8. Backup and Restore Procedures

Performing regular backups should be considered one of a responsible system administrator's top priorities. Although Linux is an extremely reliable operating system, failures can, do, and probably will occur. They may be caused by hardware failure, power outages, or other unforeseen problems.

More likely will be those problems caused by human error, resulting in undesired changes to, or even deletions of, crucial files. If you are hosting users on your system, you will most certainly be requested to restore an inadvertently deleted file or two.

If you perform regular backups, preferably on a daily basis (at least for user files which are updated often), you will hopefully reduce the possibility of, and increase your recovery from, such file lossage.

The safest method of doing backups is to record them on separate media, such as tape, removable drive, writeable CD, etc., and then store your backup sets in a location separate from your Linux system. Sometimes this may not be practical -- perhaps you do not have a fire-proof vault in which you can store your backup tapes! Or perhaps you do not have access to such an external backup system in the first place. Nonetheless, backups can still be performed, albeit on a slightly limited basis.

At my place of employment, I perform backups on several Linux servers. Depending on the situation, some of these backup sets are written to tapes, others are written to a separate server over the network, while still others are simply written to a separate disk partition (for example, in the ``/archive/'' file system) by an automatic cron job (perhaps because the server is in a remote location, for which a daily visit to perform a tape backup is impractical or impossible).

At home, I do not have an external backup system, nor do I have massive amounts of available disk space to write a backup image. Therefore, I instead back up only my user files on ``/home/'' as well as some customized configuration files in ``/etc/'', writing the backup set to a separate disk partition.

8.1 Server Backup Procedures

There are a variety of methods of performing backups with Linux. These include command-line tools included with every Linux distribution, such as ``dd'', ``dump'', ``cpio'', as well as ``tar''. Also available are text-based utilities, such as ``Amanda'' and ``Taper'', which is designed to add a more user-friendly interface to the backup and restore procedures. There are GUI-based utilities as well, such as ``KDat''. Finally, commercial backup utilities are also available, such as ``BRU'' and ``PerfectBackup+''. Any one of these backup solutions can provide protection for your valuable data.

A brief listing of some of the tools available, including where they can be obtained, can be found on the "Linux Applications and Utilities Page", at http://www.xnet.com/~blatura/linapp2.html#back. When deciding on a backup solution, you will need to consider the following factors:

• Portability - Is backup portability (ie. the ability to backup on one Linux distribution or implementation of Unix and restore to another; for example from Solaris to Red Hat Linux) important to you? If so, you'll probably want to choose one of the command-line tools (eg. ``dd'', ``dump'', ``cpio'', or ``tar''), because you can be reasonably sure that such tools will be available on any *nix system.

• Unattended or automated backups - Is the ability to automate backups so that they can be performed at regular intervals without human intervention important to you? If so, you will need to choose both a tool and a backup medium which will support such a backup scheme.

• User-friendliness - Is a user-friendly interface important to you? If so, you will likely want to choose a tool which provides a text- or GUI-based interface. The commercial utilities may provide the easiest interfaces as well as added technical support.

• Remote backups - Is the ability to start backups and restores from a remote machine important to you? If so, you'll probably want to choose one of the command-line tools or text-based utilities instead of the GUI-based utilities (unless you have a reasonably fast network connection and the ability to run remote X sessions).

• Network backups - Is performing backups and restores to and from networked hosts important to you? If so, you'll probably want to use one of several of the command-line utilities (such as ``tar'') which support network access to backup devices, or a specialized utility such as ``Amanda'' or one of several commercial utilities.

• Media types - Backups can be stored on a variety of medium, such as tape, an extra hard drive, ZIP drives, or rewritable CDs. Consider cost vs. reliability, storage capacitity, and transfer speed.

