In association with heise online


Running duplicity from the command line can be labourious, even given the extensive English-language man page included with it: environmental variables must be passed with each call, and you end up perpetually retyping the same (often lengthy) options. Our ftplicity wrapper script reduces the repetitive typing load to a minimum. The fundamental idea behind ftplicity is that all backup and restore processes are usually executed in the same working environment: access data for the FTP server, GPG key, passwords and information about the base directory and on the files and directories to be excluded from the backup do not generally change.

A complete server backup requires root rights, which means that what follows presumes that you are working as root. The script can be stored without worries in /usr/local/bin, for example, and made read-and-write accessible to all users. All sensitive data such as GPG passwords and FTP access data are put in the .ftplicity configuration directory in the executing user's home directory. For security purposes, ftplicity runs

chmod -R go-rwx ~/.ftplicity

every time it is called to protect against unauthorised access. ftplicity creates a sample configuration in the conf file when called for the first time.

For a server backup, you should first create a GPG key as root with gpg --gen-key. That key will then be used exclusively for the backup. Its eight-digit key ID and the password associated with it are to be entered into the config files as the GPG_KEY and GPG_PW variables.

The SOURCE variable contains the base directory for the backup. The "/" default is appropriate for root servers that are to be reset to their previous state following a drive crash with the least amount of time and effort possible. For TARGET and TARGET_PW enter the access data for your FTP backup server as stipulated by your provider. It is recommended that you create a separate subdirectory for backups on the FTP server to make it easier to distinguish between various versions of the backups.

Removing the hassle

Another file, exclude, must still be created in the configuration directory. It contains a list of directories and files -- one name per line -- that are to be excepted from the backup. /dev, /proc and /sys should not be included when backing up the entire file system, since some special files can cause serious problems when read out. It is also recommended that you exclude the /tmp, /var/tmp and /var/run directories. Error messages can arise during the reading of socket or pipe files. While not critical, they usually can be suppressed through corresponding entries in exclude.

The wildcard symbol "*" has the same meaning as in the shell: it looks within the specified directory for every file and directory name fitting the pattern. "**" serves as a special wildcard that searches through subdirectories at all depths. "/home/user/*.mp3" for example will exclude "/home/user/a.mp3" and "/home/user/b.mp3" from the backup, but not "/home/user/tmp/x.mp3". "/home/**.mp3" by contrast excludes all files (and directories) with the ending ".mp3" no matter how deep in the /home directory they are hidden.

If a line in the exclude file begins with a plus symbol and then a blank space, the entry that follows it will be included in the backup even if other entries further along in the list would otherwise exclude it. As this implies, the order of entries is important within the exclude file.

The pre and post scripts are also very useful: they are started by ftplicity before and after a backup, insofar as they are present and executable. These can be used prior to and following the backup to execute necessary steps such as temporarily halting a critical service or creating a dump of a heavily frequented MySQL database.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit