Backups
Running storebackup without root
storebackup can quite easily oveload the computer CPU or completely fill the memory leading to OOM
if run as root as no limits on the process are enforced.
It is rather better to run in the user backup to regulate the process.
We do this by allowing the backup user to perform some elevated activities
and maybe with some alteration to storebackup code to cope with this change.
For your /etc/security/capability.conf
cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid backup
Then /etc/pam.d/su modified to put auth required pam_cap.so at the beginning.
Now we allow the programs that storebackup needs to work to use these capabilities when they are launched by the backup user.
Note there is not +eip so elevated access should only be usable when pam_cap.so sets the access.
We avoided setting it on bash as it
breaks fakeroot and we could not then build debian packages.
This is done in the cronjob that starts storebackup before switching to user backup and then starting storebackup.
for N in perl cp cat tar rm bzip2 mknod chown mkdir md5sum rmdir mount grep pod2text
do
setcap cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid+ei `which $N`
done
With capability storebackup should not check if permissions let it read file,
just go on and read them, because it can. A small modification is needed:
- dpkg-divert --add --rename /usr/share/storebackup/lib/fileDir.pl
- cp /usr/share/storebackup/lib/fileDir.pl{.distrib,}
- patch -d / -r -p0
--- /usr/share/storebackup/lib/fileDir.pl 2012-03-04 07:45:54.000000000 +0000
+++ /usr/share/storebackup/lib/fileDir.pl 2015-02-07 00:53:40.000000000 +0000
@@ -772,6 +771,0 @@
- unless (-r $entry)
- {
- $prLog->print('-kind' => $prLogWarn,
- '-str' => ["no permissions to read <$entry>"]);
- next;
- }
Instead of using cron, now like to set up a dedicated systemd units to run storebackup service unit in systemd instead of a cron initiated jobs.
Users modifying their own systems would place custom units like this in /etc/systemd/system
, renaming them if desired to not clash with any builtin units, which they will override. Including a custom name in the unit can help with this.
backup-localhost.service
Main service, run from a timer unit. Prefer to configure storebackup as embedded in the unit
- [Unit]
- Description=storebackup to backup the system
- Documentation=http://www.nongnu.org/storebackup/en/
- After=local-fs.target
- ConditionACPower=true
- ConditionPathIsMountPoint=/var/local/backups
- [Service]
- Type=simple
- User=backup
- StandardInput=null
- StandardOutput=journal
- StandardError=inherit
- AmbientCapabilities=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_SETFCAP
- LimitRSS=536870912
- LimitDATA=536870912
- LimitAS=536870912
- CPUSchedulingPolicy=idle
- IOSchedulingClass=idle
- ExecStart=-/usr/bin/perl /usr/bin/storeBackup\
- --sourceDir /\
- --backupDir /var/local/backups\
- --series .\
- --tmpdir /tmp\
- --includeDirs bin\
- --includeDirs boot\
- --includeDirs etc\
- --includeDirs home\
- --includeDirs lib\
- --includeDirs root\
- --includeDirs sbin\
- --includeDirs usr\
- --includeDirs var/backups\
- --includeDirs var/cache/apt/archives\
- --includeDirs var/gopher\
- --includeDirs var/lib\
- --includeDirs var/mail\
- --includeDirs var/opt\
- --includeDirs run\
- --includeDirs var/www\
- --exceptDirs var/local/backups\
- --exceptDirs var/lib/lxcfs\
- --exceptDirs run/rpc_pipefs\
- --exceptTypes Sbc\
- --keepMinNumber 100\
- --keepAll 30d\
- --keepFirstOfWeek 90d\
- --keepLastOfWeek 90d\
- --keepFirstOfMonth 360d\
- --keepLastOfMonth 360d\
- --keepFirstOfYear 720d\
- --keepLastOfYear 720d\
- --debug 0\
- --deleteNotFinishedDirs\
- --saveRAM\
- --cpIsGnu\
- --linkSymlinks\
backup-localhost.timer
- [Unit]
