=head1 BackupPC Introduction
-This documentation describes BackupPC version 1.5.0,
-released on 2 Aug 2002.
+This documentation describes BackupPC version __VERSION__,
+released on __RELEASEDATE__.
=head2 Overview
=item *
+The http/cgi user interface has internationalization (i18n) support,
+currently prodiving English, French and Spanish.
+
+=item *
+
No client-side software is needed. On WinXX the standard smb
protocol is used to extract backup data. On linux or unix clients,
-tar over ssh/rsh/nfs is used to extract backup data (or alternatively
-Samba can be installed on the linux or unix client to provide smb shares).
+rsync or tar (over ssh/rsh/nfs) is used to extract backup data.
+Alternatively, rsync can also be used on WinXX (using cygwin),
+and Samba could be installed on the linux or unix client to
+provide smb shares).
=item *
any backup directly from the CGI interface. Zip or Tar archives
for selected files or directories from any backup can also be
downloaded from the CGI interface. Finally, direct restore to
-the client machine (using SMB or tar) for selected files or
+the client machine (using smb or tar) for selected files or
directories is also supported from the CGI interface.
=item *
=item Incremental Backup
An incremental backup is a backup of files that have changed (based on their
-modification time) since the last successful full backup. To be safe,
-BackupPC backups all files that have changed since one hour prior to the
-start of the last successful full backup. BackupPC can also be configured
-to keep a certain number of incremental backups, and to keep a smaller
-number of very old incremental backups. (BackupPC does not support
-multi-level incremental backups, although it would be easy to do so.)
+modification time) since the last successful full backup. For SMB and
+tar, BackupPC backups all files that have changed since one hour prior to the
+start of the last successful full backup. Rsync is more clever: any files
+who attributes have changed (ie: uid, gid, mtime, modes, size) since the
+last full are backed up. Deleted and new files are also detected by
+Rsync incrementals (SMB and tar are not able to detect deleted files or
+new files whose modification time is prior to the last full dump.
+
+BackupPC can also be configured to keep a certain number of incremental
+backups, and to keep a smaller number of very old incremental backups.
+(BackupPC does not support multi-level incremental backups, although it
+would be easy to do so.)
BackupPC's CGI interface "fills-in" incremental backups based on the
last full backup, giving every backup a "full" appearance. This makes
At other sites a secondary tape backup will be required. This tape
backup can be done perhaps weekly from the BackupPC pool file system.
-One comment: in the US in particular, permanent backups of things like
-email are becoming strongly discouraged by lawyers because of discovery
-prior to possible litigation. Using BackupPC without tape backup allows
-recent file changes or losses to be restored, but without keeping a
-history more than a month or two old (although this doesn't avoid the
-problem of old emails languishing in user's email folders forever).
-
=back
=head2 Resources
=item Mail lists
-Two BackupPC mailing lists exist for announcements (backuppc-announce)
-and reporting information, asking questions, discussing development or
-any other topic relevant to BackupPC (backuppc-users).
+Three BackupPC mailing lists exist for announcements (backuppc-announce),
+developers (backuppc-devel), and a general user list for support, asking
+questions or any other topic relevant to BackupPC (backuppc-users).
-You are encouraged to subscribe to either the backuppc-announce
-or backuppc-users mail list on sourceforge.net at either:
+You can subscribe to these lists by visiting:
http://lists.sourceforge.net/lists/listinfo/backuppc-announce
http://lists.sourceforge.net/lists/listinfo/backuppc-users
+ http://lists.sourceforge.net/lists/listinfo/backuppc-devel
The backuppc-announce list is moderated and is used only for
important announcements (eg: new versions). It is low traffic.
-You only need to subscribe to one list: backuppc-users also
-receives any messages on backuppc-announce.
+You only need to subscribe to one of backuppc-announce and
+backuppc-users: backuppc-users also receives any messages on
+backuppc-announce.
+
+The backuppc-devel list is only for developers who are working on BackupPC.
+Do not post questions or support requests there. But detailed technical
+discussions should happen on this list.
To post a message to the backuppc-users list, send an email to
=item Other Programs of Interest
If you want to mirror linux or unix files or directories to a remote server
-you should look at rsync, L<http://rsync.samba.org>.
-
-Two popular open source packages that do tape backup are
-Amanda (L<http://www.amanda.org>) and
-afbackup (L<http://sourceforge.net/projects/afbackup>).
+you should consider rsync, L<http://rsync.samba.org>. BackupPC now uses
+rsync as a transport mechanism; if you are already an rsync user you
+can think of BackupPC as adding efficient storage (compression and
+pooling) and a convenient user interface to rsync.
+
+Unison is a utility that can do two-way, interactive, synchronization.
+See L<http://www.cis.upenn.edu/~bcpierce/unison>.
+
+Three popular open source packages that do tape backup are
+Amanda (L<http://www.amanda.org>),
+afbackup (L<http://sourceforge.net/projects/afbackup>), and
+Bacula (L<http://www.bacula.org>).
Amanda can also backup WinXX machines to tape using samba.
These packages can be used as back ends to BackupPC to backup the
BackupPC server data to tape.
+Various programs and scripts use rsync to provide hardlinked backups.
+See, for example, Mike Rubel's site (L<http://www.mikerubel.org>),
+J. W. Schultz's dirvish (L<http://www.pegasys.ws/dirvish>),
+and John Bowman's rlbackup (L<http://www.math.ualberta.ca/imaging/rlbackup>).
+BackupPC provides many additional features, such as compressed storage,
+hardlinking any matching files (rather than just files with the same name),
+and storing special files without root privileges. But these other scripts
+provide simple and effective solutions and are worthy of consideration.
+
=back
=head2 Road map
=item *
-Adding support for rsync as a transport method, in addition to
-smb and tar. This will give big savings in network traffic for
-linux/unix clients. I haven't decided whether to save the pool file
-rsync checksums (that would double the number of files in the pool, but
-eliminate most server disk reads), or recompute them every time. I expect
-to use native rsync on the client side. On the server, rsync would
-need to understand the compressed file format, the file name mangling
-and the attribute files, so I will either have to add features to rsync
-or emulate rsync on the server side in perl.
+Adding hardlink support to rsync.
+
+=item *
+
+Adding block and file checksum caching to rsync. This will significantly
+increase performance since the server doesn't have to read each file
+(twice) to compute the block and file checksums.
=item *
=item *
-Resuming incomplete completed full backups. Useful if a machine
+Allow editing of config parameters via the CGI interface. Users should
+have permission to edit a subset of the parameters for their clients.
+Additionally, allow an optional self-service capability so that users
+can sign up and setup their own clients with no need for IT support.
+
+=item *
+
+Add backend SQL support for various BackupPC metadata, including
+configuration parameters, client lists, and backup and restore
+information. At installation time the backend data engine will
+be specified (eg: MySQL, ascii text etc).
+
+=item *
+
+Disconnect the notion of a physical host and a backup client.
+Currently there is a one-to-one match between physical hosts
+and backup clients. Instead, the current notion of a host
+should be replaced by a backup client. Each backup client
+corresponds to a physical host. A physical host could have
+several backup clients. This is useful for backing up
+different types of data, or backing up different portions
+of a machine with different frequencies or settings.
+
+(Note: this has already been implemented in 2.0.0.)
+
+=item *
+
+Resuming incomplete full backups. Useful if a machine
(eg: laptop) is disconnected from the network during a backup,
-or if the user manually stops a backup. This would work by
-excluding directories that were already complete.
+or if the user manually stops a backup. This would be supported
+initially for rsync. The partial dump would be kept, and be
+browsable. When the next dump starts, an incremental against
+the partial dump would be done to make sure it was up to date,
+and then the rest of the full dump would be done.