Note: When backing up your file systems, do not include the ``/proc'' pseudo-filesystem! The files in /proc are not actually files but are simply file-like links which describe and point to kernel data structures. Backing up a file like ``/proc/kcore'', which is actually a pseudo-file containing the contents of your entire memory, seems like a pretty big waste of tape to me! :-) You will also likely want to avoid backing up the ``/mnt'' file system, unless you have the peculiar desire to back up the files from your CD-ROM device, floppy drive, network file shares, or other mounted devices.

Obviously, the procedures for performing a backup and restore will differ depending on your choice of a backup solution. However, in this section, I will discuss methods for performing backups with the two tools I use most: ``tar'' (whose name stands for "Tape ARchiver"), which is a command-line backup tool largely portable across *nix systems; as well as ``KDat'', a GUI-based tape backup utility which comes included with the KDE packages (see the KDE Installation and Configuration section for more information on KDE).

Finally, I should add that, depending on your choice of backup solution, even if the tool doesn't have the ability built-in to schedule automated or unattended backups, you may be able to automate such backups by using the cron facilities. See the "Automating Tasks with Cron and Crontab files" section for details on using cron and on creating crontab schedule files.

Backing up with ``tar'':

If you decide to use ``tar'' as your backup solution, you should probably take the time to get to know the various command-line options that are available; type "man tar" for a comprehensive list. You will also need to know how to access the appropriate backup media; although all devices are treated like files in the Unix world, if you are writing to a character device such as a tape, the name of the "file" is the device name itself (eg. ``/dev/nst0'' for a SCSI-based tape drive).

The following command will perform a backup of your entire Linux system onto the ``/archive/'' file system, with the exception of the ``/proc/'' pseudo-filesystem, any mounted file systems in ``/mnt/'', the ``/archive/'' file system (no sense backing up our backup sets!), as well as Squid's rather large cache files (which are, in my opinion, a waste of backup media and unnecessary to back up):

tar -zcvpf /archive/full-backup-`date '+%d-%B-%Y'`.tar.gz \
    --directory / --exclude=mnt --exclude=proc --exclude=var/spool/squid .

Don't be intimidated by the length of the command above! As we break it down into its components, you will see the beauty of this powerful utility.

The above command specifies the options ``z'' (compress; the backup data will be compressed with ``gzip''), ``c'' (create; an archive file is begin created), ``v'' (verbose; display a list of files as they get backed up), ``p'' (preserve permissions; file protection information will be "remembered" so they can be restored). The ``f'' (file) option states that the very next argument will be the name of the archive file (or device) being written. Notice how a filename which contains the current date is derived, simply by enclosing the ``date'' command between two back-quote characters. A common naming convention is to add a ``tar'' suffix for non-compressed archives, and a ``tar.gz'' suffix for compressed ones.

The ``--directory'' option tells tar to first switch to the following directory path (the ``/'' directory in this example) prior to starting the backup. The ``--extract'' options tell tar not to bother backing up the specified directories or files. Finally, the ``.'' character tells tar that it should back up everything in the current directory.

Note: It is important to realize that the options to tar are cAsE-sEnSiTiVe! In addition, most of the options can be specified as either single mneumonic characters (eg. ``f''), or by their easier-to-memorize full option names (eg. ``file''). The mneumonic representations are identified by prefixing them with a ``-'' character, while the full names are prefixed with two such characters. Again, see the "man" pages for information on using tar.

Another example, this time writing only the specified file systems (as opposed to writing them all with exceptions as demonstrated in the example above) onto a SCSI tape drive follows:

tar -cvpf /dev/nst0 --label="Backup set created on `date '+%d-%B-%Y'`." \
    --directory / --exclude=var/spool/ etc home usr/local var/spool

In the above command, notice that the ``z'' (compress) option is not used. I strongly recommend against writing compressed data to tape, because if data on a portion of the tape becomes corrupted, you will lose your entire backup set! However, archive files stored without compression have a very high recoverability for non-affected files, even if portions of the tape archive are corrupted.

