Backup

Backups are more than a good idea these days; they're a necessity. Whether it's photos and documents, or million-dollar databases, losing your data is never a good idea - especially when doing a backup is so simple.

Today, we're going to look at Linux backups. Of all the systems (OS X, Windows, and Linux), Linux is probably the second most simple - falling short only to OS X.

Before we get started, please note that you will be backing up your entire system. That includes anything you have in the trash, any emails you have stored locally, your browser cache and cookies, and the like. Personally, I don't mind backing up all these files, but for the more security conscious, you might not want to.

So, now that we're ready to begin, what tools will be used to backup your system? The same tool you use for making an archive of anything else - tar. If you are interested in further reading about tar, Linuxtopia has a great writeup, or simple drop to console and type "man tar", without the quotes of course. So, let's get to it, shall we? Go ahead and launch your favorite terminal application. From there, we need to authenticate as root, and then run the tar command to backup the system. The commands you should type are as follows:

$ sudo -s
# tar -cvpzf /backup.tgz --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys /

While that's running (yes, it's going to take a while), let's go over what's happening. The sudo command lets us run the following command with super user privileges. When coupled with the -s switch, sudo will "save"; that is, it will essentially let you run commands as super user until you tell it not to, by typing exit.

The tar command we ran had several options tacked onto it. Let's start with the switches:

• c - This creates a new archive (c for create).
• v - This is verbose mode. It prints, on screen, what the tar command is doing.
• p - The p switch preserves file permissions, and is very important if you would ever like to restore your computer from the backup.
• z - The z switch tells tar to compresses the backup file with 'gzip' to make it smaller.
• f - The f switch specifies where to store the backup, /backup.tgz is the file used in this example.

Now, there are some things we don't want to backup. Certain things like temporary process files, files on any devices mounted (network shares, CD/DVDs, other hard drives, etc), and of course, our backup file itself. The tar command lets us exclude certain directories from our backup. You might also want to exclude the /media folder, or any other folder that your particular distribution uses for mounting removable media.

Finally, we need to tell tar what to back up. By entering "/" at the end, we tell tar to start at the root directory and work its way down through the rest of the file system.

Presto! Our system is backing up the entire contents of the drive, minus anything you have explicitly excluded, to our gzipped backup file! Make sure there is enough space on your hard drive for the backup file before you start the backup procedure, or else bad things might happen.

Sit back, sip a cup of coffee, and relax: this is going to take a while. Once the process has finished, you will have a backup.tgz file on the root of your file system. Since leaving a backup on the drive of which you have just backed up is very unwise, you should move it: either to another hard drive, network share, or burn it off to a DVD. Concerning burning it off to DVDs, the ISO9660 format doesn't support files larger than 2GB. (See Wikipedia for more details.) You will want to split the file into multiple ISO9660-friendly parts if you are going to burn it to a DVD. It has been suggested, however I have not tested it, that you could run the following command:

$ sudo tar --create --bzip2 --exclude=/proc --exclude=/lost+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sys --sparse / | growisofs -use-the-force-luke -Z /dev/hda=/proc/self/fd/0

It is also possible to backup directly over the network, although this method has some extra steps. You could, of course, mount a network share locally, and create your backup file there, or you could use the netcat command. As per the nc man page:

The nc (or netcat) utility is used for just about anything under the sun
involving TCP or UDP.  It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6.  Unlike telnet, nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet does with some.

What this means to you is that you can establish a connection between two computer, and have one spew the backup file contents, and the other computer will write it to it's local disk. First we need to start netcat on the receiving end:

$ sudo nc -l -p 1024 > backup.tar.bz2
 

Then you would pipe the tar command through the netcat command on the sending side:

$ sudo tar -cvj  / | nc -q 0  1024
 

In both of these commands, the 1024 is the port number. This number can be anything (preferably from 1024 on up), as long as it is the same on both sides. If you are security conscious, or doing this on an open network, you might want to consider encrypting your backup as it flies across the network. To pipe your backup through SSH (which is inherently encrypted), you would use the following command on the sending end, of course:

$ sudo tar zcvf - /home | ssh  "( cat > home_bkp.tar.gz )"
 

Often times, since it's not pounding your hard drive to read and then write, backing up over the network will be faster.