+
+=item *
+
+Replacing smbclient with the perl module FileSys::SmbClient. This
+gives much more direct control of the smb transfer, allowing
+incrementals to depend on any attribute change (eg: exist, mtime,
+file size, uid, gid), and better support for include and exclude.
+Currently smbclient incrementals only depend upon mtime, so
+deleted files or renamed files are not detected. FileSys::SmbClient
+would also allow resuming of incomplete full backups in the
+same manner as rsync will.
+
+=item *
+
+Support --listed-incremental or --incremental for tar,
+so that incrementals will depend upon any attribute change (eg: exist,
+mtime, file size, uid, gid), rather than just mtime. This will allow
+tar to be to as capable as FileSys::SmbClient and rsync.
+
+=item *
+
+For rysnc (and smb when FileSys::SmbClient is supported, and tar when
+--listed-incremental is supported) support multi-level incrementals.
+In fact, since incrementals will now be more "accurate", you could
+choose to never to full dumps (except the first time), or at a
+minimum do them infrequently: each incremental would depend upon
+the last, giving a continuous chain of differential dumps.
+
+=item *
+
+Add a backup browsing feature that shows backup history by file.
+So rather than a single directory view, it would be a table showing
+the files (down) and the backups (across). The internal hardlinks
+encode which files are identical across backups. You could immediately
+see which files changed on which backups.
=item *
around 15-20%, which isn't spectacular, and likely not worth the
implementation effort. The program xdelta (v1) on SourceForge (see
L<http://sourceforge.net/projects/xdelta>) uses an rsync algorithm for
-doing efficient binary file deltas.
+doing efficient binary file deltas. Rather than using an external
+program, File::RsyncP will eventually get the necessary delta
+generataion code from rsync.
=back
evaluated BackupPC but didn't use it because it doesn't ...".
Beyond being a satisfied user and telling other people about it, everyone
-is encouraged to add links to backuppc.sourceforge.net (I'll see then
-via Google) or otherwise publicize BackupPC. Unlike the commercial
-products in this space, I have a zero budget (in both time and money)
-for marketing, PR and advertising, so it's up to all of you!
+is encouraged to add links to L<http://backuppc.sourceforge.net> (I'll
+see then via Google) or otherwise publicize BackupPC. Unlike the
+commercial products in this space, I have a zero budget (in both
+time and money) for marketing, PR and advertising, so it's up to
+all of you!
Also, everyone is encouraged to contribute patches, bug reports, feature
and design suggestions, code, and documentation corrections or
=item *
-Perl modules Compress::Zlib and Archive::Zip. Try "perldoc Compress::Zlib"
-and "perldoc Archive::Zip" to see if you have these modules. If not,
-fetch them from L<http://www.cpan.org> and see the instructions below
-for how to build and install them.
+Perl modules Compress::Zlib, Archive::Zip and File::RsyncP. Try "perldoc
+Compress::Zlib" and "perldoc Archive::Zip" to see if you have these
+modules. If not, fetch them from L<http://www.cpan.org> and see the
+instructions below for how to build and install them.
+
+The File::RsyncP module is available from L<http://perlrsync.sourceforge.net>
+or CPAN. You'll need to install the File::RsyncP module if you want to use
+Rsync as a transport method.
=item *
If you are using smb to backup WinXX machines you need smbclient and
nmblookup from the samba package. You will also need nmblookup if
you are backing up linux/unix DHCP machines. See L<http://www.samba.org>.
-Version >= 2.2.0 of Samba is required (smbclient's tar feature in
+Version 2.2.0 or later of Samba is required (smbclient's tar feature in
2.0.8 and prior has bugs for file path lengths around 100 characters
and generates bad output when file lengths change during the backup).
1.13.7 at a minimum, with version 1.13.20 or higher recommended. Use
"tar --version" to check your version. Various GNU mirrors have the newest
versions of tar, see for example L<http://www.funet.fi/pub/gnu/alpha/gnu/tar>.
-As of July 2002 the latest versons is 1.13.25.
+As of February 2003 the latest version is 1.13.25.
+
+=item *
+
+If you are using rsync to backup linux/unix machines you should have
+version 2.5.5 on each client machine. See L<http://rsync.samba.org>.
+Use "rsync --version" to check your version.
+
+For BackupPC to use Rsync you will also need to install the perl
+File::RsyncP module, which is available from
+L<http://perlrsync.sourceforge.net>. Version 0.31 or later is required.
=item *
=head2 Step 2: Installing the distribution
-First off, to enable compression, you will need to install Compress::Zlib
-from L<http://www.cpan.org>. It is optional, but strongly recommended.
-Also, to support restore via Zip archives you will need to install
-Archive::Zip, also from L<http://www.cpan.org>. You can run
-"perldoc Compress::Zlib" to see if this module is installed.
-To build and install these packages you should run these commands:
+First off, there are three perl modules you should install.
+These are all optional, but highly recommended:
+
+=over 4
+
+=item Compress::Zlib
+
+To enable compression, you will need to install Compress::Zlib
+from L<http://www.cpan.org>.
+You can run "perldoc Compress::Zlib" to see if this module is installed.
+
+=item Archive::Zip
+
+To support restore via Zip archives you will need to install
+Archive::Zip, also from L<http://www.cpan.org>.
+You can run "perldoc Archive::Zip" to see if this module is installed.
+
+=item File::RsyncP
+
+To use rsync and rsyncd with BackupPC you will need to install File::RsyncP.
+You can run "perldoc File::RsyncP" to see if this module is installed.
+File::RsyncP is available from L<http://perlrsync.sourceforge.net>.
+Version 0.31 or later is required.
+
+=back
+
+To build and install these packages, fetch the tar.gz file and
+then run these commands:
tar zxvf Archive-Zip-1.01.tar.gz
cd Archive-Zip-1.01
make test
make install
+The same sequence of commands can be used for each module.
+
Now let's move onto BackupPC itself. After fetching
-BackupPC-1.5.0.tar.gz, run these commands as root:
+BackupPC-__VERSION__.tar.gz, run these commands as root:
- tar zxf BackupPC-1.5.0.tar.gz
- cd BackupPC-1.5.0
+ tar zxf BackupPC-__VERSION__.tar.gz
+ cd BackupPC-__VERSION__
perl configure.pl
You will be prompted for the full paths of various executables, and
=item *
-As an environment variable PASSWD set before BackupPC starts. If you
-start BackupPC manually this PASSWD must be set manually first.
+As an environment variable BPC_SMB_PASSWD set before BackupPC starts.
+If you start BackupPC manually the BPC_SMB_PASSWD variable must be set
+manually first. For backward compatibility for v1.5.0 and prior, the
+environment variable PASSWD can be used if BPC_SMB_PASSWD is not set.
+Warning: on some systems it is possible to see environment variables of
+running processes.
=item *
-Alternatively the PASSWD setting can be included in /etc/init.d/backuppc,
-in which case you must make sure this file is not world (other) readable.
+Alternatively the BPC_SMB_PASSWD setting can be included in
+/etc/init.d/backuppc, in which case you must make sure this file
+is not world (other) readable.
=item *
=item Host name
-If this host is a static IP address this must the machine's IP host name
-(ie: something that can be looked up using nslookup or DNS). If this is
-a host with a dynamic IP address (ie: DHCP flag is 1) then the host
-name must be the netbios name of the machine. The host name should
-be in lower case.
+This is typically the host name or NetBios name of the client machine
+and should be in lower case. The host name can contain spaces (escape
+with a backslash), but it is not recommended.
+
+Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>.
+
+In certain cases you might want several distinct clients to refer
+to the same physical machine. For example, you might have a database
+you want to backup, and you want to bracket the backup of the database
+with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}.
+But you also want to backup the rest of the machine while the database
+is still running. In the case you can specify two different clients in
+the host file, using any mnemonic name (eg: myhost_mysql and myhost), and
+use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the
+real host name of the machine.
