) or otherwise publicize BackupPC. Unlike the commercial products in this space, I have a zero budget (in both time and money) for marketing, PR and advertising, so it's up to all of you! Feel free to vote for BackupPC at L. Also, everyone is encouraged to contribute patches, bug reports, feature and design suggestions, new code, Wiki additions (you can do those directly) and documentation corrections or improvements. Answering questions on the mailing list is a big help too. =head1 Installing BackupPC =head2 Requirements BackupPC requires: =over 4 =item * A linux, solaris, or unix based server with a substantial amount of free disk space (see the next section for what that means). The CPU and disk performance on this server will determine how many simultaneous backups you can run. You should be able to run 4-8 simultaneous backups on a moderately configured server. Several users have reported significantly better performance using reiserfs compared to ext3 for the BackupPC data file system. It is also recommended you consider either an LVM or RAID setup (either in HW or SW; eg: 3Ware RAID10 or RAID5) so that you can expand the file system as necessary. When BackupPC starts with an empty pool, all the backup data will be written to the pool on disk. After more backups are done, a higher percentage of incoming files will already be in the pool. BackupPC is able to avoid writing to disk new files that are already in the pool. So over time disk writes will reduce significantly (by perhaps a factor of 20 or more), since eventually 95% or more of incoming backup files are typically in the pool. Disk reads from the pool are still needed to do file compares to verify files are an exact match. So, with a mature pool, if a relatively fast client generates data at say 1MB/sec, and you run 4 simultaneous backups, there will be an average server disk load of about 4MB/sec reads and 0.2MB/sec writes (assuming 95% of the incoming files are in the pool). These rates will be perhaps 40% lower if compression is on. =item * Perl version 5.8.0 or later. If you don't have perl, please see L. =item * Perl modules Compress::Zlib, Archive::Zip and File::RsyncP. Try "perldoc Compress::Zlib" and "perldoc Archive::Zip" to see if you have these modules. If not, fetch them from L and see the instructions below for how to build and install them. The File::RsyncP module is available from L or CPAN. You'll need to install the File::RsyncP module if you want to use Rsync as a transport method. =item * If you are using smb to backup WinXX machines you need smbclient and nmblookup from the samba package. You will also need nmblookup if you are backing up linux/unix DHCP machines. See L. Samba versions 3.x are stable and now recommended instead of 2.x. See L for source and binaries. It's pretty easy to fetch and compile samba, and just grab smbclient and nmblookup, without doing the installation. Alternatively, L has binary distributions for most platforms. =item * If you are using tar to backup linux/unix machines, those machines should have version 1.13.7 at a minimum, with version 1.13.20 or higher recommended. Use "tar --version" to check your version. Various GNU mirrors have the newest versions of tar; see L. =item * If you are using rsync to backup linux/unix machines you should have version 2.6.3 or higher on each client machine. See L. Use "rsync --version" to check your version. For BackupPC to use Rsync you will also need to install the perl File::RsyncP module, which is available from L. Version 0.68 or later is required. =item * The Apache web server, see L, preferably built with mod_perl support. =back =head2 What type of storage space do I need? BackupPC uses hardlinks to pool files common to different backups. Therefore BackupPC's data store (__TOPDIR__) must point to a single file system that supports hardlinks. You cannot split this file system with multiple mount points or using symbolic links to point a sub-directory to a different file system (it is ok to use a single symbolic link at the top-level directory (__TOPDIR__) to point the entire data store somewhere else). You can of course use any kind of RAID system or logical volume manager that combines the capacity of multiple disks into a single, larger, file system. Such approaches have the advantage that the file system can be expanded without having to copy it. Any standard linux or unix file system supports hardlinks. NFS mounted file systems work too (provided the underlying file system supports hardlinks). But windows based FAT and NTFS file systems will not work. Starting with BackupPC 3.1.0, run-time checks are done at startup and at the start of each backup to ensure that the file system can support hardlinks, since this is a common area of configuration problems. =head2 How much disk space do I need? Here's one real example for an environment that is backing up 65 laptops with compression off. Each full backup averages 3.2GB. Each incremental backup averages about 0.2GB. Storing one full backup and two incremental backups per laptop is around 240GB of raw data. But because of the pooling of identical files, only 87GB is used. This is without compression. Another example, with compression on: backing up 95 laptops, where each backup averages 3.6GB and each incremental averages about 0.3GB. Keeping three weekly full backups, and six incrementals is around 1200GB of raw data. Because of pooling and compression, only 150GB is needed. Here's a rule of thumb. Add up the disk usage of all the machines you want to backup (210GB in the first example above). This is a rough minimum space estimate that should allow a couple of full backups and at least half a dozen incremental backups per machine. If compression is on you can reduce the storage requirements by maybe 30-40%. Add some margin in case you add more machines or decide to keep more old backups. Your actual mileage will depend upon the types of clients, operating systems and applications you have. The more uniform the clients and applications the bigger the benefit from pooling common files. For example, the Eudora email tool stores each mail folder in a separate file, and attachments are extracted as separate files. So in the sadly common case of a large attachment emailed to many recipients, Eudora will extract the attachment into a new file. When these machines are backed up, only one copy of the file will be stored on the server, even though the file appears in many different full or incremental backups. In this sense Eudora is a "friendly" application from the point of view of backup storage requirements. An example at the other end of the spectrum is Outlook. Everything (email bodies, attachments, calendar, contact lists) is stored in a single file, which often becomes huge. Any change to this file requires a separate copy of the file to be saved during backup. Outlook is even more troublesome, since it keeps this file locked all the time, so it cannot be read by smbclient whenever Outlook is running. See the L section for more discussion of this problem. In addition to total disk space, you should make sure you have plenty of inodes on your BackupPC data partition. Some users have reported running out of inodes on their BackupPC data partition. So even if you have plenty of disk space, BackupPC will report failures when the inodes are exhausted. This is a particular problem with ext2/ext3 file systems that have a fixed number of inodes when the file system is built. Use "df -i" to see your inode usage. =head2 Step 1: Getting BackupPC Some linux distributions now include BackupPC. The Debian distribution, supported by Ludovic Drolez, can be found at L and is included in the current stable Debian release. On Debian, BackupPC can be installed with the command: apt-get install backuppc In the future there might be packages for Gentoo and other linux flavors. If the packaged version is older than the released version then you may want to install the latest version as described below. Otherwise, manually fetching and installing BackupPC is easy. Start by downloading the latest version from L. Hit the "Code" button, then select the "backuppc" or "backuppc-beta" package and download the latest version. =head2 Step 2: Installing the distribution Note: most information in this step is only relevant if you build and install BackupPC yourself. If you use a package provided by a distribution, the package management system should take of installing any needed dependencies. First off, there are three perl modules you should install. These are all optional, but highly recommended: =over 4 =item Compress::Zlib To enable compression, you will need to install Compress::Zlib from L. You can run "perldoc Compress::Zlib" to see if this module is installed. =item Archive::Zip To support restore via Zip archives you will need to install Archive::Zip, also from L. You can run "perldoc Archive::Zip" to see if this module is installed. =item XML::RSS To support the RSS feature you will need to install XML::RSS, also from L. There is not need to install this module if you don't plan on using RSS. You can run "perldoc XML::RSS" to see if this module is installed. =item File::RsyncP To use rsync and rsyncd with BackupPC you will need to install File::RsyncP. You can run "perldoc File::RsyncP" to see if this module is installed. File::RsyncP is available from L. Version 0.68 or later is required. =item File::RsyncP To use ftp with BackupPC you will need to install three libraries: Net::FTP, Net::FTP::RetrHandle and Net::FTP::AutoReconnect. You can run "perldoc Net::FTP" to see if a particular module is installed. =back To build and install these packages you should use the cpan program. Alternatively, you can fetch the tar.gz file from L and then run these commands: tar zxvf Archive-Zip-1.26.tar.gz cd Archive-Zip-1.26 perl Makefile.PL make make test make install The same sequence of commands can be used for each module. Now let's move onto BackupPC itself. After fetching BackupPC-__VERSION__.tar.gz, run these commands as root: tar zxf BackupPC-__VERSION__.tar.gz cd BackupPC-__VERSION__ perl configure.pl In the future this release might also have patches available on the SourceForge site. These patch files are text files, with a name of the form BackupPC-__VERSION__plN.diff where N is the patch level, eg: pl2 is patch-level 2. These patch files are cumulative: you only need apply the last patch file, not all the earlier patch files. If a patch file is available, eg: BackupPC-__VERSION__pl2.diff, you should apply the patch after extracting the tar file: # fetch BackupPC-__VERSION__.tar.gz # fetch BackupPC-__VERSION__pl2.diff tar zxf BackupPC-__VERSION__.tar.gz cd BackupPC-__VERSION__ patch -p0 < ../BackupPC-__VERSION__pl2.diff perl configure.pl A patch file includes comments that describe that bug fixes and changes. Feel free to review it before you apply the patch. The configure.pl script also accepts command-line options if you wish to run it in a non-interactive manner. It has self-contained documentation for all the command-line options, which you can read with perldoc: perldoc configure.pl Starting with BackupPC 3.0.0, the configure.pl script by default complies with the file system hierarchy (FHS) conventions. The major difference compared to earlier versions is that by default configuration files will be stored in /etc/BackupPC rather than below the data directory, __TOPDIR__/conf, and the log files will