Use SSHFS With rdiff-backup
An excellent tool to create backups is rdiff-backup. It is based on SSH, and the feature of SSH to execute a command on a remote system, as long as you can log in to this machine with SSH.
Now I've been experimenting with SSHFS, and one of the things it can be used for is rdiff-Backup. Sshfs is a FUSE module, which allows you to mount the remote system. A normal backup looks like (assuming ssh access is ok):
rdiff-backup --preserve-numerical-ids 192.168.0.10::/home/sbon /srv/rdiff/backup/192.168.0.10/home/sbon
Now with SSHFS it looks like:
install --directory /srv/rdiff/mounts/192.168.0.10
sshfs -o ro 192.168.0.10:/ /srv/rdiff/mounts/192.168.0.10
rdiff-backup --preserve-numerical-ids /srv/rdiff/mounts/192.168.0.10/home/sbon /srv/rdiff/backup/192.168.0.10/home/sbon
It looks like this construction has only advantages:
- the backup process is slightly faster. I've done some testing and all of my cases the backup over sshfs was a little bit faster (5 a 10 %).
- with sshfs it is possible to mount the remote system read-only, which increases the security. This is not an optimal security measurement: this readonly flag should not be controlled on this system (where the backup is made) , but on the remote system. I've tried to find out how, but there is no way in the Ssh server to make access read-only. Somebody knowing a way to do it, please let me know.
- it is possible to make more than one backup using only one SSHFS mount. When all backups are done, the sshfs connection with the remote system can be caunmounted.
- there is no need for rdiff-backup to be installed on the remote system.
One possible disadvantage (I'm not sure yet) is that sshfs does not support extended attributes. At this moment [26 august 2007] I'm trying to find out for sure.
I've send an email about this to Miklos Szeredi, the writer of SSHFS. SSHFS lacks support of ACL's because the sftp-server in OpenSSH doesn't support it. According to M. Szeredi "the OpenSSH developers have been reluctant to add support for newer protocol versions".