Monday, December 26, 2011

Backup Your Mac to Hidden Location

This last weekend I almost lost all the pictures. We have four kids, and have tons of pictures. I had set up the user accounts on our Mac on an external mirrored drive, connected by Firewire. This was mostly good, but this weekend all the applications just refused to connect because of some kind of weird permissions issue. I went through all sorts of stuff to get it working, but at the end of the day I just created a new account and copied all the files over to internal drive on the Mac, then changed ownership of all the files, and thought I was good to go.

That was until my wife went to make a Christmas book for her grandmother. Some of the pictures were missing, and all were blurry. The full sized photos were gone. I ended up having to restore everything from Time Machine, which is good for those kinds of things, so everything turned out ok. But I have always been worried about what would happen if the Mac and the connected drives were stolen. I could use an online backup service... but I don't like to do that. There had to be a better way.

I found that you could use the UNIX application rsync to create a little script that would back up every file to a remote rsync server. I did not have one of those, but I did have a USB drive connected to my home wireless router, so I figured I could set is up to copy the files to that. No go. rsync does not work very well connecting to a samba server on the other end. I had to set up a real rsync server.

There was an old PC in the basement that I had set up a copy of Ubuntu Linux on last year. Setting up Ubuntu is ridiculously easy, especially on a PC that is a few years old. Just go to ubuntu.com, download the latest copy, put it on a USB stick, and boot to it. It sets up everything automatically.

As I researched this, I found out I could very easily set up an rsync server on the Linux box and copy over files from the Mac, but it was too easy. It was too easy because rsync is not secure. All the files were sent over my wireless unencrypted. I don't like doing things unencrypted, not protected by passwords. When security is so easy to add in to a system, it is worth taking a few extra minutes to do things right.

What I discovered was that you could set up rsync to operate over secure shell (ssh), which is encrypted. Furthermore, there is a feature built into ssh that allows trusted computers to login without having to use a username or password by using public/private key encryption. So this is what I set up. There is a simple two line script I put on the Mac that I set to run once a week, and it copies over just the changed files from the Mac to the Linux box hidden in the basement. I have moved over to a 802.11n system, so the wireless runs nice and fast, good for transferring all those gymnastics pictures and videos.

So, the process is as follows:

Give your linux box a static IP address so you can ssh to it. If you are fancy, give it a name on your internal DNS server. I am not that fancy.

Set up the mac to be able to ssh to the linux box with signatures by generating a keypair, doing a secure copy to the non-root user account on the linux box (call it backupuser or something like that), and putting it in the trusted keys file. See this website on ssh keygen mac to see how it is done.

Make a directory on the Linux box to store the backup files. I store mine on the external USB drive, so I created a directory called /media/Volume/USBdrive/mac_backup and gave the ownership of the directory to backupuser on the linux box.

After you do this, you want to make sure that the USB drive mounts when the linux box is rebooted. Mine didn't, so I had to make an entry in the /etc/fstab file to make sure it mounted on boot.

Create a rsyncd.conf file in the /home/backupuser directory. This is the tricky part - do not configure the main box's rsync server or its rsync.conf file. This is going to be a mini-rsync server that is kicked off when the mac does a ssh to the backupuser account on the linux box. Here is what the rsyncd.conf file should look like:
[mac_backup]

path = /media/Volume/mac_backup

read only = false

use chroot = false
Then create the script in a text file on the Mac and name it something like rsync_backup_script.txt. It should contain something like this (the \ is for where I had to fit it onto this page, don't actually type the \ and do put everything on the same line. Also substitute @ for (at character)):
#!/bin/bash

rsync -azv --delete --exclude '.DS_Store' --rsh="ssh -l backupuser"\

/Users/ backupuser(at character)192.168.5.5::mac_backup
The rsync command copies any new or changed files from the Mac to the Linux box. It also deletes any files on the backup that have been deleted on the Mac.

Make the script executable. There is some way to do this with the GUI, but I just open the terminal on the mac, navigate to the directory with the file, and type:
sudo chmod u+x rsync_backup_script.txt
Now test everything! You could just go for it and execute the script by entering on the command line:
./rsync_backup_script.txt
If that does not work you then need to step through the parts of the process - make sure you can ssh without using a password, check the file permissions on the Linux box, check the rsyncd.conf file, and even enter the command on the Mac terminal line by itself to make sure everything works.

It will take hours for the first backup if your system is anything like mine. The script is set up to compress any files it can, and in future backups it will only transfer the changes.
This is not limited to backing up Mac's. You can do the same thing with Windows boxes by installing Cygwin on the Windows machine and going through a similar process. Just create another directory on the backup drive, create a second profile in the rsyncd.conf file that uses a different profile name and points to the new drive location, and you are off and running.

If you do have to use your backup, you can use the opposite command to copy the files back to the Mac. Hopefully you won't have to do that, though! Something like this should work:

rsync -azv --rsh="ssh -l backupuser" backupuser(at character)192.168.5.5::mac_backup /Users/
That is the complete exercise. I have gone through the files on the Linux box and made sure they are there, so I am happy. The box has no screen or keyboard connected to it, and it looks like a chunky old PC that no one wants. The noisy 1TB mirrored hard drives in the external array are a little noisy, which is another good reason to keep it hidden away.

Of course I still make a USB copy every once in a while and take it to work, but that is the backup to the backup to the backup. Hopefully I will have good copies of my files available for many years to come.

No comments:

Post a Comment