be stored in /var/log/BackupPC rather than below the data directory, __TOPDIR__/log. Note that distributions may choose to use different locations for BackupPC files than these defaults. If you are upgrading from an earlier version the configure.pl script will keep the configuration files and log files in their original location. When you run configure.pl you will be prompted for the full paths of various executables, and you will be prompted for the following information. =over 4 =item BackupPC User It is best if BackupPC runs as a special user, eg backuppc, that has limited privileges. It is preferred that backuppc belongs to a system administrator group so that sys admin members can browse BackupPC files, edit the configuration files and so on. Although configurable, the default settings leave group read permission on pool files, so make sure the BackupPC user's group is chosen restrictively. On this installation, this is __BACKUPPCUSER__. For security purposes you might choose to configure the BackupPC user with the shell set to /bin/false. Since you might need to run some BackupPC programs as the BackupPC user for testing purposes, you can use the -s option to su to explicitly run a shell, eg: su -s /bin/bash __BACKUPPCUSER__ Depending upon your configuration you might also need the -l option. =item Data Directory You need to decide where to put the data directory, below which all the BackupPC data is stored. This needs to be a big file system. On this installation, this is __TOPDIR__. =item Install Directory You should decide where the BackupPC scripts, libraries and documentation should be installed, eg: /usr/local/BackupPC. On this installation, this is __INSTALLDIR__. =item CGI bin Directory You should decide where the BackupPC CGI script resides. This will usually be below Apache's cgi-bin directory. It is also possible to use a different directory and use Apache's ``'' directive to specifiy that location. See the Apache HTTP Server documentation for additional information. On this installation, this is __CGIDIR__. =item Apache image Directory A directory where BackupPC's images are stored so that Apache can serve them. You should ensure this directory is readable by Apache and create a symlink to this directory from the BackupPC CGI bin Directory. =item Config and Log Directories In this installation the configuration and log directories are located in the following locations: __CONFDIR__/config.pl main config file __CONFDIR__/hosts hosts file __CONFDIR__/pc/HOST.pl per-pc config file __LOGDIR__/BackupPC log files, pid, status The configure.pl script doesn't prompt for these locations but they can be set for new installations using command-line options. =back =head2 Step 3: Setting up config.pl After running configure.pl, browse through the config file, __CONFDIR__/config.pl, and make sure all the default settings are correct. In particular, you will need to decide whether to use smb, tar,or rsync or ftp transport (or whether to set it on a per-PC basis) and set the relevant parameters for that transport method. See the section L for more details. =head2 Step 4: Setting up the hosts file The file __CONFDIR__/hosts contains the list of clients to backup. BackupPC reads this file in three cases: =over 4 =item * Upon startup. =item * When BackupPC is sent a HUP (-1) signal. Assuming you installed the init.d script, you can also do this with "/etc/init.d/backuppc reload". =item * When the modification time of the hosts file changes. BackupPC checks the modification time once during each regular wakeup. =back Whenever you change the hosts file (to add or remove a host) you can either do a kill -HUP BackupPC_pid or simply wait until the next regular wakeup period. Each line in the hosts file contains three fields, separated by white space: =over 4 =item Host name This is typically the host name or NetBios name of the client machine and should be in lower case. The host name can contain spaces (escape with a backslash), but it is not recommended. Please read the section L. In certain cases you might want several distinct clients to refer to the same physical machine. For example, you might have a database you want to backup, and you want to bracket the backup of the database with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}. But you also want to backup the rest of the machine while the database is still running. In the case you can specify two different clients in the host file, using any mnemonic name (eg: myhost_mysql and myhost), and use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the real host name of the machine. =item DHCP flag Starting with v2.0.0 the way hosts are discovered has changed and now in most cases you should specify 0 for the DHCP flag, even if the host has a dynamically assigned IP address. Please read the section L to understand whether you need to set the DHCP flag. You only need to set DHCP to 1 if your client machine doesn't respond to the NetBios multicast request: nmblookup myHost but does respond to a request directed to its IP address: nmblookup -A W.X.Y.Z If you do set DHCP to 1 on any client you will need to specify the range of DHCP addresses to search is specified in $Conf{DHCPAddressRanges}. Note also that the $Conf{ClientNameAlias} feature does not work for clients with DHCP set to 1. =item User name This should be the unix login/email name of the user who "owns" or uses this machine. This is the user who will be sent email about this machine, and this user will have permission to stop/start/browse/restore backups for this host. Leave this blank if no specific person should receive email or be allowed to stop/start/browse/restore backups for this host. Administrators will still have full permissions. =item More users Additional user names, separate by commas and with no white space, can be specified. These users will also have full permission in the CGI interface to stop/start/browse/restore backups for this host. These users will not be sent email about this host. =back The first non-comment line of the hosts file is special: it contains the names of the columns and should not be edited. Here's a simple example of a hosts file: host dhcp user moreUsers farside 0 craig jim,dave larson 1 gary andy =head2 Step 5: Client Setup Four methods for getting backup data from a client are supported: smb, tar, rsync and ftp. Smb or rsync are the preferred methods for WinXX clients and rsync or tar are the preferred methods for linux/unix/MacOSX clients. The transfer method is set using the $Conf{XferMethod} configuration setting. If you have a mixed environment (ie: you will use smb for some clients and tar for others), you will need to pick the most common choice for $Conf{XferMethod} for the main config.pl file, and then override it in the per-PC config file for those hosts that will use the other method. (Or you could run two completely separate instances of BackupPC, with different data directories, one for WinXX and the other for linux/unix, but then common files between the different machine types will duplicated.) Here are some brief client setup notes: =over 4 =item WinXX One setup for WinXX clients is to set $Conf{XferMethod} to "smb". Actually, rsyncd is the better method for WinXX if you are prepared to run rsync/cygwin on your WinXX client. If you want to use rsyncd for WinXX clients you can find a pre-packaged zip file on L. The package is called cygwin-rsync. It contains rsync.exe, template setup files and the minimal set of cygwin libraries for everything to run. The README file contains instructions for running rsync as a service, so it starts automatically everytime you boot your machine. If you use rsync to backup WinXX machines, be sure to set $Conf{ClientCharset} correctly (eg: 'cp1252') so that the WinXX file name encoding is correctly converted to utf8. Otherwise, to use SMB, you can either create shares for the data you want to backup or your can use the existing C$ share. To create a new share, open "My Computer", right click on the drive (eg: C), and select "Sharing..." (or select "Properties" and select the "Sharing" tab). In this dialog box you can enable sharing, select the share name and permissions. All Windows NT based OS (NT, 2000, XP Pro), are configured by default to share the entire C drive as C$. This is a special share used for various administration functions, one of which is to grant access to backup operators. All you need to do is create a new domain user, specifically for backup. Then add the new backup user to the built in "Backup Operators" group. You now have backup capability for any directory on any computer in the domain in one easy step. This avoids using administrator accounts and only grants permission to do exactly what you want for the given user, i.e.: backup. Also, for additional security, you may wish to deny the ability for this user to logon to computers in the default domain policy. If this machine uses DHCP you will also need to make sure the NetBios name is set. Go to Control Panel|System|Network Identification (on Win2K) or Control Panel|System|Computer Name (on WinXP). Also, you should go to Control Panel|Network Connections|Local Area Connection|Properties|Internet Protocol (TCP/IP)|Properties|Advanced|WINS and verify that NetBios is not disabled. The relevant configuration settings are $Conf{SmbShareName}, $Conf{SmbShareUserName}, $Conf{SmbSharePasswd}, $Conf{SmbClientPath}, $Conf{SmbClientFullCmd}, $Conf{SmbClientIncrCmd} and $Conf{SmbClientRestoreCmd}. BackupPC needs to know the smb share user name and password for a client machine that uses smb. The user name is specified in $Conf{SmbShareUserName}. There are four ways to tell BackupPC the smb share password: =over 4 =item * As an environment variable BPC_SMB_PASSWD set before BackupPC starts. If you start BackupPC manually the BPC_SMB_PASSWD variable must be set manually first. For backward compatibility for v1.5.0 and prior, the environment variable PASSWD can be used if BPC_SMB_PASSWD is not set. Warning: on some systems it is possible to see environment variables of running processes. =item * Alternatively the BPC_SMB_PASSWD setting can be included in /etc/init.d/backuppc, in which case you must make sure this file is not world (other) readable. =item * As a configuration variable $Conf{SmbSharePasswd} in __CONFDIR__/config.pl. If you put the password here you must make sure this file is not world (other) readable. =item * As a configuration variable $Conf{SmbSharePasswd} in the per-PC configuration file (__CONFDIR__/pc/$host.pl or __TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC). You will have to use this option if the smb share password is different for each host. If you put the password here you must make sure this file is not world (other) readable. =back Placement and protection of the smb share password is a possible security risk, so please double-check the file and directory permissions. In a future version there might be support for encryption of this password, but a private key will still have to be stored in a protected place. Suggestions are welcome. As an alternative to setting $Conf{XferMethod} to "smb" (using smbclient) for WinXX clients, you can use an smb network filesystem (eg: ksmbfs or similar) on your linux/unix server to mount the share, and then set $Conf{XferMethod} to "tar" (use tar on the network mounted file system). Also, to make sure that file names with special characters are