Browse Source

Add 'infrastructure/server-backup-with-rsync.md'

master
Dashamir Hoxha 4 years ago
parent
commit
f88c9e5765
1 changed files with 77 additions and 0 deletions
  1. +77
    -0
      infrastructure/server-backup-with-rsync.md

+ 77
- 0
infrastructure/server-backup-with-rsync.md View File

@@ -0,0 +1,77 @@
# Server Backup

There are many ways to make a server backup, but we will use `rsync` (remote sync), `bindfs`, and `rssh` (restricted shell).

## Create a backup user with restricted shell access

1. Install rssh:

```console
apt list rssh
apt show rssh
apt install rssh
```

2. Create a user for backups that uses the restricted shell:

```console
useradd apps_backup -m -s /usr/bin/rssh
ls -al /home/apps_backup/
grep apps_backup /etc/passwd
```

3. Edit `/etc/rssh.conf` to allow `rsync` and use a chroot jail for restricting access:

```console
allowrsync
chrootpath = /home/apps_backup
```

4. Test that the shell of the user `apps_backup` is restricted:

```console
su apps_backup
```

## Create a read-only view of the parts of the filesystem that need to be backed up

1. Install `bindfs`:

```console
apt list bindfs
apt show bindfs
apt install bindfs
```

2. Create mount directories:

```console
mkdir -p /home/apps_backup/opt-scripts
mkdir -p /home/apps_backup/var-ds
```

3. Add these lines to `/etc/fstab` for mounting directories read-only:

```console
/opt/docker-scripts /home/apps_backup/opt-scripts fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0
/var/ds /home/apps_backup/var-ds fuse.bindfs perms=0000:u=rD,force-user=apps_backup,force-group=nogroup 0 0
```

4. Mount them:

```console
mount -a
ls -al /home/apps_backup/opt-scripts
ls -al /home/apps_backup/var-ds
```

5. Test that they are read-only:

```console
sudo -u apps_backup ls -al /home/apps_backup/var-ds
sudo -u apps_backup touch /home/apps_backup/var-ds/test1.txt
```

# References

- http://jorgenmodin.net/index_html/how-to-create-a-read-only-view-of-files-to-back-up-with-e.g.-rsync

Loading…
Cancel
Save