=item DHCP flag
-Set to 0 if this host has a static IP address (meaning it can be looked
-up by name in the DNS). If the host's IP address is dynamic (eg, it is
-assigned by DHCP) then set this flag to 1.
+Starting with v2.0.0 the way hosts are discovered has changed and now
+in most cases you should specify 0 for the DHCP flag, even if the host
+has a dynamically assigned IP address.
+Please read the section L<How BackupPC Finds Hosts|how backuppc finds hosts>
+to understand whether you need to set the DHCP flag.
+
+You only need to set DHCP to 1 if your client machine doesn't
+respond to the NetBios multicast request:
+
+ nmblookup myHost
+
+but does respond to a request directed to its IP address:
-The hosts with dhcp = 1 are backed up as follows. If you have
-configured a DHCP address pool ($Conf{DHCPAddressRanges}) then
-BackupPC will check the NetBIOS name of each machine in the
-range. Any hosts that have a valid NetBIOS name (ie: matching
-an entry in the hosts file) will be backed up.
+ nmblookup -A W.X.Y.Z
+If you do set DHCP to 1 on any client you will need to specify the range of
+DHCP addresses to search is specified in $Conf{DHCPAddressRanges}.
+
+Note also that the $Conf{ClientNameAlias} feature does not work for
+clients with DHCP set to 1.
+
=item User name
This should be the unix login/email name of the user who "owns" or uses
receive email or be allowed to stop/start/browse/restore backups
for this host. Administrators will still have full permissions.
+=item More users
+
+Additional user names, separate by commas and with no white space,
+can be specified. These users will also have full permission in
+the CGI interface to stop/start/browse/restore backups for this host.
+These users will not be sent email about this host.
+
=back
The first non-comment line of the hosts file is special: it contains
Here's a simple example of a hosts file:
- host dhcp user
- farside 0 craig
- larson 1 gary
-
-The range of DHCP addresses to search is specified in
-$Conf{DHCPAddressRanges}.
+ host dhcp user moreUsers
+ farside 0 craig jim,dave
+ larson 1 gary andy
=head2 Step 5: Client Setup
=item WinXX
The preferred setup for WinXX clients is to set $Conf{XferMethod} to "smb".
+(Actually, for v2.0.0, rsyncd is the better method for WinXX if you are
+prepared to run rsync/cygwin on your WinXX client. More information
+about this will be provided via the FAQ.)
You need to create shares for the data you want to backup.
Open "My Computer", right click on the drive (eg: C), and
=item Linux/Unix
The preferred setup for linux/unix clients is to set $Conf{XferMethod}
-to "tar".
+to "rsync", "rsyncd" or "tar".
-You can use either smb or tar for linux/unix machines. Smb requires that
-the Samba server (smbd) be run to provide the shares. Since the smb
+You can use either rsync, smb, or tar for linux/unix machines. Smb requires
+that the Samba server (smbd) be run to provide the shares. Since the smb
protocol can't represent special files like symbolic links and fifos,
-tar is the recommended transport method for linux/unix machines.
+tar and rsync are the better transport methods for linux/unix machines.
(In fact, by default samba makes symbolic links look like the file or
directory that they point to, so you could get an infinite loop if a
symbolic link points to the current or parent directory. If you really
need to use Samba shares for linux/unix backups you should turn off the
"follow symlinks" samba config setting. See the smb.conf manual page.)
-The rest of this section describes the tar setup.
+The requirements for each Xfer Method are:
+
+=over 4
+
+=item tar
You must have GNU tar on the client machine. Use "tar --version"
or "gtar --version" to verify. The version should be at least
-1.13.7, and 1.13.20 or greater is recommended.
+1.13.7, and 1.13.20 or greater is recommended. Tar is run on
+the client machine via rsh or ssh.
+
+The relevant configuration settings are $Conf{TarClientPath},
+$Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs},
+$Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}.
+
+=item rsync
+
+You should have at least rsync 2.5.5, and the latest version 2.5.6
+is recommended. Rsync is run on the remote client via rsh or ssh.
+
+The relevant configuration settings are $Conf{RsyncClientPath},
+$Conf{RsyncClientCmd}, $Conf{RsyncClientRestoreCmd}, $Conf{RsyncShareName},
+$Conf{RsyncArgs}, $Conf{RsyncRestoreArgs} and $Conf{RsyncLogLevel}.
+
+=item rsyncd
+
+You should have at least rsync 2.5.5, and the latest version 2.5.6
+is recommended. In this case the rsync daemon should be running on
+the client machine and BackupPC connects directly to it.
+
+The relevant configuration settings are $Conf{RsyncdClientPort},
+$Conf{RsyncdUserName}, $Conf{RsyncdPasswd}, $Conf{RsyncdAuthRequired},
+$Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncRestoreArgs}
+and $Conf{RsyncLogLevel}. In the case of rsyncd, $Conf{RsyncShareName}
+is the name of an rsync module (ie: the thing in square brackets in
+rsyncd's conf file -- see rsyncd.conf), not a file system path.
-For linux/unix machines you should no backup "/proc". This directory
+=back
+
+For linux/unix machines you should not backup "/proc". This directory
contains a variety of files that look like regular files but they are
special files that don't need to be backed up (eg: /proc/kcore is a
regular file that contains physical memory). See $Conf{BackupFilesExclude}.
(eg: backing up /dev/hda5 just saves the block-special file information,
not the contents of the disk).
+Alternatively, rather than backup all the file systems as a single
+share ("/"), it is easier to restore a single file system if you backup
+each file system separately. To do this you should list each file system
+mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the
+--one-file-system option to $Conf{TarClientCmd} or add --one-file-system
+(note the different punctuation) to $Conf{RsyncArgs}. In this case there
+is no need to exclude /proc explicitly since it looks like a different
+file system.
+
Next you should decide whether to run tar over ssh, rsh or nfs. Ssh is
the preferred method. Rsh is not secure and therefore not recommended.
Nfs will work, but you need to make sure that the BackupPC user (running
files. Ssh is setup so that BackupPC on the server (an otherwise low
privileged user) can ssh as root on the client, without being prompted
for a password. There are two common versions of ssh: v1 and v2. Here
-are some instructions for one way to setup ssh v2:
+are some instructions for one way to setup ssh. (Check which version
+of SSH you have by typing "ssh" or "man ssh".)
+
+=over 4
+
+=item OpenSSH Instructions
+
+Depending upon your OpenSSH installation, many of these steps can be
+replaced by running the scripts ssh-user-config and ssh-host-config
+included with OpenSSH. You still need to manually exchange the keys.
=over 4
=item Key generation
-As root on the client machine, use ssh2-keygen to generate a
+As root on the client machine, use ssh-keygen to generate a
+public/private key pair, without a pass-phrase:
+
+ ssh-keygen -t rsa -N ''
+
+This will save the public key in ~/.ssh/id_rsa.pub and the private
+key in ~/.ssh/id_rsa.
+
+=item BackupPC setup
+
+Repeat the above steps for the BackupPC user (__BACKUPPCUSER__) on the server.
+Make a copy of the public key to make it recognizable, eg:
+
+ ssh-keygen -t rsa -N ''
+ cp ~/.ssh/id_rsa.pub ~/.ssh/BackupPC_id_rsa.pub
+
+See the ssh and sshd manual pages for extra configuration information.
+
+=item Key exchange
+
+To allow BackupPC to ssh to the client as root, you need to place
+BackupPC's public key into root's authorized list on the client.
+Append BackupPC's public key (BackupPC_id_rsa.pub) to root's
+~/.ssh/authorized_keys2 file on the client:
+
+ touch ~/.ssh/authorized_keys2
+ cat BackupPC_id_rsa.pub >> ~/.ssh/authorized_keys2
+
+You should edit ~/.ssh/authorized_keys2 and add further specifiers,
+eg: from, to limit which hosts can login using this key. For example,
+if your BackupPC host is called backuppc.my.com, there should be
+one line in ~/.ssh/authorized_keys2 that looks like:
+
+ from="backuppc.my.com" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
+
+=item Fix permissions
+
+You will probably need to make sure that all the files
+in ~/.ssh have no group or other read/write permission:
+
+ chmod -R go-rwx ~/.ssh
+
+You should do the same thing for the BackupPC user on the server.