Because the tape drive is a character device, it is not possible to specify an actual file name. Therefore, the file name used as an argument to tar is simply the name of the device, ``/dev/nst0'', the first tape device on the SCSI bus. Note: The ``/dev/nst0'' device does not rewind after the backup set is written; therefore it is possible to write multiple sets on one tape. (You may also refer to the device as ``/dev/st0'', in which case the tape is automatically rewound after the backup set is written.)

Since we aren't able to specify a filename for the backup set, the ``--label'' option can be used to write some information about the backup set into the archive file itself.

Finally, only the files contained in the ``/etc/'', ``/home/'', ``/usr/local'', and ``/var/spool/'' (with the exception of Squid's cache data files) are written to the tape.

When working with tapes, you can use the following commands to rewind, and then eject your tape:

mt -f /dev/nst0 rewind
mt -f /dev/nst0 offline

Note: You will notice that leading ``/'' (slash) characters are stripped by tar when an archive file is created. This is tar's default mode of operation, and it is intended to protect you from overwriting critical files with older versions of those files, should you mistakenly recover the wrong file(s) in a restore operation. If you really dislike this behavior (remember, its a feature!) you can specify the ``--absolute-paths'' option to tar, which will preserve the leading slashes. However, I don't recommend doing so!

Backing up with ``KDat'':

If you are using the KDE desktop environment, I believe you will find the ``KDat'' utility both powerful as well as user-friendly. In addition, an added bonus is that KDat uses ``tar'' as its backup engine. Therefore, backup sets written with KDat can be read not only with KDat but with tar as well! This makes KDat a very nice choice for both user-friendliness as well as backup portability. Note: Even if you choose not to use nor install the KDE package, you can still use KDat as long as you have the Qt libraries installed.

The first time you run the KDat program, you will need to create a backup profile. Such a profile tells KDat which files on your system you would like to back up. If you wish, you can create more than one backup profile, depending on your needs (for example, you could create a profile called "Full Backup" for a full system backup, and "Quick Backup" for a backup of user files only).

To create a backup profile, either choose "Create Backup Profile" from the "File" option on menu bar (or right-click on the "Backup Profiles" folder, then choose "Create Backup Profile"). On the right hand side of the KDat window, you can change various settings, such as the profile name, archive name, tar options, as well as others. Click the "Help" menu for more information on what these settings are for.

To specify which files should be included in your backup profile, left-click the checkbox beside the ``/'' directory folder. This will enable all files in and below this directory for backups. Then, left-click on the small ``+'' sign beside the folder. This will expand the folder, showing a list of files in and below it. This will allow you to exclude any files you do not wish to backup; simply left-click the checkbox beside each file or directory you wish to exclude. For example, a full backup should probably have every file and directory checkmarked, with the exception of the ``/proc'' (a pseudo-filesystem containing information about your running system), ``/mnt'' (a directory below which CD-ROM drives, floppies, and network shares are usually mounted), and, if you are a Squid user, ``/var/spool/squid'' (Squid's cache data files). Once you have selected the appropriate files, left-click on the backup profile you are creating, then left-click the "Files >>" button to move the selected files list to your backup profile.

Note: Should your server data be larger in size than can be physically stored on a tape, you will need to create separate backup profiles, one for each portion of your backup set.

To actually perform a backup, insert a tape into the drive, and then choose "Mount Tape" from the "File" menu (or left-click the icon that looks like a tape). This will "mount" the tape (actually, because a tape device is a character device, it isn't actually possible to mount it -- what KDat actually does is to first rewind the tape, attempts to read in header information, and if successful, find the corresponding tape index on your hard drive. Otherwise, KDat will prompt you to format the tape. (Note: If KDat keeps complaining that a tape isn't in the drive and it actually is in the drive, you should ensure the correct tape device name is specified in the preferences; left-click the "Edit" option on the menu bar and choose "User Preferences".)

Once KDat has mounted the tape, before you start the backup you must first choose the backup profile you wish to use for the backup. To start the backup, simply right-click on the desired backup profile, and then left-click on the "Backup" option. KDat will first display a dialog box showing you the details of the backup profile you have selected; left-click the "Ok" button to start the backup.

