rsnapshot Debian how-to
**rsnapshot**
is a filesystem backup utility for Unix-like systems that uses rsync
and hard links to efficiently create incremental snapshots. It stores backups in dated directories, minimizing disk usage by linking unchanged files. Designed for automation, it supports local and remote backups via SSH.
apt install rsnapshot
/etc/rsnapshot.conf
config_version 1.2
# executables paths on your system
cmd_cp /bin/cp
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_ssh /usr/bin/ssh
cmd_du /usr/bin/du
# type and number of snapshots to execute
retain alpha 7 #7 snaps, one per day
retain beta 2 #2 snaps, one per week
retain gamma 1 #1 snap montly
verbose 2
loglevel 3
logfile /var/log/rsnapshot.log
lockfile /home/roughnecks/rsnapshot.pid
# where to save your snapshots
snapshot_root /mnt/backup/
# rsnapshot won't create the "root" folder of your backups. Create it yourself
no_create_root 1
# global short rsync args (feel free to adjust)
rsync_short_args -avz
# uses hard links (keep this)
link_dest 1
# what, where and how to backup
# --rsync-path="sudo rsync" is only needed if you're backing up directories which need root access on the remote host
# --exclude-from=/etc/rsnapshot/exclude_path.list is a list of paths never to be backed up, relative to this backup only
backup debian@remote_host:/path/ local_path/ +rsync_long_args=--rsync-path="sudo rsync" --exclude-from=/etc/rsnapshot/exclude_path.list
# global exclusion list (directories never to be backed up)
exclude /proc/
exclude /sys/
exclude /dev/
exclude /run/
exclude /tmp/
First things first: I suggest to always use a non-root user (not even sudo, because that would be the same, right?) to execute rsnaspshot.
Make sure your user can write the lockfile and also the logfile (create paths where necessary)
Create the root dir (where to store your snapshots) with root, if necessary - (maybe inside /mnt/ ) - but give your user permissions to read and write afterwards.
Decide the number and frequency of your backups (daily, weekly and monthly is a sane default) - don't change the names “alpha, beta and gamma” in the config, because, as it is written in the comments: “Must be unique and in ascending order”
A simple backup line would be like:
backup /var/www/ local_path/
- “backup” is the logical name
- “/var/www” is the source directory
- “local_path/” is the destination directory inside your
snapshot_root
If you're backing up a direcory on a remote host, use the same syntax as the one for rsync. I also suggest making use of the ~/.ssh/config
file to configure and shorten your ssh destinations (name, ports, keys).
Last piece I added in the backup line above in configuration file is used when you need to backup a directory with root permission. You can give the “normal” user “sudo” rights to use rsync command without entering a password on the remote host and then you can keep running rsnapshot locally without root
backupuser ALL=(ALL) NOPASSWD: /usr/bin/rsync
One big advice, if I may. Be sure to make an exclusion for the following directories when backing up a /home/user
dir
*/go
*/node_modules
*/.cache
*/.npm
*/.nvm
*/.rustup
especially go/pkg
directory creates a big mess because all of the files of the modules have no “write” (+w) permission set - for whatever reason they did it (I really don't understand this choice).. So after the first successful snap, on the second one, when the software will move e.g. alpha.0
to alpha.1
, it won't have the permission to do so. It will fail and you'll need to fix it.
Useful commands
rsnapshot help
rsnapshot <alpha | beta | gamma>
# manually execute one of the rsnapshots
rsnapshot configtest
# syntax check
rsnapshot du
# show disk usage for your backups
scheduling
I'm using crontab to schedule rsnapshot, like this:
# Run rsnapshot alpha every day at 2:00 PM
0 14 * * * /home/roughnecks/scripts/rsnapshot-alpha.sh
# Run rsnapshot beta every monday at 3:00 PM
0 15 * * 1 /home/roughnecks/scripts/rsnapshot-beta.sh
# Run rsnapshot gamma the first of every month at 4:00 PM
0 16 1 * * /home/roughnecks/scripts/rsnapshot-gamma.sh
I actually run those mini shell scripts because I'm also sending notifications about successful/failed backups via ntfy
Here's one of them, the other ones are copy-pasted with different frequency:
#!/bin/bash
rsnapshot alpha
if [ $? -eq 0 ]; then
curl -d "rsnapshot alpha successful! 😀" ntfy.myserver.tld:port/tag
else
curl -d "rsnapshot alpha failed?! 🤔" ntfy.myserver.tld:port/tag
fi
That would be all. Hope it's been useful