+
+=item Testing
+
+As the BackupPC user on the server, verify that this command:
+
+ ssh -l root clientHostName whoami
+
+prints
+
+ root
+
+You might be prompted the first time to accept the client's host key and
+you might be prompted for root's password on the client. Make sure that
+this command runs cleanly with no prompts after the first time. You
+might need to check /etc/hosts.equiv on the client. Look at the
+man pages for more information. The "-v" option to ssh is a good way
+to get detailed information about what fails.
+
+=back
+
+=item SSH2 Instructions
+
+=over 4
+
+=item Key generation
+
+As root on the client machine, use ssh-keygen2 to generate a
public/private key pair, without a pass-phrase:
ssh-keygen2 -t rsa -P
+or:
+
+ ssh-keygen -t rsa -N ''
+
+(This command might just be called ssh-keygen on your machine.)
+
This will save the public key in /.ssh2/id_rsa_1024_a.pub and the private
key in /.ssh2/id_rsa_1024_a.
man pages for more information. The "-v" option to ssh2 is a good way
to get detailed information about what fails.
-=item ssh version 1 instructions
+=back
+
+=item SSH version 1 Instructions
The concept is identical and the steps are similar, but the specific
commands and file names are slightly different.
<IfModule mod_perl.c>
PerlModule Apache::Registry
+ PerlTaintCheck On
<Location /cgi-bin/BackupPC/BackupPC_Admin> # <--- change path as needed
SetHandler perl-script
PerlHandler Apache::Registry
Options ExecCGI
+ PerlSendHeader On
</Location>
</IfModule>
up. You should make sure that $Conf{CgiImageDirURL} is the correct
URL for the image directory.
+=head2 How BackupPC Finds Hosts
+
+Starting with v2.0.0 the way hosts are discovered has changed. In most
+cases you should specify 0 for the DHCP flag in the conf/hosts file,
+even if the host has a dynamically assigned IP address.
+
+BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner:
+
+=over 4
+
+=item *
+
+First DNS is used to lookup the IP address given the client's name
+using perl's gethostbyname() function. This should succeed for machines
+that have fixed IP addresses that are known via DNS. You can manually
+see whether a given host have a DNS entry according to perls'
+gethostbyname function with this command:
+
+ perl -e 'print(gethostbyname("myhost") ? "ok\n" : "not found\n");'
+
+=item *
+
+If gethostbyname() fails, BackupPC then attempts a NetBios multicast to
+find the host. Provided your client machine is configured properly,
+it should respond to this NetBios multicast request. Specifically,
+BackupPC runs a command of this form:
+
+ nmblookup myhost
+
+If this fails you will see output like:
+
+ querying myhost on 10.10.255.255
+ name_query failed to find name myhost
+
+If this success you will see output like:
+
+ querying myhost on 10.10.255.255
+ 10.10.1.73 myhost<00>
+
+Depending on your netmask you might need to specify the -B option to
+nmblookup. For example:
+
+ nmblookup -B 10.10.1.255 myhost
+
+If necessary, experiment on the nmblookup command that will return the
+IP address of the client given its name. Then update
+$Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup.
+
+=back
+
+For hosts that have the DHCP flag set to 1, these machines are
+discovered as follows:
+
+=over 4
+
+=item *
+
+A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified.
+BackupPC will check the NetBIOS name of each machine in the range using
+a command of the form:
+
+ nmblookup -A W.X.Y.Z
+
+where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}.
+Any host that has a valid NetBIOS name returned by this command (ie:
+matching an entry in the hosts file) will be backed up. You can
+modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}.
+
+=item *
+
+You only need to use this DHCP feature if your client machine doesn't
+respond to the NetBios multicast request:
+
+ nmblookup myHost
+
+but does respond to a request directed to its IP address:
+
+ nmblookup -A W.X.Y.Z
+
+=back
+
=head2 Other installation topics
=over 4
Identical files on multiples backups are represented by hard links.
Hardlinks are used so that identical files all refer to the same
physical file on the server's disk. Also, hard links maintain
-reference counts so that BackupPC knows when to deleted unused files
+reference counts so that BackupPC knows when to delete unused files
from the pool.
For the computer-science majors among you, you can think of the pooling
true for backups in v1.4.0 and above. False for all backups prior
to v1.4.0.
+=item xferMethod
+
+Set to the value of $Conf{XferMethod} when this dump was done.
+
+=item level
+
+The level of this dump. A full dump is level 0. Currently incrementals
+are 1. But when multi-level incrementals are supported this will reflect
+each dump's incremental level.
+
=back
=item restores
space if all the files in a directory have the same attributes across
multiple backups, which is common.
+=head2 Optimizations
+
+BackupPC doesn't care about the access time of files in the pool
+since it saves attribute meta-data separate from the files. Since
+BackupPC mostly does reads from disk, maintaining the access time of
+files generates a lot of unnecessary disk writes. So, provided
+BackupPC has a dedicated data disk, you should consider mounting
+BackupPC's data directory with the noatime attribute (see mount(1)).
+
=head2 Limitations
BackupPC isn't perfect (but it is getting better). Here are some
in a single large file and keeps it locked whenever it is running.
Since many users keep Outlook running all the time their machine
is up their Outlook file will not be backed up. Sadly, this file
-is the most important file to backup. How do commercial backup
-systems solve this problem?
+is the most important file to backup. As one workaround, Microsoft has
+a user-level application that periodically asks the user if they want to
+make a copy of their outlook.pst file. This copy can then be backed up
+by BackupPC. See L<http://office.microsoft.com/downloads/2002/pfbackup.aspx>.
Similarly, all of the data for WinXX services like SQL databases,
-Exchange etc won't be backed up.
+Exchange etc won't be backed up. If these applications support
+some kind of export or utility to save their data to disk then this
+can =used to create files that BackupPC can backup.
So far, the best that BackupPC can do is send warning emails to
the user saying that their outlook files haven't been backed up in
All configuration settings in the second through fifth groups can
be overridden by the per-PC config.pl file.
-=head2 General server configuration
-
-=over 4
-
-=item $Conf{ServerHost} = '';
-
-Host name on which the BackupPC server is running.
-
-=item $Conf{ServerPort} = -1;
-
-TCP port number on which the BackupPC server listens for and accepts
-connections. Normally this should be disabled (set to -1). The TCP
-port is only needed if apache runs on a different machine from BackupPC.
-In that case, set this to any spare port number over 1024 (eg: 2359).
-If you enable the TCP port, make sure you set $Conf{ServerMesgSecret}
-too!
-
-=item $Conf{ServerMesgSecret} = '';
-
-Shared secret to make the TCP port secure. Set this to a hard to guess
-string if you enable the TCP port (ie: $Conf{ServerPort} > 0).
-
-To avoid possible attacks via the TCP socket interface, every client
-message is protected by an MD5 digest. The MD5 digest includes four
-items:
- - a seed that is sent to the client when the connection opens
- - a sequence number that increments for each message
- - a shared secret that is stored in $Conf{ServerMesgSecret}
- - the message itself.
-
-The message is sent in plain text preceded by the MD5 digest. A
-snooper can see the plain-text seed sent by BackupPC and plain-text
-message from the client, but cannot construct a valid MD5 digest since
-the secret $Conf{ServerMesgSecret} is unknown. A replay attack is
-not possible since the seed changes on a per-connection and
-per-message basis.