correctly transferred by smbclient you should make sure that the smb.conf file has (for samba 3.x): [global] unix charset = UTF8 UTF8 is the default setting, so if the parameter is missing then it is ok. With this setting $Conf{ClientCharset} should be emtpy, since smbclient has already converted the file names to utf8. =item Linux/Unix The preferred setup for linux/unix clients is to set $Conf{XferMethod} to "rsync", "rsyncd" or "tar". You can use either rsync, smb, or tar for linux/unix machines. Smb requires that the Samba server (smbd) be run to provide the shares. Since the smb protocol can't represent special files like symbolic links and fifos, tar and rsync are the better transport methods for linux/unix machines. (In fact, by default samba makes symbolic links look like the file or directory that they point to, so you could get an infinite loop if a symbolic link points to the current or parent directory. If you really need to use Samba shares for linux/unix backups you should turn off the "follow symlinks" samba config setting. See the smb.conf manual page.) The requirements for each Xfer Method are: =over 4 =item tar You must have GNU tar on the client machine. Use "tar --version" or "gtar --version" to verify. The version should be at least 1.13.7, and 1.13.20 or greater is recommended. Tar is run on the client machine via rsh or ssh. The relevant configuration settings are $Conf{TarClientPath}, $Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs}, $Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}. =item rsync You should have at least rsync 2.6.3, and the latest version is recommended. Rsync is run on the remote client via rsh or ssh. The relevant configuration settings are $Conf{RsyncClientPath}, $Conf{RsyncClientCmd}, $Conf{RsyncClientRestoreCmd}, $Conf{RsyncShareName}, $Conf{RsyncArgs}, and $Conf{RsyncRestoreArgs}. =item rsyncd You should have at least rsync 2.6.3, and the latest version is recommended. In this case the rsync daemon should be running on the client machine and BackupPC connects directly to it. The relevant configuration settings are $Conf{RsyncdClientPort}, $Conf{RsyncdUserName}, $Conf{RsyncdPasswd}, $Conf{RsyncdAuthRequired}, $Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncArgsExtra}, and $Conf{RsyncRestoreArgs}. $Conf{RsyncShareName} is the name of an rsync module (ie: the thing in square brackets in rsyncd's conf file -- see rsyncd.conf), not a file system path. Be aware that rsyncd will remove the leading '/' from path names in symbolic links if you specify "use chroot = no" in the rsynd.conf file. See the rsyncd.conf manual page for more information. =item ftp You need to be running an ftp server on the client machine. The relevant configuration settings are $Conf{FtpShareName}, $Conf{FtpUserName}, $Conf{FtpPasswd}, $Conf{FtpBlockSize}, $Conf{FtpPort}, $Conf{FtpTimeout}, and $Conf{FtpFollowSymlinks}. =back You need to set $Conf{ClientCharset} to the client's charset so that file names are correctly converted to utf8. Use "locale charmap" on the client to see its charset. For linux/unix machines you should not backup "/proc". This directory contains a variety of files that look like regular files but they are special files that don't need to be backed up (eg: /proc/kcore is a regular file that contains physical memory). See $Conf{BackupFilesExclude}. It is safe to back up /dev since it contains mostly character-special and block-special files, which are correctly handed by BackupPC (eg: backing up /dev/hda5 just saves the block-special file information, not the contents of the disk). Alternatively, rather than backup all the file systems as a single share ("/"), it is easier to restore a single file system if you backup each file system separately. To do this you should list each file system mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the --one-file-system option to $Conf{TarClientCmd} or $Conf{RsyncArgs}. In this case there is no need to exclude /proc explicitly since it looks like a different file system. Next you should decide whether to run tar over ssh, rsh or nfs. Ssh is the preferred method. Rsh is not secure and therefore not recommended. Nfs will work, but you need to make sure that the BackupPC user (running on the server) has sufficient permissions to read all the files below the nfs mount. Ssh allows BackupPC to run as a privileged user on the client (eg: root), since it needs sufficient permissions to read all the backup files. Ssh is setup so that BackupPC on the server (an otherwise low privileged user) can ssh as root on the client, without being prompted for a password. There are two common versions of ssh: v1 and v2. Here are some instructions for one way to setup ssh. (Check which version of SSH you have by typing "ssh" or "man ssh".) =item MacOSX In general this should be similar to Linux/Unix machines. In versions 10.4 and later, the native MacOSX tar works, and also supports resource forks. xtar is another option, and rsync works too (although the MacOSX-supplied rsync has an extension for extended attributes that is not compatible with standard rsync). =item SSH Setup SSH is a secure way to run tar or rsync on a backup client to extract the data. SSH provides strong authentication and encryption of the network data. Note that if you run rsyncd (rsync daemon), ssh is not used. In this case, rsyncd provides its own authentication, but there is no encryption of network data. If you want encryption of network data you can use ssh to create a tunnel, or use a program like stunnel. Setup instructions for ssh can be found at L or on the Wiki. =item Clients that use DHCP If a client machine uses DHCP BackupPC needs some way to find the IP address given the host name. One alternative is to set dhcp to 1 in the hosts file, and BackupPC will search a pool of IP addresses looking for hosts. More efficiently, it is better to set dhcp = 0 and provide a mechanism for BackupPC to find the IP address given the host name. For WinXX machines BackupPC uses the NetBios name server to determine the IP address given the host name. For unix machines you can run nmbd (the NetBios name server) from the Samba distribution so that the machine responds to a NetBios name request. See the manual page and Samba documentation for more information. Alternatively, you can set $Conf{NmbLookupFindHostCmd} to any command that returns the IP address given the host name. Please read the section L for more details. =back =head2 Step 6: Running BackupPC The installation contains an init.d backuppc script that can be copied to /etc/init.d so that BackupPC can auto-start on boot. See init.d/README for further instructions. BackupPC should be ready to start. If you installed the init.d script, then you should be able to run BackupPC with: /etc/init.d/backuppc start (This script can also be invoked with "stop" to stop BackupPC and "reload" to tell BackupPC to reload config.pl and the hosts file.) Otherwise, just run __INSTALLDIR__/bin/BackupPC -d as user __BACKUPPCUSER__. The -d option tells BackupPC to run as a daemon (ie: it does an additional fork). Any immediate errors will be printed to stderr and BackupPC will quit. Otherwise, look in __LOGDIR__/LOG and verify that BackupPC reports it has started and all is ok. =head2 Step 7: Talking to BackupPC You should verify that BackupPC is running by using BackupPC_serverMesg. This sends a message to BackupPC via the unix (or TCP) socket and prints the response. Like all BackupPC programs, BackupPC_serverMesg should be run as the BackupPC user (__BACKUPPCUSER__), so you should su __BACKUPPCUSER__ before running BackupPC_serverMesg. If the BackupPC user is configured with /bin/false as the shell, you can use the -s option to su to explicitly run a shell, eg: su -s /bin/bash __BACKUPPCUSER__ Depending upon your configuration you might also need the -l option. You can request status information and start and stop backups using this interface. This socket interface is mainly provided for the CGI interface (and some of the BackupPC sub-programs use it too). But right now we just want to make sure BackupPC is happy. Each of these commands should produce some status output: __INSTALLDIR__/bin/BackupPC_serverMesg status info __INSTALLDIR__/bin/BackupPC_serverMesg status jobs __INSTALLDIR__/bin/BackupPC_serverMesg status hosts The output should be some hashes printed with Data::Dumper. If it looks cryptic and confusing, and doesn't look like an error message, then all is ok. The jobs status should initially show just BackupPC_trashClean. The hosts status should produce a list of every host you have listed in __CONFDIR__/hosts as part of a big cryptic output line. You can also request that all hosts be queued: __INSTALLDIR__/bin/BackupPC_serverMesg backup all At this point you should make sure the CGI interface works since it will be much easier to see what is going on. That's our next subject. =head2 Step 8: Checking email delivery The script BackupPC_sendEmail sends status and error emails to the administrator and users. It is usually run each night by BackupPC_nightly. To verify that it can run sendmail and deliver email correctly you should ask it to send a test email to you: su __BACKUPPCUSER__ __INSTALLDIR__/bin/BackupPC_sendEmail -u MYNAME@MYDOMAIN.COM BackupPC_sendEmail also takes a -c option that checks if BackupPC is running, and it sends an email to $Conf{EMailAdminUserName} if it is not. That can be used as a keep-alive check by adding __INSTALLDIR__/bin/BackupPC_sendEmail -c to __BACKUPPCUSER__'s cron. The -t option to BackupPC_sendEmail causes it to print the email message instead of invoking sendmail to deliver the message. =head2 Step 9: CGI interface The CGI interface script, BackupPC_Admin, is a powerful and flexible way to see and control what BackupPC is doing. It is written for an Apache server. If you don't have Apache, see L. There are two options for setting up the CGI interface: standard mode and using mod_perl. Mod_perl provides much higher performance (around 15x) and is the best choice if your Apache was built with mod_perl support. To see if your apache was built with mod_perl run this command: httpd -l | egrep mod_perl If this prints mod_perl.c then your Apache supports mod_perl. Note: on some distributions (like Debian) the command is not ``httpd'', but ``apache'' or ``apache2''. Those distributions will generally also use ``apache'' for the Apache user account and configuration files. Using mod_perl with BackupPC_Admin requires a dedicated Apache to be run as the BackupPC user (__BACKUPPCUSER__). This is because BackupPC_Admin needs permission to access various files in BackupPC's data directories. In contrast, the standard installation (without mod_perl) solves this problem by having BackupPC_Admin installed as setuid to the BackupPC user, so that BackupPC_Admin runs as the BackupPC user. Here are some specifics for each setup: =over 4 =item Standard Setup The CGI interface should have been installed by the configure.pl script in __CGIDIR__/BackupPC_Admin. BackupPC_Admin should have been installed as setuid to the BackupPC user (__BACKUPPCUSER__), in addition to user and group execute permission. You should be very careful about permissions on BackupPC_Admin and the directory __CGIDIR__: it is important that normal users cannot directly execute or change BackupPC_Admin, otherwise they can access backup files for any PC. You might need to change the group ownership of