	Quick notes for getting rsync-backup going.

Server:

- CHANGE THE ROOT PASSWORD.  Seriously.

- NEVER. NEVER. NEVER use the password for authenticating for backup. 
  Turn off ssh password authentication at the server.  Never give out
  the root password and DONT USE IT YOURSELF for backups.  If you try,
  you will almost certainly wipe out the server's root partition. YOU
  HAVE BEEN WARNED!  I strongly suggest turning off ssh password
  authentication entirely on the backup server.  _You_ _must_ _use_
  _ssh_ _keys_, read on in the client section.  (I've put in some
  safeguards to hopefully avoid this situation, but you should still use
  keys for this).

- Install rsync-backup-server package.

- Install the rsync-static package (rsync-static-2.4.6-2.i386.rpm or
  newer suggested). The static version is required; the standard rsync
  binary won't work chrooted.  Write me if it's not available at
  http://rsync.samba.org (it's at 
  ftp://ftp.stearns.org/pub/wstearns/rsync-static/ ).

- Install freedups ( ftp://ftp.stearns.org/pub/wstearns/freedups ) if
  you want to reclaim serious amounts of disk space on the server at no
  cost or risk.  Optional, but recommended.

- Install openssh or commercial ssh, try to use same package for client
  and server.


Client (backup server assumed to be called "backupserver", please adjust):

- Install openssh or commercial ssh, try to use same package for client
and server.

- Install the standard rsync package included with your distribution, or
  available from http://rsync.samba.org .

- Install rsync-backup-client package.

- Set up an ssh keypair that allows a passphrase-less connection between  
  root on the client and root on the server (needed on the client to
  back up all files, and needed on the server to preserve file
  ownership), with a forced command of  
  "/usr/sbin/rsync-backup-server".  If you need help setting this up,  
  please try the ssh-keyinstall package (see  
  ftp://ftp.stearns.org/pub/wstearns/ssh-keyinstall or
  http://www.stearns.org for more info, tars, and rpms).  A sample
  command line for this:

  ssh-keyinstall -s backupserver -u root -c 'export SSH_CLIENT SSH2_CLIENT \; /bin/nice /usr/sbin/rsync-backup-server'

  If you later find that the backupserver:/backups/rsync-backup-debug
  file contains the lines:

No passed clientname and null SSH_CLIENT and SSH2_CLIENT,                                                                        
where do I store the backup?  Exiting.                                                                                           

  use this form instead.

  ssh-keyinstall -s backupserver -u root -c 'export SSH_CLIENT SSH2_CLIENT \; /bin/nice /usr/sbin/rsync-backup-server client_name'

  Previous versions of this package held some notes about the process in
  this file; download v0.1 if you want to do it by hand and need help.

nice rsync-backup-client / root@backupserver:/
nice rsync-backup-client /usr /home/myfiles root@backupserver:/	#Just backup these dirs
nice rsync-backup-client -v / root@backupserver:/	#List files actively transferred

- The above commands can be run as a non-root user on the client
  machine.  A non-root backup client won't be able to preserve ownership
  information, and won't be able to backup any files that that user
  can't read.

- To automate the backups, put one of the above lines in roots (or
  another users) crontab.  For example, to get root to backup the entire
  system, add this line to /var/spool/cron/root :
  
13 1 * * * /bin/nice /usr/bin/rsync-backup-client / root@backupserver:/

  and type:

touch /var/spool/cron	#Tells cron to reread /var/spool/cron/root

  This will start a full backup at 1:13AM every day.

- If you're backing up multiple systems, you might want to stagger the
  start times to reduce load on the backup server.

- If the backup server will ultimately be sending these files off to
  tape, make sure to start the rsync-backup-clients early enough that
  they'll finish before the tape backup starts, but late enough that
  most work for the day will be done and the files will be mostly
  static.

- If you know there are files or directories you do not wish to backup
  at all, list them in the file ~/.rsync-backup/exclude .  This file
  will be created the first time the client is run and populated with
  some common directories that probably don't need to be backed up (see  
  /usr/lib/rsync-backup/exclude.default ).

- If you have sensitive files that need to be backed up, but not sent
  over to the backup server, place their names in
  ~/.rsync-backup/localbackuponly .  Like the above, this will be
  created and populated with the contents of
  /usr/lib/rsync-backup/localbackuponly.default .
  
  Any files listed there will not be sent to the backup server, but
  rather tarred up to ~/.dontbackup/rsync-excluded-{YYYYMMDD}.tar.gz . 
  Make sure you move this file onto secure storage somewhere.

- William Stearns <wstearns@pobox.com>