-
-=item $Conf{MyPath} = '/bin';
-
-PATH setting for BackupPC. An explicit value is necessary
-for taint mode. Value shouldn't matter too much since
-all execs use explicit paths. However, taint mode in perl
-will complain if this directory is world writable.
-
-=item $Conf{UmaskMode} = 027;
-
-Permission mask for directories and files created by BackupPC.
-Default value prevents any access from group other, and prevents
-group write.
-
-=item $Conf{WakeupSchedule} = [1..23];
-
-Times at which we wake up, check all the PCs, and schedule necessary
-backups. Times are measured in hours since midnight. Can be
-fractional if necessary (eg: 4.25 means 4:15am).
-
-If the hosts you are backing up are always connected to the network
-you might have only one or two wakeups each night. This will keep
-the backup activity after hours. On the other hand, if you are backing
-up laptops that are only intermittently connected to the network you
-will want to have frequent wakeups (eg: hourly) to maximized the chance
-that each laptop is backed up.
-
-Examples:
-
- $Conf{WakeupSchedule} = [22.5]; # once per day at 10:30 pm.
- $Conf{WakeupSchedule} = [1..23]; # every hour except midnight
- $Conf{WakeupSchedule} = [2,4,6,8,10,12,14,16,18,20,22]; # every 2 hours
-
-The default value is every hour except midnight.
-
-=item $Conf{MaxBackups} = 4;
-
-Maximum number of simultaneous backups to run. If there
-are no user backup requests then this is the maximum number
-of simultaneous backups.
-
-=item $Conf{MaxUserBackups} = 4;
-
-Additional number of simultaneous backups that users can run.
-As many as $Conf{MaxBackups} + $Conf{MaxUserBackups} requests can
-run at the same time.
-
-=item $Conf{MaxPendingCmds} = 10;
-
-Maximum number of pending link commands. New backups will only be
-started if there are no more than $Conf{MaxPendingCmds} plus
-$Conf{MaxBackups} number of pending link commands, plus running jobs.
-This limit is to make sure BackupPC doesn't fall too far behind in
-running BackupPC_link commands.
-
-=item $Conf{MaxOldLogFiles} = 14;
-
-Maximum number of log files we keep around in log directory.
-These files are aged nightly. A setting of 14 means the log
-directory will contain about 2 weeks of old log files, in
-particular at most the files LOG, LOG.0, LOG.1, ... LOG.13
-(except today's LOG, these files will have a .z extension if
-compression is on).
-
-If you decrease this number after BackupPC has been running for a
-while you will have to manually remove the older log files.
-
-=item $Conf{DfPath} = '/bin/df';
-
-Full path to the df command. Security caution: normal users
-should not allowed to write to this file or directory.
-
-=item $Conf{DfMaxUsagePct} = 95;
-
-Maximum threshold for disk utilization on the __TOPDIR__ filesystem.
-If the output from $Conf{DfPath} reports a percentage larger than
-this number then no new regularly scheduled backups will be run.
-However, user requested backups (which are usually incremental and
-tend to be small) are still performed, independent of disk usage.
-Also, currently running backups will not be terminated when the disk
-usage exceeds this number.
-
-=item $Conf{TrashCleanSleepSec} = 300;
-
-How long BackupPC_trashClean sleeps in seconds between each check
-of the trash directory. Once every 5 minutes should be reasonable.
-
-=item $Conf{DHCPAddressRanges} = [];
-
-List of DHCP address ranges we search looking for PCs to backup.
-This is an array of hashes for each class C address range.
-
-Examples:
-
- # to specify 192.10.10.20 to 192.10.10.250 as the DHCP address pool
- $Conf{DHCPAddressRanges} = [
- {
- ipAddrBase => '192.10.10',
- first => 20,
- last => 250,
- },
- ];
- # to specify two pools (192.10.10.20-250 and 192.10.11.10-50)
- $Conf{DHCPAddressRanges} = [
- {
- ipAddrBase => '192.10.10',
- first => 20,
- last => 250,
- },
- {
- ipAddrBase => '192.10.11',
- first => 10,
- last => 50,
- },
- ];
-
-=item $Conf{BackupPCUser} = '';
-
-=item $Conf{CgiDir} = '';
-
-=item $Conf{InstallDir} = '';
-
-These configuration settings aren't used by BackupPC, but simply
-remember a few settings used by configure.pl during installation.
-These are used by configure.pl when upgrading to new versions of
-BackupPC.
-
-=item $Conf{BackupPCUserVerify} = 1;
-
-Whether BackupPC and the CGI script BackupPC_Admin verify that they
-are really running as user $Conf{BackupPCUser}. If this flag is set
-and the effective user id (euid) differs from $Conf{BackupPCUser}
-then both scripts exit with an error. This catches cases where
-BackupPC might be accidently started as root or the wrong user,
-or if the CGI script is not installed correctly.
-
-=back
-
-=head2 What to backup and when to do it
-
-=over 4
-
-=item $Conf{SmbShareName} = 'C$';
-
-Name of the host share that is backed up when using SMB. This can be a
-string or an array of strings if there are multiple shares per host.
-Examples:
-
-
- $Conf{SmbShareName} = 'c'; # backup 'c' share
- $Conf{SmbShareName} = ['c', 'd']; # backup 'c' and 'd' shares
-
-This setting only matters if $Conf{XferMethod} = 'smb'.
-
-=item $Conf{SmbShareUserName} = '';
-
-Smbclient share user name. This is passed to smbclient's -U argument.
-
-This setting only matters if $Conf{XferMethod} = 'smb'.
-
-=item $Conf{SmbSharePasswd} = '';
-
-Smbclient share password. This is passed to smbclient via the PASSWD
-environment variable. There are several ways you can tell BackupPC
-the smb share password. In each case you should be very careful about
-security. If you put the password here, make sure that this file is
-not readable by regular users! See the "Setting up config.pl" section
-in the documentation for more information.
-
-This setting only matters if $Conf{XferMethod} = 'smb'.
-
-=item $Conf{TarShareName} = '/';
-
-Which host directories to backup when using tar transport. This can be a
-string or an array of strings if there are multiple directories to
-backup per host. Examples:
-
-
- $Conf{TarShareName} = '/'; # backup everything
- $Conf{TarShareName} = '/home'; # only backup /home
- $Conf{TarShareName} = ['/home', '/src']; # backup /home and /src
-
-The fact this parameter is called 'TarShareName' is for historical
-consistency with the Smb transport options. You can use any valid
-directory on the client: there is no need for it to correspond to
-any Smb share or device mount point.
-
-Note also that you can also use $Conf{BackupFilesOnly} to specify
-a specific list of directories to backup. It's more efficient to
-use this option instead of $Conf{TarShareName} since a new tar is
-run for each entry in $Conf{TarShareName}.
-
-This setting only matters if $Conf{XferMethod} = 'tar'.
-
-=item $Conf{FullPeriod} = 6.97;
-
-Minimum period in days between full backups. A full dump will only be
-done if at least this much time has elapsed since the last full dump,
-and at least $Conf{IncrPeriod} days has elapsed since the last
-successful dump.
-
-Typically this is set slightly less than an integer number of days. The
-time taken for the backup, plus the granularity of $Conf{WakeupSchedule}
-will make the actual backup interval a bit longer.
-
-=item $Conf{IncrPeriod} = 0.97;
-
-Minimum period in days between incremental backups (a user requested
-incremental backup will be done anytime on demand).
-
-Typically this is set slightly less than an integer number of days. The
-time taken for the backup, plus the granularity of $Conf{WakeupSchedule}
-will make the actual backup interval a bit longer.
-
-=item $Conf{FullKeepCnt} = 1;
-
-Number of full backups to keep. Must be >= 1.
-
-In the steady state, each time a full backup completes successfully
-the oldest one is removed. If this number is decreased, the
-extra old backups will be removed.