BackupPC_Admin to a group that Apache belongs to so that Apache can execute it (don't add "other" execute permission!). The permissions should look like this: ls -l __CGIDIR__/BackupPC_Admin -swxr-x--- 1 __BACKUPPCUSER__ web 82406 Jun 17 22:58 __CGIDIR__/BackupPC_Admin The setuid script won't work unless perl on your machine was installed with setuid emulation. This is likely the problem if you get an error saying such as "Wrong user: my userid is 25, instead of 150", meaning the script is running as the httpd user, not the BackupPC user. This is because setuid scripts are disabled by the kernel in most flavors of unix and linux. To see if your perl has setuid emulation, see if there is a program called sperl5.8.0 (or sperl5.8.2 etc, based on your perl version) in the place where perl is installed. If you can't find this program, then you have two options: rebuild and reinstall perl with the setuid emulation turned on (answer "y" to the question "Do you want to do setuid/setgid emulation?" when you run perl's configure script), or switch to the mod_perl alternative for the CGI script (which doesn't need setuid to work). =item Mod_perl Setup The advantage of the mod_perl setup is that no setuid script is needed, and there is a huge performance advantage. Not only does all the perl code need to be parsed just once, the config.pl and hosts files, plus the connection to the BackupPC server are cached between requests. The typical speedup is around 15 times. To use mod_perl you need to run Apache as user __BACKUPPCUSER__. If you need to run multiple Apache's for different services then you need to create multiple top-level Apache directories, each with their own config file. You can make copies of /etc/init.d/httpd and use the -d option to httpd to point each http to a different top-level directory. Or you can use the -f option to explicitly point to the config file. Multiple Apache's will run on different Ports (eg: 80 is standard, 8080 is a typical alternative port accessed via http://yourhost.com:8080). Inside BackupPC's Apache http.conf file you should check the settings for ServerRoot, DocumentRoot, User, Group, and Port. See L for more details. For mod_perl, BackupPC_Admin should not have setuid permission, so you should turn it off: chmod u-s __CGIDIR__/BackupPC_Admin To tell Apache to use mod_perl to execute BackupPC_Admin, add this to Apache's 1.x httpd.conf file: PerlModule Apache::Registry PerlTaintCheck On # <--- change path as needed SetHandler perl-script PerlHandler Apache::Registry Options ExecCGI PerlSendHeader On Apache 2.0.44 with Perl 5.8.0 on RedHat 7.1, Don Silvia reports that this works (with tweaks from Michael Tuzi): LoadModule perl_module modules/mod_perl.so PerlModule Apache2 SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI Order deny,allow Deny from all Allow from 192.168.0 AuthName "Backup Admin" AuthType Basic AuthUserFile /path/to/user_file Require valid-user There are other optimizations and options with mod_perl. For example, you can tell mod_perl to preload various perl modules, which saves memory compared to loading separate copies in every Apache process after they are forked. See Stas's definitive mod_perl guide at L. =back BackupPC_Admin requires that users are authenticated by Apache. Specifically, it expects that Apache sets the REMOTE_USER environment variable when it runs. There are several ways to do this. One way is to create a .htaccess file in the cgi-bin directory that looks like: AuthGroupFile /etc/httpd/conf/group # <--- change path as needed AuthUserFile /etc/http/conf/passwd # <--- change path as needed AuthType basic AuthName "access" require valid-user You will also need "AllowOverride Indexes AuthConfig" in the Apache httpd.conf file to enable the .htaccess file. Alternatively, everything can go in the Apache httpd.conf file inside a Location directive. The list of users and password file above can be extracted from the NIS passwd file. One alternative is to use LDAP. In Apache's http.conf add these lines: LoadModule auth_ldap_module modules/auth_ldap.so AddModule auth_ldap.c # cgi-bin - auth via LDAP (for BackupPC) # <--- change path as needed AuthType Basic AuthName "BackupPC login" # replace MYDOMAIN, PORT, ORG and CO as needed AuthLDAPURL ldap://ldap.MYDOMAIN.com:PORT/o=ORG,c=CO?uid?sub?(objectClass=*) require valid-user If you want to disable the user authentication you can set $Conf{CgiAdminUsers} to '*', which allows any user to have full access to all hosts and backups. In this case the REMOTE_USER environment variable does not have to be set by Apache. Alternatively, you can force a particular user name by getting Apache to set REMOTE_USER, eg, to hardcode the user to www you could add this to Apache's httpd.conf: # <--- change path as needed Setenv REMOTE_USER www Finally, you should also edit the config.pl file and adjust, as necessary, the CGI-specific settings. They're near the end of the config file. In particular, you should specify which users or groups have administrator (privileged) access: see the config settings $Conf{CgiAdminUserGroup} and $Conf{CgiAdminUsers}. Also, the configure.pl script placed various images into $Conf{CgiImageDir} that BackupPC_Admin needs to serve up. You should make sure that $Conf{CgiImageDirURL} is the correct URL for the image directory. See the section L for suggestions on debugging the Apache authentication setup. =head2 How BackupPC Finds Hosts Starting with v2.0.0 the way hosts are discovered has changed. In most cases you should specify 0 for the DHCP flag in the conf/hosts file, even if the host has a dynamically assigned IP address. BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner: =over 4 =item * First DNS is used to lookup the IP address given the client's name using perl's gethostbyname() function. This should succeed for machines that have fixed IP addresses that are known via DNS. You can manually see whether a given host have a DNS entry according to perl's gethostbyname function with this command: perl -e 'print(gethostbyname("myhost") ? "ok\n" : "not found\n");' =item * If gethostbyname() fails, BackupPC then attempts a NetBios multicast to find the host. Provided your client machine is configured properly, it should respond to this NetBios multicast request. Specifically, BackupPC runs a command of this form: nmblookup myhost If this fails you will see output like: querying myhost on 10.10.255.255 name_query failed to find name myhost If it is successful you will see output like: querying myhost on 10.10.255.255 10.10.1.73 myhost<00> Depending on your netmask you might need to specify the -B option to nmblookup. For example: nmblookup -B 10.10.1.255 myhost If necessary, experiment with the nmblookup command which will return the IP address of the client given its name. Then update $Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup. =back For hosts that have the DHCP flag set to 1, these machines are discovered as follows: =over 4 =item * A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified. BackupPC will check the NetBIOS name of each machine in the range using a command of the form: nmblookup -A W.X.Y.Z where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}. Any host that has a valid NetBIOS name returned by this command (ie: matching an entry in the hosts file) will be backed up. You can modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}. =item * You only need to use this DHCP feature if your client machine doesn't respond to the NetBios multicast request: nmblookup myHost but does respond to a request directed to its IP address: nmblookup -A W.X.Y.Z =back =head2 Other installation topics =over 4 =item Removing a client If there is a machine that no longer needs to be backed up (eg: a retired machine) you have two choices. First, you can keep the backups accessible and browsable, but disable all new backups. Alternatively, you can completely remove the client and all its backups. To disable backups for a client $Conf{BackupsDisable} can be set to two different values in that client's per-PC config.pl file: =over 4 =item 1 Don't do any regular backups on this machine. Manually requested backups (via the CGI interface) will still occur. =item 2 Don't do any backups on this machine. Manually requested backups (via the CGI interface) will be ignored. =back This will still allow the client's old backups to be browsable and restorable. To completely remove a client and all its backups, you should remove its entry in the conf/hosts file, and then delete the __TOPDIR__/pc/$host directory. Whenever you change the hosts file, you should send BackupPC a HUP (-1) signal so that it re-reads the hosts file. If you don't do this, BackupPC will automatically re-read the hosts file at the next regular wakeup. Note that when you remove a client's backups you won't initially recover much disk space. That's because the client's files are still in the pool. Overnight, when BackupPC_nightly next runs, all the unused pool files will be deleted and this will recover the disk space used by the client's backups. =item Copying the pool If the pool disk requirements grow you might need to copy the entire data directory to a new (bigger) file system. Hopefully you are lucky enough to avoid this by having the data directory on a RAID file system or LVM that allows the capacity to be grown in place by adding disks. The backup data directories contain large numbers of hardlinks. If you try to copy the pool the target directory will occupy a lot more space if the hardlinks aren't re-established. The best way to copy a pool file system, if possible, is by copying the raw device at the block level (eg: using dd). Application level programs that understand hardlinks include the GNU cp program with the -a option and rsync -H. However, the large number of hardlinks in the pool will make the memory usage large and the copy very slow. Don't forget to stop BackupPC while the copy runs. Starting in 3.0.0 a new script bin/BackupPC_tarPCCopy can be used to assist the copy process. Given one or more pc paths (eg: TOPDIR/pc/HOST or TOPDIR/pc/HOST/nnn), BackupPC_tarPCCopy creates a tar archive with all the hardlinks pointing to ../cpool/.... Any files not hardlinked (eg: backups, LOG etc) are included verbatim. You will need to specify the -P option to tar when you extract the archive generated by BackupPC_tarPCCopy since the hardlink targets are outside of the directory being extracted. To copy a complete store (ie: __TOPDIR__) using BackupPC_tarPCCopy you should: =over 4 =item * stop BackupPC so that the store is static. =item * copy the cpool, conf and log directory trees using any technique (like cp, rsync or tar) without the need to preserve hardlinks. =item * copy the pc directory using BackupPC_tarPCCopy: su __BACKUPPCUSER__ cd NEW_TOPDIR mkdir pc cd pc __INSTALLDIR__/bin/BackupPC_tarPCCopy __TOPDIR__/pc | tar xvPf - =back =back =head2 Fixing installation problems Please see the Wiki at L for debugging suggestions. If you find a solution to your problem that could help other users please add it to the Wiki! =head1 Restore functions BackupPC supports several different methods for restoring files. The most convenient restore options are provided via the CGI interface. Alternatively, backup files can be restored using manual commands. =head2 CGI restore options By selecting a host in the CGI interface, a list of all the backups for that machine will be displayed. By selecting