https://wiki.archlinux.org/api.php?action=feedcontributions&user=Akobel&feedformat=atomArchWiki - User contributions [en]2024-03-29T13:41:33ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=SANE&diff=568102SANE2019-03-07T18:46:26Z<p>Akobel: /* Installing a scanner driver */ Installation instructions for Fujitsu fi series proprietary driver.</p>
<hr />
<div>[[Category:Digital imaging]]<br />
[[es:SANE]]<br />
[[fr:Sane]]<br />
[[it:SANE]]<br />
[[ja:SANE]]<br />
[[zh-hans:SANE]]<br />
{{Related articles start}}<br />
{{Related|SANE/Scanner-specific problems}}<br />
{{Related|Scanner Button Daemon}}<br />
{{Related articles end}}<br />
<br />
[http://www.sane-project.org/ SANE] ([[wikipedia:Scanner Access Now Easy|Scanner Access Now Easy]]) provides a library and a command-line tool to use scanners under GNU/Linux. See [http://www.sane-project.org/sane-supported-devices.html] to check if sane supports your scanner.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|sane}} package.<br />
<br />
== Verification ==<br />
<br />
Now you can try to see if sane recognizes your scanner<br />
<br />
$ scanimage -L<br />
<br />
If that fails, run the command again as root to check for permission problems. If that fails as well, check that your scanner is plugged into the computer. You also might have to unplug/plug your scanner for {{ic|/usr/lib/udev/rules.d/49-sane.rules}} to recognize your scanner.<br />
<br />
Now you can see if it actually works<br />
<br />
$ scanimage --format=png > test.png<br />
<br />
If the scanning fails with the message {{ic|scanimage: sane_start: Invalid argument}} you may need to specify the device.<br />
<br />
{{hc|$ scanimage -L|<br />
device `v4l:/dev/video0' is a Noname Video WebCam virtual device<br />
device `pixma:04A91749_247936' is a CANON Canon PIXMA MG5200 multi-function peripheral<br />
}}<br />
<br />
Then you would need to run<br />
<br />
$ scanimage --device "pixma:04A91749_247936" --format=tiff > test.tiff<br />
<br />
Sane provides many special backend options for numerous scanner types. To see what these are for your device:<br />
<br />
$ scanimage -A<br />
<br />
== Installing a scanner driver ==<br />
<br />
Most scanners should work out of the box. If yours does not, see [[SANE/Scanner-specific problems]] for installation instructions.<br />
<br />
=== Firmware ===<br />
<br />
{{Note|This section is only needed if you need to upload firmware to your scanner.}}<br />
<br />
Firmwares usually have the '''{{ic|.bin}}''' extension. <br />
<br />
Firstly you need to put the firmware someplace safe, it is recommended to put it in a subdirectory of {{ic|/usr/share/sane/}}.<br />
<br />
Then you need to tell sane where the firmware is:<br />
<br />
* Find the name of the backend for your scanner from the [http://www.sane-project.org/sane-supported-devices.html sane supported devices list].<br />
* Open the file {{ic|/etc/sane.d/''<backend-name>''.conf}}.<br />
* Make sure the firmware entry is uncommented and let the file-path point to where you put the firmware file for your scanner. Be sure that members of the group {{ic|scanner}} can access the {{ic|/etc/sane.d/''<backend-name>''.conf}} file.<br />
<br />
If the backend of your scanner is not part of the sane package (such as {{ic|hpaio.conf}} which is part of {{pkg|hplip}}), you need to uncomment the relevant entry in {{ic|/etc/sane.d/dll.d}} or in {{ic|/etc/sane.d/dll.conf}}.<br />
<br />
=== Fujitsu fi series ===<br />
<br />
For some of the Fujitsu fi series document scanners, the {{Aur|pfufs}} proprietary driver offers advanced functionality over the already mature SANE default driver, such as control of an optional imprinter for stamping scanned documents or requesting accurate status of the consumables from the host.<br />
<br />
== Install a frontend ==<br />
<br />
Many frontends exist for SANE, a non-exhaustive list of which can be found on the [http://www.sane-project.org/sane-frontends.html sane-project website].<br />
<br />
* {{App|[[Wikipedia:Scanner Access Now Easy#Simple_Scan|Simple Scan]]|Simplified GUI that is intended to be easier to use and better integrated into the [[GNOME]] desktop than XSane. It was initially written for Ubuntu and is maintained by Robert Ancell of Canonical Ltd. for GNU/Linux.|https://gitlab.gnome.org/GNOME/simple-scan|{{Pkg|simple-scan}}}}<br />
* {{App|[[Wikipedia:Skanlite|Skanlite]]|Simple image scanning application that does nothing more than scan and save images, based on the KSane backend.|https://www.kde.org/applications/graphics/skanlite|{{Pkg|skanlite}}}}<br />
* {{App|[[Wikipedia:Scanner Access Now Easy#XSane|XSane]]|Full-featured GTK-based frontend looking a bit old but providing extended functionalities.|http://www.xsane.org/|{{Pkg|xsane}}}}<br />
<br />