While the backup is in progress, KDat will display a dialog box showing various statistical information (elapsed time, backup size, backup rate, estimated time remaining, as well as the number of files and total bytes written), and display a list of files as they are backed up. A full backup containing several gigabytes of data might take several hours to complete. If you find it necessary, you can left-click the "Abort" button at any time to interrupt the backup process.

Once the backup is complete, you can unmount the tape by choosing "Edit" from the menu bar, and then "Unmount Tape", or left-click on the tape icon, which will rewind and eject the tape.

8.2 Server Restore Procedures

Unarguably, the one thing that is more important than performing regular backups is having them available when it comes time to recover an important file!

Obviously, as discussed in the "Server Backup Procedures" section, the procedures for performing a restore will differ depending on your choice of a backup solution. In this section, I will discuss methods for restoring files which have been backed up with ``tar'' and ''KDat''.

Restoring with ``tar'':

( Under construction )

Note: Extracting files from a tar archive can be a dangerous thing to do, and should therefore be done with caution. Perhaps the files were not archived without a file path prepended, meaning they will all be extracted to the current directory. Perhaps the files were archived with leading ``/'' slashes (by specify the ``--absolute-paths'' option when the archive was created), meaning the files will be restored to their absolute locations (even if you didn't want them to be). Or, perhaps, the files were archived without leading ``/'' slashes, meaning the files will be restored under the current directory (even if you didn't want them to be). For this reason, I strongly recommend testing your ``tar'' command with a ``t'' (type) option first, and then replace the ``t'' with an ``x'' (extract) when you are sure the command will do what you expect it to.

As mentioned in the "Server Backup Procedures" section, when creating an archive file, tar will strip leading ``/'' (slash) characters from file path names. This means that restore files may not end up in the same locations they were backed up from. Therefore, either change to the ``/'' root directory, or use the ``--directory /'' option. Note: A far safer solution is to restore the desired files under a different directory (for example, your home directory), and then compare, move, or update the files to their original locations afterward.

Restoring with ``KDat'':

To restore one or more files from a KDat-created backup set, insert the backup tape into the drive, choose "Mount Tape" from the "File" menu option (or left-click on the icon that looks like a tape).

KDat will try to read header information from the tape, and if successful, will then try to find the tape index which matches the identification found in the tape header. This tape index is stored on your hard drive, and is a unique file created for each backup tape formatted by KDat, and is updated each time you perform a backup.

If this corresponding tape index is missing (perhaps you are restoring from a backup set created on another machine, or the index file was deleted or somehow corrupted on your hard drive), KDat will inform you of this fact, and ask you if it is okay to recreate the index by reading the tape. Because you will need to recreate it before you will be able to restore your desired files, it makes perfect sense to left-click "Yes". (Note: Once a tape is reindexed, its name is changed to "Reindexed Tape". You should rename the tape to its original name.)

Once the tape index has been successfully read, it can then used to select the directories or files you wish to restore from the backup set, in much the same manner you used when creating your backup profiles (see the "Server Backup Procedures" section for detailed instructions on the file selection process).

Once you have selected the appropriate files, you can start the restoration process by choosing "Restore..." from the "File" option on the menu bar (or left-click the tape restore icon). KDat will display a dialog box, allowing you to confirm which files will be restored. In addition, you have the option of specifying a directory into which files will be restored. This will allow you to restore critical system files into your home directory, and then compare, move, or update those files to their intended location later on. This is actually the safest way of restoring files.

To begin the recovery process, click the "Okay" button. KDat will then scan the tape and restore the selected files.

On occasion, you may find it necessary or useful to restore one or more files from a backup set created with KDat without using KDat to do so. Perhaps you would like to restore such files on a system that does not offer a GUI-based environment, or would like to do so over a slow network connection through which remote execution of KDat would be impractical. Fortunately, KDat writes its backup data sets using the ``tar'' tool, a command-line based tool that is available on any *nix system.