the backup number you can navigate the shares and directory tree for that backup. BackupPC's CGI interface automatically fills incremental backups with the corresponding full backup, which means each backup has a filled appearance. Therefore, there is no need to do multiple restores from the incremental and full backups: BackupPC does all the hard work for you. You simply select the files and directories you want from the correct backup vintage in one step. You can download a single backup file at any time simply by selecting it. Your browser should prompt you with the file name and ask you whether to open the file or save it to disk. Alternatively, you can select one or more files or directories in the currently selected directory and select "Restore selected files". (If you need to restore selected files and directories from several different parent directories you will need to do that in multiple steps.) If you select all the files in a directory, BackupPC will replace the list of files with the parent directory. You will be presented with a screen that has three options: =over 4 =item Option 1: Direct Restore With this option the selected files and directories are restored directly back onto the host, by default in their original location. Any old files with the same name will be overwritten, so use caution. You can optionally change the target host name, target share name, and target path prefix for the restore, allowing you to restore the files to a different location. Once you select "Start Restore" you will be prompted one last time with a summary of the exact source and target files and directories before you commit. When you give the final go ahead the restore operation will be queued like a normal backup job, meaning that it will be deferred if there is a backup currently running for that host. When the restore job is run, smbclient, tar, rsync or rsyncd is used (depending upon $Conf{XferMethod}) to actually restore the files. Sorry, there is currently no option to cancel a restore that has been started. Currently ftp restores are not fully implemented. A record of the restore request, including the result and list of files and directories, is kept. It can be browsed from the host's home page. $Conf{RestoreInfoKeepCnt} specifies how many old restore status files to keep. Note that for direct restore to work, the $Conf{XferMethod} must be able to write to the client. For example, that means an SMB share for smbclient needs to be writable, and the rsyncd module needs "read only" set to "false". This creates additional security risks. If you only create read-only SMB shares (which is a good idea), then the direct restore will fail. You can disable the direct restore option by setting $Conf{SmbClientRestoreCmd}, $Conf{TarClientRestoreCmd} and $Conf{RsyncRestoreArgs} to undef. =item Option 2: Download Zip archive With this option a zip file containing the selected files and directories is downloaded. The zip file can then be unpacked or individual files extracted as necessary on the host machine. The compression level can be specified. A value of 0 turns off compression. When you select "Download Zip File" you should be prompted where to save the restore.zip file. BackupPC does not consider downloading a zip file as an actual restore operation, so the details are not saved for later browsing as in the first case. However, a mention that a zip file was downloaded by a particular user, and a list of the files, does appear in BackupPC's log file. =item Option 3: Download Tar archive This is identical to the previous option, except a tar file is downloaded rather than a zip file (and there is currently no compression option). =back =head2 Command-line restore options Apart from the CGI interface, BackupPC allows you to restore files and directories from the command line. The following programs can be used: =over 4 =item BackupPC_zcat For each file name argument it inflates (uncompresses) the file and writes it to stdout. To use BackupPC_zcat you could give it the full file name, eg: __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/host/5/fc/fcraig/fexample.txt > example.txt It's your responsibility to make sure the file is really compressed: BackupPC_zcat doesn't check which backup the requested file is from. BackupPC_zcat returns a non-zero status if it fails to uncompress a file. =item BackupPC_tarCreate BackupPC_tarCreate creates a tar file for any files or directories in a particular backup. Merging of incrementals is done automatically, so you don't need to worry about whether certain files appear in the incremental or full backup. The usage is: BackupPC_tarCreate [options] files/directories... Required options: -h host host from which the tar archive is created -n dumpNum dump number from which the tar archive is created A negative number means relative to the end (eg -1 means the most recent dump, -2 2nd most recent etc). -s shareName share name from which the tar archive is created Other options: -t print summary totals -r pathRemove path prefix that will be replaced with pathAdd -p pathAdd new path prefix -b BLOCKS BLOCKS x 512 bytes per record (default 20; same as tar) -w writeBufSz write buffer size (default 1048576 = 1MB) -e charset charset for encoding file names (default: value of $Conf{ClientCharset} when backup was done) -l just print a file listing; don't generate an archive -L just print a detailed file listing; don't generate an archive The command-line files and directories are relative to the specified shareName. The tar file is written to stdout. The -h, -n and -s options specify which dump is used to generate the tar archive. The -r and -p options can be used to relocate the paths in the tar archive so extracted files can be placed in a location different from their original location. =item BackupPC_zipCreate BackupPC_zipCreate creates a zip file for any files or directories in a particular backup. Merging of incrementals is done automatically, so you don't need to worry about whether certain files appear in the incremental or full backup. The usage is: BackupPC_zipCreate [options] files/directories... Required options: -h host host from which the zip archive is created -n dumpNum dump number from which the tar archive is created A negative number means relative to the end (eg -1 means the most recent dump, -2 2nd most recent etc). -s shareName share name from which the zip archive is created Other options: -t print summary totals -r pathRemove path prefix that will be replaced with pathAdd -p pathAdd new path prefix -c level compression level (default is 0, no compression) -e charset charset for encoding file names (default: cp1252) The command-line files and directories are relative to the specified shareName. The zip file is written to stdout. The -h, -n and -s options specify which dump is used to generate the zip archive. The -r and -p options can be used to relocate the paths in the zip archive so extracted files can be placed in a location different from their original location. =back Each of these programs reside in __INSTALLDIR__/bin. =head1 Archive functions BackupPC supports archiving to removable media. For users that require offsite backups, BackupPC can create archives that stream to tape devices, or create files of specified sizes to fit onto cd or dvd media. Each archive type is specified by a BackupPC host with its XferMethod set to 'archive'. This allows for multiple configurations at sites where there might be a combination of tape and cd/dvd backups being made. BackupPC provides a menu that allows one or more hosts to be archived. The most recent backup of each host is archived using BackupPC_tarCreate, and the output is optionally compressed and split into fixed-sized files (eg: 650MB). The archive for each host is done by default using __INSTALLDIR__/BackupPC_archiveHost. This script can be copied and customized as needed. =head2 Configuring an Archive Host To create an Archive Host, add it to the hosts file just as any other host and call it a name that best describes the type of archive, e.g. ArchiveDLT To tell BackupPC that the Host is for Archives, create a config.pl file in the Archive Hosts's pc directory, adding the following line: $Conf{XferMethod} = 'archive'; To further customise the archive's parameters you can adding the changed parameters in the host's config.pl file. The parameters are explained in the config.pl file. Parameters may be fixed or the user can be allowed to change them (eg: output device). The per-host archive command is $Conf{ArchiveClientCmd}. By default this invokes __INSTALLDIR__/BackupPC_archiveHost which you can copy and customize as necessary. =head2 Starting an Archive In the web interface, click on the Archive Host you wish to use. You will see a list of previous archives and a summary on each. By clicking the "Start Archive" button you are presented with the list of hosts and the approximate backup size (note this is raw size, not projected compressed size) Select the hosts you wish to archive and press the "Archive Selected Hosts" button. The next screen allows you to adjust the parameters for this archive run. Press the "Start the Archive" to start archiving the selected hosts with the parameters displayed. =head2 Starting an Archive from the command line The script BackupPC_archiveStart can be used to start an archive from the command line (or cron etc). The usage is: BackupPC_archiveStart archiveHost userName hosts... This creates an archive of the most recent backup of each of the specified hosts. The first two arguments are the archive host and the user name making the request. =head1 Other CGI Functions =head2 Configuration and Host Editor The CGI interface has a complete configuration and host editor. Only the administrator can edit the main configuration settings and hosts. The edit links are in the left navigation bar. When changes are made to any parameter a "Save" button appears at the top of the page. If you are editing a text box you will need to click outside of the text box to make the Save button appear. If you don't select Save then the changes won't be saved. The host-specific configuration can be edited from the host summary page using the link in the left navigation bar. The administrator can edit any of the host-specific configuration settings. When editing the host-specific configuration, each parameter has an "override" setting that denotes the value is host-specific, meaning that it overrides the setting in the main configuration. If you unselect "override" then the setting is removed from the host-specific configuration, and the main configuration file is displayed. User's can edit their host-specific configuration if enabled via $Conf{CgiUserConfigEditEnable}. The specific subset of configuration settings that a user can edit is specified with $Conf{CgiUserConfigEdit}. It is recommended to make this list short as possible (you probably don't want your users saving dozens of backups) and it is essential that they can't edit any of the Cmd configuration settings, otherwise they can specify an arbitrary command that will be executed as the BackupPC user. =head2 RSS BackupPC supports a very basic RSS feed. Provided you have the XML::RSS perl module installed, a URL similar to this will provide RSS information: http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=rss This feature is experimental. The information included will probably change. =head1 BackupPC