backups--a cautionary tale and two questions
Seth Gordon
sethg at ropine.com
Sun Oct 30 20:30:37 EST 2005
A few weeks ago, it was Yom Kippur, the time for Jews to reflect on the
grievous errors they have made over the previous year. I've been
reflecting on the error of not backing up my server. You know how every
introduction-to-RAID document warns that RAID is not a substitute for
making backups? Well, it's worse than that. Since it's harder to
reconstruct data from a striped RAID partition than from a regular
partition, data recovery services charge four times as much.
So my wife and I have lost several years of archived email and our
library database. My blog has been down for about two months because I
haven't had time to reconstruct it from the entries on an older server
and the search-engine caches. O, I have sinned!
Fortunately, when my wife left MIT she took *two* discarded G4s with
her, so I do have a server up again, and *this* time, by golly, it's
getting backed up. Nothing fancy (since fancy solutions take time to
set up and administer and therefore, in practice, don't get done): a
cron job uses dump to make incremental backups of the /, /usr, /home,
and /var partitions, and then uses unison (which is like rsync) to copy
the dump files to my friend's server.
The remote backups are not encrypted, because I'm more worried about
forgetting whatever password I'd use to encrypt them than I am about my
friend snooping into my email archives. However, since the dumped root
partition contains /etc/shadow, I am a *little* worried about some third
party breaking into my friend's machine, discovering my dump files, and
using them to break into mine. And if I ever do need to reconstruct my
system from backups, it's not like I need to reconstruct it with exactly
the same passwords as before.
So my questions for the assembled multitude are:
(1) The cron job does not unmount partitions before dumping them. What
are the consequences of this? (If the only consequence is "every once
in a while some process will be modifying a file on a partition while
it's being dumped, and that file will not be backed up or that dump will
be aborted", I can live with that.)
(2) What files, other than /etc/shadow, should I be flagging as not to
be dumped?
More information about the Discuss
mailing list