-
-If filling of incremental dumps is off the oldest backup always
-has to be a full (ie: filled) dump. This might mean an extra full
-dump is kept until the second oldest (incremental) dump expires.
-
-=item $Conf{FullKeepCntMin} = 1;
-
-=item $Conf{FullAgeMax} = 60;
-
-Very old full backups are removed after $Conf{FullAgeMax} days. However,
-we keep at least $Conf{FullKeepCntMin} full backups no matter how old
-they are.
-
-=item $Conf{IncrKeepCnt} = 6;
-
-Number of incremental backups to keep. Must be >= 1.
-
-In the steady state, each time an incr backup completes successfully
-the oldest one is removed. If this number is decreased, the
-extra old backups will be removed.
-
-=item $Conf{IncrKeepCntMin} = 1;
-
-=item $Conf{IncrAgeMax} = 30;
-
-Very old incremental backups are removed after $Conf{IncrAgeMax} days.
-However, we keep at least $Conf{IncrKeepCntMin} incremental backups no
-matter how old they are.
-
-=item $Conf{IncrFill} = 0;
-
-Whether incremental backups are filled. "Filling" means that the
-most recent full (or filled) dump is merged into the new incremental
-dump using hardlinks. This makes an incremental dump look like a
-full dump. Prior to v1.03 all incremental backups were filled.
-In v1.4.0 and later the default is off.
-
-BackupPC, and the cgi interface in particular, do the right thing on
-un-filled incremental backups. It will correctly display the merged
-incremental backup with the most recent filled backup, giving the
-un-filled incremental backups a filled appearance. That means it
-invisible to the user whether incremental dumps are filled or not.
-
-Filling backups takes a little extra disk space, and it does cost
-some extra disk activity for filling, and later removal. Filling
-is no longer useful, since file mangling and compression doesn't
-make a filled backup very useful. It's likely the filling option
-will be removed from future versions: filling will be delegated to
-the display and extraction of backup data.
-
-If filling is off, BackupPC makes sure that the oldest backup is
-a full, otherwise the following incremental backups will be
-incomplete. This might mean an extra full backup has to be
-kept until the following incremental backups expire.
-
-The default is off. You can turn this on or off at any
-time without affecting existing backups.
-
-=item $Conf{RestoreInfoKeepCnt} = 10;
-
-Number of restore logs to keep. BackupPC remembers information about
-each restore request. This number per client will be kept around before
-the oldest ones are pruned.
-
-Note: files/dirs delivered via Zip or Tar downloads don't count as
-restores. Only the first restore option (where the files and dirs
-are written to the host) count as restores that are logged.
-
-=item $Conf{BackupFilesOnly} = undef;
-
-List of directories or files to backup. If this is defined, only these
-directories or files will be backed up.
-
-For Smb, only one of $Conf{BackupFilesExclude} and $Conf{BackupFilesOnly}
-can be specified per share. If both are set for a particular share, then
-$Conf{BackupFilesOnly} takes precedence and $Conf{BackupFilesExclude}
-is ignored.
-
-This can be set to a string, an array of strings, or, in the case
-of multiple shares, a hash of strings or arrays. A hash is used
-to give a list of directories or files to backup for each share
-(the share name is the key). If this is set to just a string or
-array, and $Conf{SmbShareName} contains multiple share names, then
-the setting is assumed to apply to only the first share name.
-
-Examples:
-
- $Conf{BackupFilesOnly} = '/myFiles';
- $Conf{BackupFilesOnly} = ['/myFiles']; # same as first example
- $Conf{BackupFilesOnly} = ['/myFiles', '/important'];
- $Conf{BackupFilesOnly} = {
- 'c' => ['/myFiles', '/important'], # these are for 'c' share
- 'd' => ['/moreFiles', '/archive'], # these are for 'd' share
- }
-
-=item $Conf{BackupFilesExclude} = undef;
-
-List of directories or files to exclude from the backup. For Smb,
-only one of $Conf{BackupFilesExclude} and $Conf{BackupFilesOnly}
-can be specified per share. If both are set for a particular share,
-then $Conf{BackupFilesOnly} takes precedence and
-$Conf{BackupFilesExclude} is ignored.
-
-This can be set to a string, an array of strings, or, in the case
-of multiple shares, a hash of strings or arrays. A hash is used
-to give a list of directories or files to exclude for each share
-(the share name is the key). If this is set to just a string or
-array, and $Conf{SmbShareName} contains multiple share names, then
-the setting is assumed to apply to only the first share name.
-
-The exact behavior is determined by the underlying transport program,
-smbclient or tar. For smbclient the exlclude file list is passed into
-the X option. Simple shell wild-cards using "*" or "?" are allowed.
-
-For tar, if the exclude file contains a "/" it is assumed to be anchored
-at the start of the string. Since all the tar paths start with "./",
-BackupPC prepends a "." if the exclude file starts with a "/". Note
-that GNU tar version >= 1.3.7 is required for the exclude option to
-work correctly. For linux or unix machines it is recommended to add
-"/proc" to $Conf{BackupFilesExclude}.
-
-Examples:
-
- $Conf{BackupFilesExclude} = '/temp';
- $Conf{BackupFilesExclude} = ['/temp']; # same as first example
- $Conf{BackupFilesExclude} = ['/temp', '/winnt/tmp'];
- $Conf{BackupFilesExclude} = {
- 'c' => ['/temp', '/winnt/tmp'], # these are for 'c' share
- 'd' => ['/junk', '/dont_back_this_up'], # these are for 'd' share
- }
-
-=item $Conf{BlackoutBadPingLimit} = 3;
-
-=item $Conf{BlackoutGoodCnt} = 7;
-
-PCs that are always or often on the network can be backed up after
-hours, to reduce PC, network and server load during working hours. For
-each PC a count of consecutive good pings is maintained. Once a PC has
-at least $Conf{BlackoutGoodCnt} consecutive good pings it is subject
-to "blackout" and not backed up during hours and days specified by
-$Conf{BlackoutWeekDays}, $Conf{BlackoutHourBegin} and
-$Conf{BlackoutHourEnd}.
-
-To allow for periodic rebooting of a PC or other brief periods when a
-PC is not on the network, a number of consecutive bad pings is allowed
-before the good ping count is reset. This parameter is
-$Conf{BlackoutBadPingLimit}.
-
-Note that bad and good pings don't occur with the same interval. If a
-machine is always on the network, it will only be pinged roughly once
-every $Conf{IncrPeriod} (eg: once per day). So a setting for
-$Conf{BlackoutGoodCnt} of 7 means it will take around 7 days for a
-machine to be subject to blackout. On the other hand, if a ping is
-failed, it will be retried roughly every time BackupPC wakes up, eg,
-every one or two hours. So a setting for $Conf{BlackoutBadPingLimit} of
-3 means that the PC will lose its blackout status after 3-6 hours of
-unavailability.
-
-To disable the blackout feature set $Conf{BlackoutGoodCnt} to a negative
-value. A value of 0 will make all machines subject to blackout. But
-if you don't want to do any backups during the day it would be easier
-to just set $Conf{WakeupSchedule} to a restricted schedule.
-
-=item $Conf{BlackoutHourBegin} = 7.0;
-
-=item $Conf{BlackoutHourEnd} = 19.5;
-
-=item $Conf{BlackoutWeekDays} = [1, 2, 3, 4, 5];
-
-The default settings specify the blackout period from 7:00am to
-7:30pm local time on Mon-Fri. For $Conf{BlackoutWeekDays},
-0 is Sunday, 1 is Monday etc.
-
-=back
-
-=head2 General per-PC configuration settings
-
-=over 4
-
-=item $Conf{XferMethod} = 'smb';
-
-What transport method to use to backup each host. If you have
-a mixed set of WinXX and linux/unix hosts you will need to override
-this in the per-PC config.pl.