Design =head2 Some design issues =over 4 =item Pooling common files To quickly see if a file is already in the pool, an MD5 digest of the file length and contents is used as the file name in the pool. This can't guarantee a file is identical: it just reduces the search to often a single file or handful of files. A complete file comparison is always done to verify if two files are really the same. Identical files on multiples backups are represented by hard links. Hardlinks are used so that identical files all refer to the same physical file on the server's disk. Also, hard links maintain reference counts so that BackupPC knows when to delete unused files from the pool. For the computer-science majors among you, you can think of the pooling system used by BackupPC as just a chained hash table stored on a (big) file system. =item The hashing function There is a tradeoff between how much of file is used for the MD5 digest and the time taken comparing all the files that have the same hash. Using the file length and just the first 4096 bytes of the file for the MD5 digest produces some repetitions. One example: with 900,000 unique files in the pool, this hash gives about 7,000 repeated files, and in the worst case 500 files have the same hash. That's not bad: we only have to do a single file compare 99.2% of the time. But in the worst case we have to compare as many as 500 files checking for a match. With a modest increase in CPU time, if we use the file length and the first 256K of the file we now only have 500 repeated files and in the worst case around 20 files have the same hash. Furthermore, if we instead use the first and last 128K of the file (more specifically, the first and eighth 128K chunks for files larger than 1MB) we get only 300 repeated files and in the worst case around 20 files have the same hash. Based on this experimentation, this is the hash function used by BackupPC. It is important that you don't change the hash function after files are already in the pool. Otherwise your pool will grow to twice the size until all the old backups (and all the old files with old hashes) eventually expire. =item Compression BackupPC supports compression. It uses the deflate and inflate methods in the Compress::Zlib module, which is based on the zlib compression library (see L). The $Conf{CompressLevel} setting specifies the compression level to use. Zero (0) means no compression. Compression levels can be from 1 (least cpu time, slightly worse compression) to 9 (most cpu time, slightly better compression). The recommended value is 3. Changing it to 5, for example, will take maybe 20% more cpu time and will get another 2-3% additional compression. Diminishing returns set in above 5. See the zlib documentation for more information about compression levels. BackupPC implements compression with minimal CPU load. Rather than compressing every incoming backup file and then trying to match it against the pool, BackupPC computes the MD5 digest based on the uncompressed file, and matches against the candidate pool files by comparing each uncompressed pool file against the incoming backup file. Since inflating a file takes roughly a factor of 10 less CPU time than deflating there is a big saving in CPU time. The combination of pooling common files and compression can yield a factor of 8 or more overall saving in backup storage. =back =head2 BackupPC operation BackupPC reads the configuration information from __CONFDIR__/config.pl. It then runs and manages all the backup activity. It maintains queues of pending backup requests, user backup requests and administrative commands. Based on the configuration various requests will be executed simultaneously. As specified by $Conf{WakeupSchedule}, BackupPC wakes up periodically to queue backups on all the PCs. This is a four step process: =over 4 =item 1 For each host and DHCP address backup requests are queued on the background command queue. =item 2 For each PC, BackupPC_dump is forked. Several of these may be run in parallel, based on the configuration. First a ping is done to see if the machine is alive. If this is a DHCP address, nmblookup is run to get the netbios name, which is used as the host name. If DNS lookup fails, $Conf{NmbLookupFindHostCmd} is run to find the IP address from the host name. The file __TOPDIR__/pc/$host/backups is read to decide whether a full or incremental backup needs to be run. If no backup is scheduled, or the ping to $host fails, then BackupPC_dump exits. The backup is done using the specified XferMethod. Either samba's smbclient or tar over ssh/rsh/nfs piped into BackupPC_tarExtract, or rsync over ssh/rsh is run, or rsyncd is connected to, with the incoming data extracted to __TOPDIR__/pc/$host/new. The XferMethod output is put into __TOPDIR__/pc/$host/XferLOG. The letter in the XferLOG file shows the type of object, similar to the first letter of the modes displayed by ls -l: d -> directory l -> symbolic link b -> block special file c -> character special file p -> pipe file (fifo) nothing -> regular file The words mean: =over 4 =item create new for this backup (ie: directory or file not in pool) =item pool found a match in the pool =item same file is identical to previous backup (contents were checksummed and verified during full dump). =item skip file skipped in incremental because attributes are the same (only displayed if $Conf{XferLogLevel} >= 2). =back As BackupPC_tarExtract extracts the files from smbclient or tar, or as rsync or ftp runs, it checks each file in the backup to see if it is identical to an existing file from any previous backup of any PC. It does this without needed to write the file to disk. If the file matches an existing file, a hardlink is created to the existing file in the pool. If the file does not match any existing files, the file is written to disk and the file name is saved in __TOPDIR__/pc/$host/NewFileList for later processing by BackupPC_link. BackupPC_tarExtract and rsync can handle arbitrarily large files and multiple candidate matching files without needing to write the file to disk in the case of a match. This significantly reduces disk writes (and also reads, since the pool file comparison is done disk to memory, rather than disk to disk). Based on the configuration settings, BackupPC_dump checks each old backup to see if any should be removed. Any expired backups are moved to __TOPDIR__/trash for later removal by BackupPC_trashClean. =item 3 For each complete, good, backup, BackupPC_link is run. To avoid race conditions as new files are linked into the pool area, only a single BackupPC_link program runs at a time and the rest are queued. BackupPC_link reads the NewFileList written by BackupPC_dump and inspects each new file in the backup. It re-checks if there is a matching file in the pool (another BackupPC_link could have added the file since BackupPC_dump checked). If so, the file is removed and replaced by a hard link to the existing file. If the file is new, a hard link to the file is made in the pool area, so that this file is available for checking against each new file and new backup. Then, if $Conf{IncrFill} is set (note that the default setting is off), for each incremental backup, hard links are made in the new backup to all files that were not extracted during the incremental backups. The means the incremental backup looks like a complete image of the PC (with the exception that files that were removed on the PC since the last full backup will still appear in the backup directory tree). The CGI interface knows how to merge unfilled incremental backups will the most recent prior filled (full) backup, giving the incremental backups a filled appearance. The default for $Conf{IncrFill} is off, since there is no need to fill incremental backups. This saves some level of disk activity, since lots of extra hardlinks are no longer needed (and don't have to be deleted when the backup expires). =item 4 BackupPC_trashClean is always run in the background to remove any expired backups. Every 5 minutes it wakes up and removes all the files in __TOPDIR__/trash. Also, once each night, BackupPC_nightly is run to complete some additional administrative tasks, such as cleaning the pool. This involves removing any files in the pool that only have a single hard link (meaning no backups are using that file). Again, to avoid race conditions, BackupPC_nightly is only run when there are no BackupPC_link processes running. When BackupPC_nightly is run no new BackupPC_link jobs are started. If BackupPC_nightly takes too long to run, the settings $Conf{MaxBackupPCNightlyJobs} and $Conf{BackupPCNightlyPeriod} can be used to run several BackupPC_nightly processes in parallel, and to split its job over several nights. =back BackupPC also listens for TCP connections on $Conf{ServerPort}, which is used by the CGI script BackupPC_Admin for status reporting and user-initiated backup or backup cancel requests. =head2 Storage layout BackupPC resides in several directories: =over 4 =item __INSTALLDIR__ Perl scripts comprising BackupPC reside in __INSTALLDIR__/bin, libraries are in __INSTALLDIR__/lib and documentation is in __INSTALLDIR__/doc. =item __CGIDIR__ The CGI script BackupPC_Admin resides in this cgi binary directory. =item __CONFDIR__ All the configuration information resides below __CONFDIR__. This directory contains: The directory __CONFDIR__ contains: =over 4 =item config.pl Configuration file. See L below for more details. =item hosts Hosts file, which lists all the PCs to backup. =item pc The directory __CONFDIR__/pc contains per-client configuration files that override settings in the main configuration file. Each file is named __CONFDIR__/pc/HOST.pl, where HOST is the host name. In pre-FHS versions of BackupPC these files were located in __TOPDIR__/pc/HOST/config.pl. =back =item __LOGDIR__ The directory __LOGDIR__ (__TOPDIR__/log on pre-FHS versions of BackupPC) contains: =over 4 =item LOG Current (today's) log file output from BackupPC. =item LOG.0 or LOG.0.z Yesterday's log file output. Log files are aged daily and compressed (if compression is enabled), and old LOG files are deleted. =item BackupPC.pid Contains BackupPC's process id. =item status.pl A summary of BackupPC's status written periodically by BackupPC so that certain state information can be maintained if BackupPC is restarted. Should not be edited. =item UserEmailInfo.pl A summary of what email was last sent to each user, and when the last email was sent. Should not be edited. =back =item __TOPDIR__ All of BackupPC's data (PC backup images, logs, configuration information) is stored below this directory. Below __TOPDIR__ are several directories: =over 4 =item __TOPDIR__/trash Any directories and files below this directory are periodically deleted whenever BackupPC_trashClean checks. When a backup is aborted or when an old backup expires, BackupPC_dump simply moves the directory to __TOPDIR__/trash for later removal by BackupPC_trashClean. =item __TOPDIR__/pool All uncompressed files from PC backups are stored below __TOPDIR__/pool. Each file's name is based on the MD5 hex digest of the file contents. Specifically, for files less than 256K, the file length and the entire file is used. For files up to 1MB, the file length and the first and last 128K are used. Finally, for files longer than 1MB, the file length, and the first and eighth 128K chunks for the file are used. Each file is stored in a subdirectory X/Y/Z, where