A backup strategy for your remote files!
As the backups will be run by launchd we switch to the root user and set up everything under this user.
Enabling and using the "root" user in Mac OS X: http://docs.info.apple.com/article.html?artnum=106290
How to enable the root user
Mac OS X 10.5 or later
1. From the Finder's Go menu, choose Utilities.
2. Open Directory Utility.
3. Click the lock in the Directory Utility window.
4. Enter an administrator account name and password, then click OK.
5. Choose Enable Root User from the Edit menu
6. Enter the root password you wish to use in both the Password and Verify fields, then click OK.
2. Menü "Gehe zu"
4. Verzeichnisdienste (Nicht "Verzeichnis")
5. Menü "Bearbeiten"
6. root-Benutzer aktivieren
Mac OS X enable fast user switching: http://www.tech-recipes.com/mac_system_administration_tips706.html
To turn on fast user switching, open the System Preferences and click on the Accounts icon under the System category. Click on Login Options near the lower left and click the Enable fast user switching checkbox.
The menu bar at the top of the screen will change, inserting the current user name at the top right. When you click on this name, you'll see a menu listing all of the system's users and a Login Window... choice. Clicking on a user's name will switch to that user (possibly after requesting a password). Clicking on the Login Window... option will take you to the login screen.
The fast user switch occurs with a dramatic rotation of the screen, a slick effect. Be warned that each user logged into a system eats up memory and the more applications open for each user, the more likely the system will swap stuff into virtual memory and system performance will suffer.
Switch to the root user.
Download and install Xcode: http://developer.apple.com/tools/xcode/index.html
Download and install MacPorts: https://www.macports.org
port -d selfupdate
port install rsnapshot
Edit the rsnapshot configuration file (PLEASE BE AWARE OF THE FOLLOWING RULES: This file requires tabs between elements)
Content of rsnapshot.conf:
interval hourly 6
interval daily 7
interval weekly 4
interval monthly 3
I don't want to backup these filetypes so I define the exceptions:
backup email@example.com:/path/to/the/web/root/ mydomain1.com/
backup firstname.lastname@example.org:/path/to/the/web/root/ mydomain2.com/
Launchd must be able to login to the remote webservers via ssh. So we have to set up key-based logins
WITHOUT passphrases so that no interaction is required and everything can run in batch-mode.
Enable key-based logins: http://www.rsnapshot.org/howto/1.2/rsnapshot-HOWTO.en.html#backup
In addition to full paths on the local filesystem, you can also backup remote systems using rsync over ssh. If you have ssh installed and enabled (via the cmd_ssh parameter), you can specify a path like:
backup email@example.com:/etc/ example.com/
This behaves fundamentally the same way, but you must take a few extra things into account.
* The ssh daemon must be running on example.com
* You must have access to the account you specify the remote machine, in this case the root user on example.com.
* You must have key-based logins enabled for the root user at example.com, without passphrases. If you wanted to perform backups as another user, you could specify the other user instead of root for the source (i.e. firstname.lastname@example.org). Please note that allowing remote logins with no passphrase is a security risk that may or may not be acceptable in your situation. Make sure you guard access to the backup server very carefully! For more information on how to set this up, please consult the ssh man page, or a tutorial on using ssh public and private keys. You will find that the key based logins are better in many ways, not just for rsnapshot but for convenience and security in general. One thing you can do to mitigate the potential damage from a backup server breach is to create alternate users on the client machines with uid and gid set to 0, but with a more restrictive shell such as scponly.
* This backup occurs over the network, so it may be slower. Since this uses rsync, this is most noticeable during the first backup. Depending on how much your data changes, subsequent backups should go much, much faster since rsync only sends the differences between files.
The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity
(protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key
in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), or ~/.ssh/id_rsa.pub (protocol 2
RSA) in the user's home directory. The user should then copy the public key to ~/.ssh/authorized_keys in
his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional
~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log
in without giving the password.
Create a key pair and don't enter a passphrase!
As we are logged in as root the files will be created here:
Private key: id_rsa
Public key: id_rsa.pub
Copy the public key to the remote servers:
Connect to the remote server via ssh and create this file:
Then copy the content of the local file /var/root/.ssh/id_rsa.pub to the remote file ~/.ssh/authorized_key
The file has one key per line!
A line looks like this (ATTENTION: the user has to be root@... !)
ssh-rsa .............. root@NameOfMyComputer.local
Now you can test if you can login to the remote user without having to enter the password:
Setup the LaunchDaemons so that the backups are run periodically:
Download launchd plist files for rsnapshot: rsnapshot_launchd_plists.tgz
launchctl load -w /Library/LaunchDaemons/org.rsnapshot.periodic-daily.plist
launchctl load -w /Library/LaunchDaemons/org.rsnapshot.periodic-hourly.plist
launchctl load -w /Library/LaunchDaemons/org.rsnapshot.periodic-monthly.plist
launchctl load -w /Library/LaunchDaemons/org.rsnapshot.periodic-weekly.plist
A program to edit these launchd plist files:
Check if all four jobs are now active:
Check if the jobs can be run:
launchctl start org.rsnapshot.periodic-hourly
You could also test it with this command but it doesn't simulate the execution of the batch-job:
/opt/local/bin/rsnapshot -t hourly
If you are logged in as another user than root you could also run: sudo /opt/local/bin/rsnapshot -t hourly
But be aware that you might get different results compared to running the batch job. This command might work while the command launchctl start org.rsnapshot.periodic-hourly might not work because of an error in the configuration. Especially if you accidentally entered a passphrase for your key pair.
Does it create the backup?
du -hc /Users/phil/Documents/Daten/Inet/Backup/
If you just want to see to a depth of 2 in the tree:
du -hc -d 2 /Users/phil/Documents/Daten/Inet/Backup/
Check the logfile:
If you want to access the backup files with another user than root you could run these commands:
chown -R phil *
Congratulations! Your'e done. Switch back to the normal user.
Configuring rsnapshot and launchd on Mac OS X: http://www.justatheory.com/computers/os/macosx/rsnapshot_and_launchd.html
Using Rsnapshot and SSH: http://troy.jdmz.net/rsnapshot/
A plist can also be run under a certain user:
Thanks to Maximilian Schmid for bringing rsnapshot to my attention and helping out.