Quick notes for getting rsync-backup going. Server: - CHANGE THE ROOT PASSWORD. Seriously. - NEVER. NEVER. NEVER use the password for authenticating for backup. Turn off ssh password authentication at the server. Never give out the root password and DONT USE IT YOURSELF for backups. If you try, you will almost certainly wipe out the server's root partition. YOU HAVE BEEN WARNED! I strongly suggest turning off ssh password authentication entirely on the backup server. _You_ _must_ _use_ _ssh_ _keys_, read on in the client section. (I've put in some safeguards to hopefully avoid this situation, but you should still use keys for this). - Install rsync-backup-server package. - Install the rsync-static package (rsync-static-2.4.6-2.i386.rpm or newer suggested). The static version is required; the standard rsync binary won't work chrooted. Write me if it's not available at http://rsync.samba.org (it's at ftp://ftp.stearns.org/pub/wstearns/rsync-static/ ). - Install freedups ( ftp://ftp.stearns.org/pub/wstearns/freedups ) if you want to reclaim serious amounts of disk space on the server at no cost or risk. Optional, but recommended. - Install openssh or commercial ssh, try to use same package for client and server. Client (backup server assumed to be called "backupserver", please adjust): - Install openssh or commercial ssh, try to use same package for client and server. - Install the standard rsync package included with your distribution, or available from http://rsync.samba.org . - Install rsync-backup-client package. - Set up an ssh keypair that allows a passphrase-less connection between root on the client and root on the server (needed on the client to back up all files, and needed on the server to preserve file ownership), with a forced command of "/usr/sbin/rsync-backup-server". If you need help setting this up, please try the ssh-keyinstall package (see ftp://ftp.stearns.org/pub/wstearns/ssh-keyinstall or http://www.stearns.org for more info, tars, and rpms). A sample command line for this: ssh-keyinstall -s backupserver -u root -c 'export SSH_CLIENT SSH2_CLIENT \; /bin/nice /usr/sbin/rsync-backup-server' If you later find that the backupserver:/backups/rsync-backup-debug file contains the lines: No passed clientname and null SSH_CLIENT and SSH2_CLIENT, where do I store the backup? Exiting. use this form instead. ssh-keyinstall -s backupserver -u root -c 'export SSH_CLIENT SSH2_CLIENT \; /bin/nice /usr/sbin/rsync-backup-server client_name' Previous versions of this package held some notes about the process in this file; download v0.1 if you want to do it by hand and need help. nice rsync-backup-client / root@backupserver:/ nice rsync-backup-client /usr /home/myfiles root@backupserver:/ #Just backup these dirs nice rsync-backup-client -v / root@backupserver:/ #List files actively transferred - The above commands can be run as a non-root user on the client machine. A non-root backup client won't be able to preserve ownership information, and won't be able to backup any files that that user can't read. - To automate the backups, put one of the above lines in roots (or another users) crontab. For example, to get root to backup the entire system, add this line to /var/spool/cron/root : 13 1 * * * /bin/nice /usr/bin/rsync-backup-client / root@backupserver:/ and type: touch /var/spool/cron #Tells cron to reread /var/spool/cron/root This will start a full backup at 1:13AM every day. - If you're backing up multiple systems, you might want to stagger the start times to reduce load on the backup server. - If the backup server will ultimately be sending these files off to tape, make sure to start the rsync-backup-clients early enough that they'll finish before the tape backup starts, but late enough that most work for the day will be done and the files will be mostly static. - If you know there are files or directories you do not wish to backup at all, list them in the file ~/.rsync-backup/exclude . This file will be created the first time the client is run and populated with some common directories that probably don't need to be backed up (see /usr/lib/rsync-backup/exclude.default ). - If you have sensitive files that need to be backed up, but not sent over to the backup server, place their names in ~/.rsync-backup/localbackuponly . Like the above, this will be created and populated with the contents of /usr/lib/rsync-backup/localbackuponly.default . Any files listed there will not be sent to the backup server, but rather tarred up to ~/.dontbackup/rsync-excluded-{YYYYMMDD}.tar.gz . Make sure you move this file onto secure storage somewhere. - William Stearns