0

I am supposed to make System-Backups of the linux servers my employer is running. I tried rsnapshot and settled for duplicity, as it seems to be updated more frequently.

I need backups of /etc/, /bin/, /usr/, /lib/ & /home/. Obviously, when i try to backup /etc/ quite a few files are locked:

Error accessing possibly locked file /etc/.pwd.lock

I would not like to change permissions on the whole /etc/ folder for security reasons.

The same happens with the /home/ folder, and here again i would not like to change permissions/ownership of the whole /home/ folder as users may not be able to ssh into a machine anymore, since they have no more access to their public keys.

What would be a reasonable way to deal with this? I didn't see anyone mentioning this in any duplicity example.

If you feel offended by my low level of knowledge, please understand that i am a programmer and not a system admin.

Any thoughts would be highly appreciated.

RoboRambo
  • 1
  • assuming duplicity does rsync (too lazy to check myself) you could elevate the backup process (aka the rsync server) to have root permission to read all files. This is at least how backuppc can do it without a lot of errors. – Dennis Nolte Dec 20 '18 at 11:45
  • 1
    You don't need the lock files. In fact I think it is better if you don't have them in your backup because there is no porcess to unlock them anymore. So if you can't backup *.lock files, I don't think it's a problem. – Christopher Perrin Dec 20 '18 at 14:30
  • @ChristopherPerrin i need to have a backup of the users and their settings as well so i can restore that server with some state. if i cant have the locked files then there is no sense of having a system-backup at all, as i would need to recreate those manually (or via script) – RoboRambo Dec 20 '18 at 14:47
  • @DennisNolte this makes sense, though i set "use chroot = true" in the rsyncd.conf file of the backup-server and this made no difference. there is an option to run rsync with the parameter --fake-super, but i don't know how to do this in combination with duplicity and couldn't find any sensical posts about this topic. – RoboRambo Dec 20 '18 at 14:48
  • I don't know which oother errors you get, but the one you posted (`.pwd.lock`) is not a config file, but a lockfile of a process to tell other processes not to touch specific files. If you transfer these files and restore them form backup, the application that created these locks will think the file is still locked, but there is no process to clean them up. So the lock files shouldn't be in the backup. – Christopher Perrin Dec 21 '18 at 08:09
  • @ChristopherPerrin i hope you are right, unfortunately i don't have the time to test whether i can restore a system without those locked files right now. Will do that after christmas and probably post my result here. If you post an answer, i can mark it as accepted and give you your due credit :) – RoboRambo Dec 21 '18 at 10:46

0 Answers0