-
-The valid values are:
-
- - 'smb': use smbclient and the SMB protocol. Only choice for WinXX.
-
- - 'tar': use tar, tar over ssh, rsh or nfs. Best choice for
- linux/unix.
-
-A future version should support 'rsync' as a transport method for
-more efficient backup of linux/unix machines (and perhaps WinXX??).
-
-=item $Conf{SmbClientPath} = '/usr/bin/smbclient';
-
-Full path for smbclient. Security caution: normal users should not
-allowed to write to this file or directory.
-
-smbclient is from the Samba distribution. smbclient is used to
-actually extract the incremental or full dump of the share filesystem
-from the PC.
-
-This setting only matters if $Conf{XferMethod} = 'smb'.
-
-=item $Conf{SmbClientArgs} = '';
-
-Additional optional arguments to smbclient.
-
-Some users have reported that the -b option can be used to improve
-performance of smbclient. The default value is 4096, and if you
-find smbclient has low throughput you might try a value of 2048, eg:
-
- $Conf{SmbClientArgs} = '-b 2048';
-
-This setting only matters if $Conf{XferMethod} = 'smb'.
-
-=item $Conf{TarClientCmd} = '$sshPath -q -n -l root $host' ...
-
-Full command to run tar on the client. GNU tar is required. You will
-need to fill in the correct paths for ssh2 on the local host (server)
-and GNU tar on the client. Security caution: normal users should not
-allowed to write to these executable files or directories.
-
-See the documentation for more information about setting up ssh2 keys.
-
-If you plan to use NFS then tar just runs locally and ssh2 is not needed.
-For example, assuming the client filesystem is mounted below /mnt/hostName,
-you could use something like:
-
- $Conf{TarClientCmd} = '$tarPath -c -v -f - -C /mnt/$host/$shareName'
- . ' --totals';
-
-In the case of NFS or rsh you need to make sure BackupPC's privileges
-are sufficient to read all the files you want to backup. Also, you
-will probably want to add "/proc" to $Conf{BackupFilesExclude}.
-
-Several variables are substituted at run-time. The following variables
-are substituted at run-time:
-
- $host host name
- $hostIP host's IP address
- $incrDate newer-than date for incremental backups
- $shareName share name to backup (ie: top-level directory path)
- $fileList specific files to backup or exclude
- $tarPath same as $Conf{TarClientPath}
- $sshPath same as $Conf{SshPath}
-
-If a variable is followed by a "+" it is shell escaped. This is
-necessary for the command part of ssh or rsh, since it ends up
-getting passed through the shell.
-
-This setting only matters if $Conf{XferMethod} = 'tar'.
-
-=item $Conf{TarFullArgs} = '$fileList+';
-
-Extra tar arguments for full backups. Several variables are substituted at
-run-time. See $Conf{TarClientCmd} for the list of variable substitutions.
-
-This setting only matters if $Conf{XferMethod} = 'tar'.
-
-=item $Conf{TarIncrArgs} = '--newer=$incrDate+ $fileList+';
-
-Extra tar arguments for incr backups. Several variables are substituted at
-run-time. See $Conf{TarClientCmd} for the list of variable substitutions.
-
-Note that GNU tar has several methods for specifying incremental backups,
-including:
-
- --newer-mtime $incrDate+
- This causes a file to be included if the modification time is
- later than $incrDate (meaning its contents might have changed).
- But changes in the ownership or modes will not qualify the
- file to be included in an incremental.
-
- --newer=$incrDate+
- This causes the file to be included if any attribute of the
- file is later than $incrDate, meaning either attributes or
- the modification time. This is the default method. Do
- not use --atime-preserve in $Conf{TarClientCmd} above,
- otherwise resetting the atime (access time) counts as an
- attribute change, meaning the file will always be included
- in each new incremental dump.
-
-This setting only matters if $Conf{XferMethod} = 'tar'.
-
-=item $Conf{TarClientRestoreCmd} = '$sshPath -q -l root $host' ...
-
-Full command to run tar for restore on the client. GNU tar is required.
-This can be the same as $Conf{TarClientCmd}, with tar's -c replaced by -x
-and ssh's -n removed.
-
-See $Conf{TarClientCmd} for full details.
-
-This setting only matters if $Conf{XferMethod} = "tar".
-
-=item $Conf{TarClientPath} = '/bin/tar';
-
-Full path for tar on the client. Security caution: normal users should not
-allowed to write to this file or directory.
-
-This setting only matters if $Conf{XferMethod} = 'tar'.
-
-=item $Conf{SshPath} = '/usr/bin/ssh';
-
-Full path for ssh. Security caution: normal users should not
-allowed to write to this file or directory.
-
-=item $Conf{NmbLookupPath} = '/usr/bin/nmblookup';
-
-Full path for nmblookup. Security caution: normal users should not
-allowed to write to this file or directory.
-
-nmblookup is from the Samba distribution. nmblookup is used to get the
-netbios name, necessary for DHCP hosts.
-
-=item $Conf{FixedIPNetBiosNameCheck} = 0;
-
-For fixed IP address hosts, BackupPC_dump can also verify the netbios
-name to ensure it matches the host name. An error is generated if
-they do not match. Typically this flag is off. But if you are going
-to transition a bunch of machines from fixed host addresses to DHCP,
-setting this flag is a great way to verify that the machines have
-their netbios name set correctly before turning on DCHP.
-
-=item $Conf{PingPath} = '/bin/ping';
-
-Full path to the ping command. Security caution: normal users
-should not be allowed to write to this file or directory.
-
-If you want to disable ping checking, set this to some program
-that exits with 0 status, eg:
-
- $Conf{PingPath} = '/bin/echo';
-
-=item $Conf{PingArgs} = '-c 1 $host';
-
-Options for the ping command.
-
-=item $Conf{CompressLevel} = 0;
-
-Compression level to use on files. 0 means no compression. Compression
-levels can be from 1 (least cpu time, slightly worse compression) to
-9 (most cpu time, slightly better compression). The recommended value
-is 3. Changing to 5, for example, will take maybe 20% more cpu time
-and will get another 2-3% additional compression. See the zlib
-documentation for more information about compression levels.
-
-Changing compression on or off after backups have already been done
-will require both compressed and uncompressed pool files to be stored.
-This will increase the pool storage requirements, at least until all
-the old backups expire and are deleted.
-
-It is ok to change the compression value (from one non-zero value to
-another non-zero value) after dumps are already done. Since BackupPC
-matches pool files by comparing the uncompressed versions, it will still
-correctly match new incoming files against existing pool files. The
-new compression level will take effect only for new files that are
-newly compressed and added to the pool.
-
-If compression was off and you are enabling compression for the first
-time you can use the BackupPC_compressPool utility to compress the
-pool. This avoids having the pool grow to accommodate both compressed
-and uncompressed backups. See the documentation for more information.
-
-Note: compression needs the Compress::Zlib perl library. If the
-Compress::Zlib library can't be found then $Conf{CompressLevel} is
-forced to 0 (compression off).
-
-=item $Conf{PingMaxMsec} = 20;
-
-Maximum round-trip ping time in milliseconds. This threshold is set
-to avoid backing up PCs that are remotely connected through WAN or
-dialup connections. The output from ping -s (assuming it is supported
-on your system) is used to check the round-trip packet time. On your
-local LAN round-trip times should be much less than 20msec. On most
-WAN or dialup connections the round-trip time will be typically more
-than 20msec. Tune if necessary.
-
-=item $Conf{SmbClientTimeout} = 7200;
-
-Timeout in seconds when listening for the transport program's
-(smbclient, tar etc) stdout. If no output is received during this
-time, then it is assumed that something has wedged during a backup,
-and the backup is terminated.
-
-Note that stdout buffering combined with huge files being backed up
-could cause longish delays in the output from smbclient that
-BackupPC_dump sees, so in rare cases you might want to increase
-this value.