- Description=storebackup to backup the system at night
- Documentation=http://www.nongnu.org/storebackup/en/
- [Timer]
- OnCalendar=
- OnCalendar=*-*-* 03:13:37
- [Install]
- WantedBy=multi-user.target
storebackup-caps.service
Modifies capability bits, usually needs running if system is updated
- [Unit]
- Description=storebackup configure utility capabilities
- Documentation=http://www.nongnu.org/storebackup/en/
- After=local-fs.target
- ConditionACPower=true
- [Service]
- Type=simple
- StandardInput=null
- StandardOutput=journal
- StandardError=inherit
- ExecStart=-/bin/sh -c 'for N in perl cp cat tar rm bzip2 mknod chown mkdir md5sum rmdir mount grep pod2text; do echo /sbin/setcap cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid=+ei `which $N`; done;'
storebackup-links.service
Tidy backups
- [Unit]
- Description=storebackup place links files
- Documentation=http://www.nongnu.org/storebackup/en/
- After=local-fs.target
- ConditionACPower=true
- [Service]
- Type=simple
- StandardInput=null
- StandardOutput=journal
- StandardError=inherit
- ExecStart=-/bin/sh -c 'for N in /var/local/backups/*.??.??_??.??.??; do if test ! -e $N/.storeBackupLinks; then mkdir -p $N/.storeBackupLinks; chown backup.backup $N/.storeBackupLinks; fi; done'
Hopefully storebackup now finds it can do the activities it needs to do,
and can also be monitored in top as it works protecting the data.
Offhost backup with rsync
storebackup works well locally, but we need to also store offhost, away from server; out of room good, out of building better, though the other location also should be secure as it has personal data too.
On the server to be backed up:
/etc/systemd/system/rsync.socket
- [Unit]
- Description=RSYNC Socket for Per-Connection Servers
- [Socket]
- ListenStream=873
- Accept=yes
- [Install]
- WantedBy=sockets.target
/etc/systemd/system/rsync@.service
- [Unit]
- Description=RSYNC systemd inet emulation.
- ; rsync tries /dev/log
- [Service]
- ExecStart=-/usr/bin/rsync --daemon --config /etc/rsyncd.conf
- StandardInput=socket
- IOSchedulingClass=idle
- OOMScoreAdjust=500
- CPUSchedulingPolicy=idle
/etc/rsyncd.conf
- socket options = IPTOS_THROUGHPUT,SO_RCVBUF=0x1000000,SO_SNDBUF=0x1000000
- [backups]
- uid = root
- gid = root
- read only = yes
- use chroot = no
- path = /var/local/backups
- hosts allow = 2001:db8::aede:48ff:fe23:4567
On administators desktop PC
This can easily be up irregularly, if it is in a secure place preferably away from the main server with network access to it.
/etc/systemd/system/backup-example.service
- [Unit]
- Description=backs up examplevia rsync
- [Service]
- #ExecStartPre=-/sbin/setcap cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid=+ei /usr/bin/rsync
- ExecStart=-/usr/bin/rsync -avhRPHAX --no-implied-dirs --sockopts=IPTOS_THROUGHPUT,SO_RCVBUF=0x1000000,SO_SNDBUF=0x1000000 example::backups/2* /var/local/backups
- User=backup
- PrivateTmp=true
- PrivateDevices=true
- PrivateNetwork=false
- ProtectSystem=true
- ProtectHome=true
- NoNewPrivileges=true
- #CPUSchedulingPolicy=batch
- #IOSchedulingClass=idle
- StandardInput=null
- StandardOutput=journal
- StandardError=inherit
- AmbientCapabilities=CAP_CHOWN CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID
/etc/systemd/system/backup-example.timer
Good to pick a time that system is likely to be up and not too busy
- [Unit]
- Description=backup example timer
- [Timer]
- Persistent=true
- OnCalendar=*-*-* 19:13:37
- [Install]
- WantedBy=timers.target
tell systemd to reload all units after edits: systemctl daemon-reload;
then activate the timer job now with systemctl start backup-example.timer; and at every boot with systemctl enable backup-example.timer
To start the backup immediately; systemctl start backup-example.service; or wait for the timer job if that is active.