[wplug-internet] Backups

Bill Moran wmoran at potentialtech.com
Mon Jun 15 14:11:56 EDT 2009

In response to Vance Kochenderfer <vkochend at nyx.net>:

> Michael Semcheski <mhsemcheski at gmail.com> wrote:
> > We have a script that ssh's to their computer, mounts an encrypted
> > file system using fuse.
> Now that's a really intriguing idea.  I was stuck thinking of GPG-
> encrypted tarballs, which as noted doesn't give you the efficiency
> benefit of rsync.  Is there a de-facto leader in encrypted FS?  I
> would assume Bill's target machine is FreeBSD, so it would need to
> be cross-platform, right?

Not really, the FUSE mounted filesystem can be an actual file.  Since
all the logic is running on the Linux machine, and it's just file
reads/writes, it would work on anything that can do file read/writes
over SSH.  Although I've never actually used this technique, so it's
possible there are problems I'm not forseeing.

> There's one other possible difficulty - since we need to back up
> root-owned files, then either the target will need root access to
> the server, or the server will need root access to the target.
> Unless there's a way to maintain root ownership of files on the
> target machine without needing root access (some sort of jail, or
> a filesystem mount option, maybe)?

Again, since the FUSE mounted filesystem is is just a file on my
computer, the script running on the Linux machine _should_ be able
to maintain ownerships without any special setup on my end.

> Bill's question about how much data are sensitive is a good one,
> too.  It's actually a pretty small number.  If I take an expansive
> view, it probably extends to the membership list, system password
> files, wiki passwords (embedded in the MySQL DB files), mailman
> subscription lists and passwords, and possibly items contained in
> individual users' home directories.  The hard part is that I don't
> know how simple it would be to segregate this stuff out.

If we go the FUSE route, it doesn't really matter, since the entire
"partition" will be encrypted.  That's a clever way to work around
that problem that I hadn't considered.

Bill Moran

More information about the wplug-internet mailing list