Restore

The first thing I should mention about restoring is this: BE CAREFUL! If you don't understand what you're doing, you can very likely overwrite something very near and dear to you! Please make sure you understand, in advance, what's going to happen when you run the command to restore!

Restoring is simple. First, we need to determine the system we are restoring our backup to. Did your hard drive crash, did you install a new drive, did you format your drive, or anything else that all of your data is lost? (That's what backups are for, afterall!) Or did you just decide that you wanted to go back in time a bit (perhaps because you broke your distro pretty bad...we've all done it.) Maybe you wanted to try a different distribution? No problem! The process is pretty much the same, with some small caveats.

If your drive is blank, you can restore the backup using another computer. You would extract the files to the drive (don't worry, I'll show you in a minute how to do that), and install a new bootloader. If you have a distro on your drive already (with a working bootloader), you can run the restore command, reboot, and everything will be back to normal. Keep in mind, restoring will overwrite data, but not necessarily erase anything. If you had Ubuntu, and you wanted to try out SuSE, restoring your Ubuntu backup will get you back to Ubuntu, but you will probably still have some remnants of SuSE left over. Every little bit takes up space, so just be conscious of what's going on there. If you need to reinstall GRUB (your bootloader), there are some utilities out there to help.

Alright! Let's cut the chatter, and restore our backup! Let's assume, for a minute, that our backup is located on the root directory, and is called "backup.tgz", compressed with gzip. (Not too much of a stretch, is it? We just put it there that way.) The command to restore from our backup would be:

$ sudo tar -xvpzf /backup.tgz -C /

The x switch tells the archive to extract, where the C switch tells it to change to a specified directory. In this example, we switch directory to the root directory (/), so we can technically run this command from any path. The p switch tells tar to preserve the file permissions. Again, those permissions are very important if you'd actually like to *use* your system. The command may take a while to run, and once it's done you will have only one more thing to do. You will need to manually recreate the directories you excluded when you backed up. In this case, we excluded /proc, /lost+found, /mnt, and /sys. You might have also excluded /media. To restore these directories, simply run the following command:

$ sudo mkdir /proc /lost+found /mnt /sys /media

That's it! Reboot your machine, and revel in the glory that is a fully functioning (albeit somewhat out of date) computer!

If you backed up to a networked machine with nc earlier, you will probably want to restore that. On the sending side, you will want to run this command:

$ sudo cat backup.tgz | nc -q 0  1024

Presuming you are booted from a live cd on the receiving end, you would want to mount the hard drive first (and make sure it's properly formatted). We'll assume you mount the disk to /mnt/disk. You would then run the following command:

$ sudo nc -l -p 1024 | tar -xvzjf - -C /mnt/disk

Again, assuming that 1024 is the port you will be using. You made need to adjust some of the switches to suit your needs. You would use similar switches to when you created the archive. If in doubt, read the man pages.

If you had to format your drive, or any of your partitions, update the file /etc/fstab after restoring the backup. Mount the reformatted partitions on a LiveCD and type "blkid" on a terminal. Then edit the /etc/fstab file in the restored root partition and change the UUID of the partitions you formatted.

$ sudo nano /mnt/disk/etc/fstab

Notes

Your mileage may vary on any and all of these commands, as they are generalized, and not intended to be specific to any distribution of linux. If you find that something doesn't work for you, take a closer look at the command, and try to work out where it might be getting hung up. Maybe you're trying to back up to a location that doesn't exist. Maybe you forgot to exclude a directory. Maybe you got a switch wrong. Be patient, and things will come together. If you have any more questions, feel free to drop me a line, or leave a comment.

Backups, Linux