X, Y, Z are the first 3 hex digits of the MD5 digest. For example, if a file has an MD5 digest of 123456789abcdef0, the file is stored in __TOPDIR__/pool/1/2/3/123456789abcdef0. The MD5 digest might not be unique (especially since not all the file's contents are used for files bigger than 256K). Different files that have the same MD5 digest are stored with a trailing suffix "_n" where n is an incrementing number starting at 0. So, for example, if two additional files were identical to the first, except the last byte was different, and assuming the file was larger than 1MB (so the MD5 digests are the same but the files are actually different), the three files would be stored as: __TOPDIR__/pool/1/2/3/123456789abcdef0 __TOPDIR__/pool/1/2/3/123456789abcdef0_0 __TOPDIR__/pool/1/2/3/123456789abcdef0_1 Both BackupPC_dump (actually, BackupPC_tarExtract) and BackupPC_link are responsible for checking newly backed up files against the pool. For each file, the MD5 digest is used to generate a file name in the pool directory. If the file exists in the pool, the contents are compared. If there is no match, additional files ending in "_n" are checked. (Actually, BackupPC_tarExtract compares multiple candidate files in parallel.) If the file contents exactly match, the file is created by simply making a hard link to the pool file (this is done by BackupPC_tarExtract as the backup proceeds). Otherwise, BackupPC_tarExtract writes the new file to disk and a new hard link is made in the pool to the file (this is done later by BackupPC_link). Therefore, every file in the pool will have at least 2 hard links (one for the pool file and one for the backup file below __TOPDIR__/pc). Identical files from different backups or PCs will all be linked to the same file. When old backups are deleted, some files in the pool might only have one link. BackupPC_nightly checks the entire pool and removes all files that have only a single link, thereby recovering the storage for that file. One other issue: zero length files are not pooled, since there are a lot of these files and on most file systems it doesn't save any disk space to turn these files into hard links. =item __TOPDIR__/cpool All compressed files from PC backups are stored below __TOPDIR__/cpool. Its layout is the same as __TOPDIR__/pool, and the hashing function is the same (and, importantly, based on the uncompressed file, not the compressed file). =item __TOPDIR__/pc/$host For each PC $host, all the backups for that PC are stored below the directory __TOPDIR__/pc/$host. This directory contains the following files: =over 4 =item LOG Current log file for this PC from BackupPC_dump. =item LOG.DDMMYYYY or LOG.DDMMYYYY.z Last month's log file. Log files are aged monthly and compressed (if compression is enabled), and old LOG files are deleted. In earlier versions of BackupPC these files used to have a suffix of 0, 1, .... =item XferERR or XferERR.z Output from the transport program (ie: smbclient, tar, rsync or ftp) for the most recent failed backup. =item new Subdirectory in which the current backup is stored. This directory is renamed if the backup succeeds. =item XferLOG or XferLOG.z Output from the transport program (ie: smbclient, tar, rsync or ftp) for the current backup. =item nnn (an integer) Successful backups are in directories numbered sequentially starting at 0. =item XferLOG.nnn or XferLOG.nnn.z Output from the transport program (ie: smbclient, tar, rsync or ftp) corresponding to backup number nnn. =item RestoreInfo.nnn Information about restore request #nnn including who, what, when, and why. This file is in Data::Dumper format. (Note that the restore numbers are not related to the backup number.) =item RestoreLOG.nnn.z Output from smbclient, tar or rsync during restore #nnn. (Note that the restore numbers are not related to the backup number.) =item ArchiveInfo.nnn Information about archive request #nnn including who, what, when, and why. This file is in Data::Dumper format. (Note that the archive numbers are not related to the restore or backup number.) =item ArchiveLOG.nnn.z Output from archive #nnn. (Note that the archive numbers are not related to the backup or restore number.) =item config.pl Old location of optional configuration settings specific to this host. Settings in this file override the main configuration file. In new versions of BackupPC the per-host configuration files are stored in __CONFDIR__/pc/HOST.pl. =item backups A tab-delimited ascii table listing information about each successful backup, one per row. The columns are: =over 4 =item num The backup number, an integer that starts at 0 and increments for each successive backup. The corresponding backup is stored in the directory num (eg: if this field is 5, then the backup is stored in __TOPDIR__/pc/$host/5). =item type Set to "full" or "incr" for full or incremental backup. =item startTime Start time of the backup in unix seconds. =item endTime Stop time of the backup in unix seconds. =item nFiles Number of files backed up (as reported by smbclient, tar, rsync or ftp). =item size Total file size backed up (as reported by smbclient, tar, rsync or ftp). =item nFilesExist Number of files that were already in the pool (as determined by BackupPC_dump and BackupPC_link). =item sizeExist Total size of files that were already in the pool (as determined by BackupPC_dump and BackupPC_link). =item nFilesNew Number of files that were not in the pool (as determined by BackupPC_link). =item sizeNew Total size of files that were not in the pool (as determined by BackupPC_link). =item xferErrs Number of errors or warnings from smbclient, tar, rsync or ftp. =item xferBadFile Number of errors from smbclient that were bad file errors (zero otherwise). =item xferBadShare Number of errors from smbclient that were bad share errors (zero otherwise). =item tarErrs Number of errors from BackupPC_tarExtract. =item compress The compression level used on this backup. Zero or empty means no compression. =item sizeExistComp Total compressed size of files that were already in the pool (as determined by BackupPC_dump and BackupPC_link). =item sizeNewComp Total compressed size of files that were not in the pool (as determined by BackupPC_link). =item noFill Set if this backup has not been filled in with the most recent previous filled or full backup. See $Conf{IncrFill}. =item fillFromNum If this backup was filled (ie: noFill is 0) then this is the number of the backup that it was filled from =item mangle Set if this backup has mangled file names and attributes. Always true for backups in v1.4.0 and above. False for all backups prior to v1.4.0. =item xferMethod Set to the value of $Conf{XferMethod} when this dump was done. =item level The level of this dump. A full dump is level 0. Currently incrementals are 1. But when multi-level incrementals are supported this will reflect each dump's incremental level. =back =item restores A tab-delimited ascii table listing information about each requested restore, one per row. The columns are: =over 4 =item num Restore number (matches the suffix of the RestoreInfo.nnn and RestoreLOG.nnn.z file), unrelated to the backup number. =item startTime Start time of the restore in unix seconds. =item endTime End time of the restore in unix seconds. =item result Result (ok or failed). =item errorMsg Error message if restore failed. =item nFiles Number of files restored. =item size Size in bytes of the restored files. =item tarCreateErrs Number of errors from BackupPC_tarCreate during restore. =item xferErrs Number of errors from smbclient, tar, rsync or ftp during restore. =back =item archives A tab-delimited ascii table listing information about each requested archive, one per row. The columns are: =over 4 =item num Archive number (matches the suffix of the ArchiveInfo.nnn and ArchiveLOG.nnn.z file), unrelated to the backup or restore number. =item startTime Start time of the restore in unix seconds. =item endTime End time of the restore in unix seconds. =item result Result (ok or failed). =item errorMsg Error message if archive failed. =back =back =back =back =head2 Compressed file format The compressed file format is as generated by Compress::Zlib::deflate with one minor, but important, tweak. Since Compress::Zlib::inflate fully inflates its argument in memory, it could take large amounts of memory if it was inflating a highly compressed file. For example, a 200MB file of 0x0 bytes compresses to around 200K bytes. If Compress::Zlib::inflate was called with this single 200K buffer, it would need to allocate 200MB of memory to return the result. BackupPC watches how efficiently a file is compressing. If a big file has very high compression (meaning it will use too much memory when it is inflated), BackupPC calls the flush() method, which gracefully completes the current compression. BackupPC then starts another deflate and simply appends the output file. So the BackupPC compressed file format is one or more concatenated deflations/flushes. The specific ratios that BackupPC uses is that if a 6MB chunk compresses to less than 64K then a flush will be done. Back to the example of the 200MB file of 0x0 bytes. Adding flushes every 6MB adds only 200 or so bytes to the 200K output. So the storage cost of flushing is negligible. To easily decompress a BackupPC compressed file, the script BackupPC_zcat can be found in __INSTALLDIR__/bin. For each file name argument it inflates the file and writes it to stdout. =head2 Rsync checksum caching An incremental backup with rsync compares attributes on the client with the last full backup. Any files with identical attributes are skipped. A full backup with rsync sets the --ignore-times option, which causes every file to be examined independent of attributes. Each file is examined by generating block checksums (default 2K blocks) on the receiving side (that's the BackupPC side), sending those checksums to the client, where the remote rsync matches those checksums with the corresponding file. The matching blocks and new data is sent back, allowing the client file to be reassembled. A checksum for the entire file is sent to as an extra check the the reconstructed file is correct. This results in significant disk IO and computation for BackupPC: every file in a full backup, or any file with non-matching attributes in an incremental backup, needs to be uncompressed, block checksums computed and sent. Then the receiving side reassembles the file and has to verify the whole-file checksum. Even if the file is identical, prior to 2.1.0, BackupPC had to read and uncompress the file twice, once to compute the block checksums and later to verify the whole-file checksum. Starting in 2.1.0, BackupPC supports optional checksum caching, which means the block and file checksums only need to be computed once for each file. This results in a significant performance improvement. This only works for compressed pool files. It is enabled by adding '--checksum-seed=32761', to $Conf{RsyncArgs} and $Conf{RsyncRestoreArgs}. Rsync versions prior to and including rsync-2.6.2 need a small patch to add support for the --checksum-seed option. This patch is available in the cygwin-rsyncd package at L. This patch is already included in rsync CVS, so it will be standard in future versions of rsync. When this option is present, BackupPC will add block and file checksums to the compressed pool file the next time a pool file is used and it doesn't already have cached