Should you wish to restore your KDat-created backup set using tar, simply do so using whatever options you would with any normal backup set created with tar itself. Bear in mind, however, that data sets are not stored in compressed format. Note: You will almost certainly get an error message when trying to access the KDat backup set with tar. This is because of the header and other information that KDat added to the tape when it was first formatted. Simply repeat the tar command two or three times to skip to the beginning of the actual tar archive file..

8.3 Cisco Router Configuration Backups

At my place of employment, we have a WAN connecting several remote locations. These remote locations have Cisco routers connected via ISDN, or in some instances, Centrex data circuits, to provide Internet and WAN connectivity. Cisco router products allow using TFTP ("Trivial File Transfer Protocol") on a network server to read and write configuration files. Whenever a router configuration is changed, it is important to save the configuration file on the Linux server so that a backup is maintained.

Please note that Red Hat disables the TFTP service by default, because it can be a real security hole if not configured properly. The TFTP daemon allows anyone to read and write files without performing authentication. The way I personally set things up is to create a ``/tftpboot/'' directory, owned by root, and then modify the existing configuration line in the ``/etc/inetd.conf'' file to specify the file location:

---

tftpd   dgram   udp    wait   root   /usr/sbin/tcpd  in.tftpd  /tftpboot

---

Note: Adding the ``/tftpboot'' path at the end of the above line specifically indicates where the TFTP daemon is allowed to access files. Although you can actually leave this part out and allow TFTP to access files anywhere on your system, as TFTP is considered somewhat of a security risk, this would probably be a very bad idea.

Once you have enabled the TFTP service, don't forget to type:

killall -HUP inetd

The above command restarts the INETD daemon to recognize whatever changes you have made to the inetd.conf file.

Creating a backup of a router configuration file involves a 3-step process: setting permissions on an existing file (or creating a new one) to allow writes, writing the backup file, and then resetting permissions to restrict access to the file. An example router backup session follows:

mail: # cd /tftpboot

mail:/tftpboot# chmod a+w xyzrouter-confg

chmod: xyzrouter-confg: No such file or directory

mail:/tftpboot# touch xyzrouter-confg

mail:/tftpboot# chmod a+w loyola-confg

mail:/tftpboot# telnet xyzrouter

Escape character is '^]'.

User Access Verification

Password: ****

xyzrouter> enable

Password: ****

xyzrouter# write network

Remote host []? 123.12.41.41

Name of configuration file to write [xyzrouter-confg]?

Write file xyzrouter-confg on host 123.12.41.41? [confirm]

Building configuration...

Writing xyzrouter-confg !! [OK]

xyzrouter# exit

Connection closed by foreign host.

mail:/tftpboot# chmod a-wr,u+r xyzrouter-confg

mail:/tftpboot# exit

In case of router failure (caused, for example, by a power surge during a lightning storm), these backup files can be helpful to reload the router configuration. Again, restoring from a configuration file involves a 3-step process: setting permissions on the existing file, loading the file, and then resetting permissions to restrict access to the file. An example router restoration session follows.

mail: # cd /tftpboot

mail:/tftpboot# chmod a+r xyzrouter-confg

mail:/tftpboot# telnet xyzrouter

Escape character is '^]'.

User Access Verification

Password: ****

xyzrouter> enable

Password: ****

xyzrouter# config network

Host or network configuration file [host]?

Address of remote host [255.255.255.255]? 123.12.41.41

Name of configuration file [xyzrouter-confg]?

Configure using loyola-confg from 123.12.41.41? [confirm]

Loading xyzrouter-confg from 123.12.41.41 (via BRI0): !

[OK - 1265/32723 bytes]

xyzrouter# write

xyzrouter# exit

Connection closed by foreign host.

mail:/tftpboot# chmod a-wr,u+r xyzrouter-confg

mail:/tftpboot# exit