-
-Despite the name, this parameter sets the timeout for all transport
-methods (tar, smb etc).
-
-=item $Conf{MaxOldPerPCLogFiles} = 12;
-
-Maximum number of log files we keep around in each PC's directory
-(ie: pc/$host). These files are aged monthly. A setting of 12
-means there will be at most the files LOG, LOG.0, LOG.1, ... LOG.11
-in the pc/$host directory (ie: about a years worth). (Except this
-month's LOG, these files will have a .z extension if compression
-is on).
-
-If you decrease this number after BackupPC has been running for a
-while you will have to manually remove the older log files.
-
-=back
-
-=head2 Email reminders, status and messages
-
-=over 4
-
-=item $Conf{SendmailPath} = '/usr/sbin/sendmail';
-
-Full path to the sendmail command. Security caution: normal users
-should not allowed to write to this file or directory.
-
-=item $Conf{EMailNotifyMinDays} = 2.5;
-
-Minimum period between consecutive emails to a single user.
-This tries to keep annoying email to users to a reasonable
-level. Email checks are done nightly, so this number is effectively
-rounded up (ie: 2.5 means a user will never receive email more
-than once every 3 days).
-
-=item $Conf{EMailFromUserName} = '';
-
-Name to use as the "from" name for email. Depending upon your mail
-handler this is either a plain name (eg: "admin") or a fully-qualified
-name (eg: "admin@mydomain.com").
-
-=item $Conf{EMailAdminUserName} = '';
-
-Destination address to an administrative user who will receive a
-nightly email with warnings and errors. If there are no warnings
-or errors then no email will be sent. Depending upon your mail
-handler this is either a plain name (eg: "admin") or a fully-qualified
-name (eg: "admin@mydomain.com").
-
-=item $Conf{EMailNoBackupEverMesg} = ...;
-
-This message is sent to a user if their PC has never been backed up.
-If your mailer needs a fully-qualified To name, then change "$user"
-to "$user@mydomain.com" in the template, eg:
-
- To: $user@mydomain.com
-
-=item $Conf{EMailNotifyOldBackupDays} = 7.0;
-
-How old the most recent backup has to be before notifying user.
-When there have been no backups in this number of days the user
-is sent an email.
-
-=item $Conf{EMailNoBackupRecentMesg} = ...;
-
-This message is sent to a user if their PC has not recently been
-backed up (ie: more than $Conf{EMailNotifyOldBackupDays} days ago).
-
-If your mailer needs a fully-qualified To name, then change "$user"
-to "$user@mydomain.com" in the template, eg:
-
- To: $user@mydomain.com
-
-=item $Conf{EMailNotifyOldOutlookDays} = 5.0;
-
-How old the most recent backup of Outlook files has to be before
-notifying user.
-
-=item $Conf{EMailOutlookBackupMesg} = ...;
-
-This message is sent to a user if their Outlook files have not
-recently been backed up (ie: more than $Conf{EMailNotifyOldOutlookDays}
-days ago).
-
-If your mailer needs a fully-qualified To name, then change "$user"
-to "$user@mydomain.com" in the template, eg:
-
- To: $user@mydomain.com
-
-=back
-
-=head2 CGI user interface configuration settings
-
-=over 4
-
-=item $Conf{CgiAdminUserGroup} = '';
-
-=item $Conf{CgiAdminUsers} = '';
-
-Normal users can only access information specific to their host.
-They can start/stop/browse/restore backups.
-
-Administrative users have full access to all hosts, plus overall
-status and log information.
-
-The administrative users are the union of the unix/linux group
-$Conf{CgiAdminUserGroup} and the manual list of users, separated
-by spaces, in $Conf{CgiAdminUsers}. If you don't want a group or
-manual list of users set the corresponding configuration setting
-to undef or an empty string.
-
-If you want every user to have admin privileges (careful!), set
-$Conf{CgiAdminUsers} = '*'.
-
-Examples:
-
- $Conf{CgiAdminUserGroup} = 'admin';
- $Conf{CgiAdminUsers} = 'craig celia';
- --> administrative users are the union of group admin, plus
- craig and celia.
-
- $Conf{CgiAdminUserGroup} = '';
- $Conf{CgiAdminUsers} = 'craig celia';
- --> administrative users are only craig and celia'.
-
-=item $Conf{CgiUserHomePageCheck} = '';
-
-=item $Conf{CgiUserUrlCreate} = 'mailto:%s';
-
-User names that are rendered by the CGI interface can be turned
-into links into their home page or other information about the
-user. To set this up you need to create two sprintf() strings,
-that each contain a single '%s' that will be replaced by the user
-name. The default is a mailto: link.
-
-$Conf{CgiUserHomePageCheck} should be an absolute file path that
-is used to check (via "-f") that the user has a valid home page.
-Set this to undef or an empty string to turn off this check.
-
-$Conf{CgiUserUrlCreate} should be a full URL that points to the
-user's home page. Set this to undef or an empty string to turn
-off generation of URLs for user names.
-
-Example:
-
- $Conf{CgiUserHomePageCheck} = '/var/www/html/users/%s.html';
- $Conf{CgiUserUrlCreate} = 'http://myhost/users/%s.html';
- --> if /var/www/html/users/craig.html exists, then 'craig' will
- be rendered as a link to http://myhost/users/craig.html.
-
-=item $Conf{CgiDateFormatMMDD} = 1;
-
-Date display format for CGI interface. True for US-style dates (MM/DD)
-and zero for international dates (DD/MM).
-
-=item $Conf{CgiHeaderFontType} = 'arial';
-
-=item $Conf{CgiHeaderFontSize} = '3';
-
-Header font and size for CGI interface
-
-=item $Conf{CgiNavBarBgColor} = '#ddeeee';
-
-=item $Conf{CgiHeaderBgColor} = '#99cc33';
-
-Color scheme for CGI interface. Default values give a very light blue
-for the background navigation color and green for the header background.
-(You call tell I'm a better programmer than graphical designer.)
-
-=item $Conf{CgiHeaders} = '<meta http-equiv="pragma" content="no-cache">';
-
-Additional CGI header text. For example, if you wanted each CGI page
-to auto refresh every 900 seconds, you could add this text:
-
- <meta http-equiv="refresh" content="900">
-
-=item $Conf{CgiImageDir} = '';
-
-Directory where images are stored. This directory should be below
-Apache's DocumentRoot. This value isn't used by BackupPC but is
-used by configure.pl when you upgrade BackupPC.
-
-Example:
-
- $Conf{CgiImageDir} = '/usr/local/apache/htdocs/BackupPC';
-
-=item $Conf{CgiImageDirURL} = '';
-
-URL (without the leading http://host) for BackupPC's image directory.
-The CGI script uses this value to serve up image files.
-
-Example:
-
- $Conf{CgiImageDirURL} = '/BackupPC';
-
-=back
-
+__CONFIGPOD__
=head1 Version Numbers
=head1 Copyright
-Copyright (C) 2001-2002 Craig Barratt
+Copyright (C) 2001-2003 Craig Barratt
=head1 Credits
+Xavier Nicollet, with additions from Guillaume Filion, added the
+internationalization (i18n) support to the CGI interface for v2.0.0.
+Xavier provided the French translation fr.pm, with additions from
+Guillaume.
+
Ryan Kucera contributed the directory navigation code and images
for v1.5.0. He also contributed the first skeleton of BackupPC_restore.
Guillaume Filion wrote BackupPC_zipCreate and added the CGI support
for zip download, in addition to some CGI cleanup, for v1.5.0.
-Several people have reported bugs or made useful suggestions; see the
-ChangeLog.
+Javier provided the Spanish translation, es.pm.
+
+Many people have reported bugs, made useful suggestions and helped
+with testing; see the ChangeLog and the mail lists.
Your name could appear here in the next version!
projects / BackupPC.git / blobdiff