X-Git-Url: http://git.rot13.org/?p=BackupPC.git;a=blobdiff_plain;f=doc-src%2FBackupPC.pod;h=cc4175e99d07e41e542be8b123c498d2d46b1526;hp=c0b3b7db815308c97deaf4ef49d071a725af4432;hb=617af75f7419e95a9c3ea05b05cf21957acc331c;hpb=cfeb65d0e5ef33ef54cf0e5aaa7b3790bf80bff3 diff --git a/doc-src/BackupPC.pod b/doc-src/BackupPC.pod index c0b3b7d..cc4175e 100644 --- a/doc-src/BackupPC.pod +++ b/doc-src/BackupPC.pod @@ -251,18 +251,19 @@ Do not send subscription requests to this address! =item Other Programs of Interest If you want to mirror linux or unix files or directories to a remote server -you should consider rsync, L. BackupPC now uses +you should use rsync, L. BackupPC now uses rsync as a transport mechanism; if you are already an rsync user you can think of BackupPC as adding efficient storage (compression and pooling) and a convenient user interface to rsync. Unison is a utility that can do two-way, interactive, synchronization. -See L. +See L. An external wrapper around +rsync that maintains transfer data to enable two-way synchronization is +drsync; see L. -Three popular open source packages that do tape backup are -Amanda (L), -afbackup (L), and -Bacula (L). +Two popular open source packages that do tape backup are +Amanda (L) +and Bacula (L). Amanda can also backup WinXX machines to tape using samba. These packages can be used as back ends to BackupPC to backup the BackupPC server data to tape. @@ -276,7 +277,8 @@ and John Bowman's rlbackup (L). BackupPC provides many additional features, such as compressed storage, hardlinking any matching files (rather than just files with the same name), and storing special files without root privileges. But these other scripts -provide simple and effective solutions and are worthy of consideration. +provide simple and effective solutions and are definitely worthy of +consideration. =back @@ -567,6 +569,17 @@ sure the BackupPC user's group is chosen restrictively. On this installation, this is __BACKUPPCUSER__. +For security purposes you might choose to configre the BackupPC +user with the shell set to /bin/false. Since you might need to +run some BackupPC programs as the BackupPC user for testing +purposes, you can use the -s option to su to explicitly run +a shell, eg: + + su -s /bin/bash __BACKUPPCUSER__ + +Depending upon your configuration you might also need +the -l option. + =item Data Directory You need to decide where to put the data directory, below which @@ -1007,19 +1020,22 @@ it has started and all is ok. =head2 Step 7: Talking to BackupPC -Note: as of version 1.5.0, BackupPC no longer supports telnet -to its TCP port. First off, a unix domain socket is used -instead of a TCP port. (The TCP port can still be re-enabled -if your installation has apache and BackupPC running on different -machines.) Secondly, even if you still use the TCP port, the -messages exchanged over this interface are now protected by -an MD5 digest based on a shared secret (see $Conf{ServerMesgSecret}) -as well as sequence numbers and per-session unique keys, preventing -forgery and replay attacks. - You should verify that BackupPC is running by using BackupPC_serverMesg. This sends a message to BackupPC via the unix (or TCP) socket and prints -the response. +the response. Like all BackupPC programs, BackupPC_serverMesg +should be run as the BackupPC user (__BACKUPPCUSER__), so you +should + + su __BACKUPPCUSER__ + +before running BackupPC_serverMesg. If the BackupPC user is +configured with /bin/false as the shell, you can use the -s +option to su to explicitly run a shell, eg: + + su -s /bin/bash __BACKUPPCUSER__ + +Depending upon your configuration you might also need +the -l option. You can request status information and start and stop backups using this interface. This socket interface is mainly provided for the CGI interface