checksums. The first time a new file is written to the pool, the checksums are not appended. The next time checksums are needed for a file, they are computed and added. So the full performance benefit of checksum caching won't be noticed until the third time a pool file is used (eg: the third full backup). With checksum caching enabled, there is a risk that should a file's contents in the pool be corrupted due to a disk problem, but the cached checksums are still correct, the corruption will not be detected by a full backup, since the file contents are no longer read and compared. To reduce the chance that this remains undetected, BackupPC can recheck cached checksums for a fraction of the files. This fraction is set with the $Conf{RsyncCsumCacheVerifyProb} setting. The default value of 0.01 means that 1% of the time a file's checksums are read, the checksums are verified. This reduces performance slightly, but, over time, ensures that files contents are in sync with the cached checksums. The format of the cached checksum data can be discovered by looking at the code. Basically, the first byte of the compressed file is changed to denote that checksums are appended. The block and file checksum data, plus some other information and magic word, are appended to the compressed file. This allows the cache update to be done in-place. =head2 File name mangling Backup file names are stored in "mangled" form. Each node of a path is preceded by "f" (mnemonic: file), and special characters (\n, \r, % and /) are URI-encoded as "%xx", where xx is the ascii character's hex value. So c:/craig/example.txt is now stored as fc/fcraig/fexample.txt. This was done mainly so meta-data could be stored alongside the backup files without name collisions. In particular, the attributes for the files in a directory are stored in a file called "attrib", and mangling avoids file name collisions (I discarded the idea of having a duplicate directory tree for every backup just to store the attributes). Other meta-data (eg: rsync checksums) could be stored in file names preceded by, eg, "c". There are two other benefits to mangling: the share name might contain "/" (eg: "/home/craig" for tar transport), and I wanted that represented as a single level in the storage tree. Secondly, as files are written to NewFileList for later processing by BackupPC_link, embedded newlines in the file's path will cause problems which are avoided by mangling. The CGI script undoes the mangling, so it is invisible to the user. Old (unmangled) backups are still supported by the CGI interface. =head2 Special files Linux/unix file systems support several special file types: symbolic links, character and block device files, fifos (pipes) and unix-domain sockets. All except unix-domain sockets are supported by BackupPC (there's no point in backing up or restoring unix-domain sockets since they only have meaning after a process creates them). Symbolic links are stored as a plain file whose contents are the contents of the link (not the file it points to). This file is compressed and pooled like any normal file. Character and block device files are also stored as plain files, whose contents are two integers separated by a comma; the numbers are the major and minor device number. These files are compressed and pooled like any normal file. Fifo files are stored as empty plain files (which are not pooled since they have zero size). In all cases, the original file type is stored in the attrib file so it can be correctly restored. Hardlinks are also supported. When GNU tar first encounters a file with more than one link (ie: hardlinks) it dumps it as a regular file. When it sees the second and subsequent hardlinks to the same file, it dumps just the hardlink information. BackupPC correctly recognizes these hardlinks and stores them just like symlinks: a regular text file whose contents is the path of the file linked to. The CGI script will download the original file when you click on a hardlink. Also, BackupPC_tarCreate has enough magic to re-create the hardlinks dynamically based on whether or not the original file and hardlinks are both included in the tar file. For example, imagine a/b/x is a hardlink to a/c/y. If you use BackupPC_tarCreate to restore directory a, then the tar file will include a/b/x as the original file and a/c/y will be a hardlink to a/b/x. If, instead you restore a/c, then the tar file will include a/c/y as the original file, not a hardlink. =head2 Attribute file format The unix attributes for the contents of a directory (all the files and directories in that directory) are stored in a file called attrib. There is a single attrib file for each directory in a backup. For example, if c:/craig contains a single file c:/craig/example.txt, that file would be stored as fc/fcraig/fexample.txt and there would be an attribute file in fc/fcraig/attrib (and also fc/attrib and ./attrib). The file fc/fcraig/attrib would contain a single entry containing the attributes for fc/fcraig/fexample.txt. The attrib file starts with a magic number, followed by the concatenation of the following information for each file: =over 4 =item * File name length in perl's pack "w" format (variable length base 128). =item * File name. =item * The unix file type, mode, uid, gid and file size divided by 4GB and file size modulo 4GB (type mode uid gid sizeDiv4GB sizeMod4GB), in perl's pack "w" format (variable length base 128). =item * The unix mtime (unix seconds) in perl's pack "N" format (32 bit integer). =back The attrib file is also compressed if compression is enabled. See the lib/BackupPC/Attrib.pm module for full details. Attribute files are pooled just like normal backup files. This saves space if all the files in a directory have the same attributes across multiple backups, which is common. =head2 Optimizations BackupPC doesn't care about the access time of files in the pool since it saves attribute meta-data separate from the files. Since BackupPC mostly does reads from disk, maintaining the access time of files generates a lot of unnecessary disk writes. So, provided BackupPC has a dedicated data disk, you should consider mounting BackupPC's data directory with the noatime (or, with Linux kernels >=2.6.20, relatime) attribute (see mount(1)). =head2 Limitations BackupPC isn't perfect (but it is getting better). Please see L for a discussion of some of BackupPC's limitations. =head2 Security issues Please see L for a discussion of some of various security issues. =head1 Configuration File The BackupPC configuration file resides in __CONFDIR__/config.pl. Optional per-PC configuration files reside in __CONFDIR__/pc/$host.pl (or __TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC). This file can be used to override settings just for a particular PC. =head2 Modifying the main configuration file The configuration file is a perl script that is executed by BackupPC, so you should be careful to preserve the file syntax (punctuation, quotes etc) when you edit it. It is recommended that you use CVS, RCS or some other method of source control for changing config.pl. BackupPC reads or re-reads the main configuration file and the hosts file in three cases: =over 4 =item * Upon startup. =item * When BackupPC is sent a HUP (-1) signal. Assuming you installed the init.d script, you can also do this with "/etc/init.d/backuppc reload". =item * When the modification time of config.pl file changes. BackupPC checks the modification time once during each regular wakeup. =back Whenever you change the configuration file you can either do a kill -HUP BackupPC_pid or simply wait until the next regular wakeup period. Each time the configuration file is re-read a message is reported in the LOG file, so you can tail it (or view it via the CGI interface) to make sure your kill -HUP worked. Errors in parsing the configuration file are also reported in the LOG file. The optional per-PC configuration file (__CONFDIR__/pc/$host.pl or __TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC) is read whenever it is needed by BackupPC_dump, BackupPC_link and others. =head1 Configuration Parameters The configuration parameters are divided into five general groups. The first group (general server configuration) provides general configuration for BackupPC. The next two groups describe what to backup, when to do it, and how long to keep it. The fourth group are settings for email reminders, and the final group contains settings for the CGI interface. All configuration settings in the second through fifth groups can be overridden by the per-PC config.pl file. __CONFIGPOD__ =head1 Version Numbers Starting with v1.4.0 BackupPC uses a X.Y.Z version numbering system, instead of X.0Y. The first digit is for major new releases, the middle digit is for significant feature releases and improvements (most of the releases have been in this category), and the last digit is for bug fixes. You should think of the old 1.00, 1.01, 1.02 and 1.03 as 1.0.0, 1.1.0, 1.2.0 and 1.3.0. Additionally, patches might be made available. A patched version number is of the form X.Y.ZplN (eg: 2.1.0pl2), where N is the patch level. =head1 Author Craig Barratt See L. =head1 Copyright Copyright (C) 2001-2009 Craig Barratt =head1 Credits Ryan Kucera contributed the directory navigation code and images for v1.5.0. He contributed the first skeleton of BackupPC_restore. He also added a significant revision to the CGI interface, including CSS tags, in v2.1.0, and designed the BackupPC logo. Xavier Nicollet, with additions from Guillaume Filion, added the internationalization (i18n) support to the CGI interface for v2.0.0. Xavier provided the French translation fr.pm, with additions from Guillaume. Guillaume Filion wrote BackupPC_zipCreate and added the CGI support for zip download, in addition to some CGI cleanup, for v1.5.0. Guillaume continues to support fr.pm updates for each new version. Josh Marshall implemented the Archive feature in v2.1.0. Ludovic Drolez supports the BackupPC Debian package. Javier Gonzalez provided the Spanish translation, es.pm for v2.0.0. Manfred Herrmann provided the German translation, de.pm for v2.0.0. Manfred continues to support de.pm updates for each new version, together with some help from Ralph Paßgang. Lorenzo Cappelletti provided the Italian translation, it.pm for v2.1.0. Giuseppe Iuculano and Vittorio Macchi updated it for 3.0.0. Lieven Bridts provided the Dutch translation, nl.pm, for v2.1.0, with some tweaks from Guus Houtzager, and updates for 3.0.0. Reginaldo Ferreira provided the Portuguese Brazillian translation pt_br.pm for v2.2.0. Rich Duzenbury provided the RSS feed option to the CGI interface. Jono Woodhouse from CapeSoft Software (www.capesoft.com) provided a new CSS skin for 3.0.0 with several layout improvements. Sean Cameron (also from CapeSoft) designed new and more compact file icons for 3.0.0. Youlin Feng provided the Chinese translation for 3.1.0. Karol 'Semper' Stelmaczonek provided the Polish translation for 3.1.0. Jeremy Tietsort provided the host summary table sorting feature for 3.1.0. Paul Mantz contributed the ftp Xfer method for 3.2.0. Many people have reported bugs, made useful suggestions and helped with testing; see the ChangeLog and the mailing lists. Your name could appear here in the next version! =head1 License This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License in the LICENSE file along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.