Some [[List of applications/Documents#OCR software|OCR software]] are able to scan images using SANE: gImageReader, [[Wikipedia:Scanner Access Now Easy#gscan2pdf|gscan2pdf]], Linux-Intelligent-Ocr-Solution, [[Wikipedia:OCRFeeder|OCRFeeder]], [https://openpaper.work Paperwork].<br />
<br />
{{Note|<br />
* Scanning directly to PDF using XSane in 16bit color depth mode is known to produces [https://bugs.launchpad.net/ubuntu/+source/xsane/+bug/539162 corrupted files] and a note in {{ic|pacman}} output warns so. 8bit mode is known to work.<br />
<br />
{{Accuracy|skanlite does not need to ''handle'' mDNS. As long as [[Avahi#Hostname resolution|mDNS hostname resolution]] is set up correctly and the scanner 's address is specified as {{ic|''hostname''.local}}, it should just work. This looks like a hplip limitation/bug.}}<br />
<br />
* Using a frontend does not mean you do not have to apply some tricks. This is especially true with devices configured via [[mDNS]]. For example, {{ic|skanlite}} needs to have additional info specified on the command line in order to detect a network scanner properly as it cannot handle mDNS. Here is an example with an HP Officejet Pro L7590: {{ic|1=skanlite --device "hpaio:/net/Officejet_Pro_L7500?ip=192.168.0.17"}}.<br />
}}<br />
<br />
== Network scanning ==<br />
<br />
=== Sharing your scanner over a network ===<br />
<br />
You can share your scanner with other hosts on your network who use ''sane'', ''xsane'' or xsane-enabled ''GIMP''. To set up the server, first indicate which hosts on your network are allowed access.<br />
<br />
Change the {{ic|/etc/sane.d/saned.conf}} file to your liking, for example:<br />
<br />
# required<br />
localhost<br />
# allow local subnet<br />
192.168.0.0/24<br />
<br />
If you use [[iptables]], [[Kernel_modules|insert]] the {{ic|nf_conntrack_sane}} module to let the firewall track {{ic|saned}} connections.<br />
<br />
Now [[start/enable]] {{ic|saned.socket}}. Your scanner is now available over the network. For more information, see {{man|8|saned}}.<br />
<br />
{{Note|saned intentionally refuses to share scanners that use the net: backend (which includes some USB scanners). There is a crude patch to allow this in {{Bug|54786}}, but note it may cause problems on some networks. Check output of {{ic|scanimage -L}} on the server to see the scanner url.}}<br />
<br />
=== Accessing your scanner from a remote workstation ===<br />
<br />
{{Note|Some network scanners require a different approach. See [[SANE/Scanner-specific problems]].}}<br />
<br />
You can access your network-enabled scanner from a remote Arch Linux workstation.<br />
<br />
First, specify the server's host name or IP address in the {{ic|/etc/sane.d/net.conf}} file:<br />
<br />
# static IP address<br />
192.168.0.1<br />
# or host name<br />
stratus<br />
<br />
Now test your workstation's connection:<br />
<br />
$ scanimage -L<br />
<br />
The network scanner should now also show up in any [[#Install a frontend|front-end]].<br />
<br />
=== Windows clients ===<br />
<br />
Since the Windows port of SANE seems to be [http://www.xsane.org/xsane-download.html unsupported, outdated and difficult to get], you can try [http://sanetwain.ozuzo.net/ SaneTwain] instead.<br />
<br />
== Troubleshooting ==<br />
<br />
:See also: [[SANE/Scanner-specific problems]]<br />
<br />
=== Invalid argument ===<br />
<br />
If you get an "Invalid argument" error with xsane or another sane front-end, this could be caused by one of the following reasons:<br />
<br />
==== Missing firmware file ====<br />
<br />
No firmware file was provided for the used scanner (see [[#Firmware]] for details).<br />
<br />
==== Wrong firmware file permissions ====<br />
<br />
The permissions for the used firmware file are wrong. Correct them using<br />
<br />
# chown root:scanner /usr/share/sane/''SCANNER_MODEL''/''FIRMWARE_FILE''<br />
# chmod ug+r /usr/share/sane/''SCANNER_MODEL''/''FIRMWARE_FILE''<br />
<br />
==== Multiple backends claim scanner ====<br />
<br />
It may happen, that multiple backends support (or pretend to support) your scanner, and sane chooses one that does not do after all (the scanner will not be displayed by {{ic|scanimage -L}} then). This has happened with older Epson scanners and the {{ic|epson2}} resp. {{ic|epson}} backends. In this case, the solution is to comment out the unwanted backend in {{ic|/etc/sane.d/dll.conf}}. In the Epson case, that would be to change<br />
<br />
epson2<br />
#epson<br />
<br />
to <br />
<br />
#epson2<br />
epson<br />
<br />
It may also be possible that the independent {{Pkg|iscan}} {{ic|epkowa}} backend interferes with your {{ic|snapscan}} backend (epson scanners). You may get this error right after using the {{ic|scanimage -L}} command. Starting the scanner app (like {{Pkg|xsane}}) twice can also solve the problem. Otherwise check your {{ic|/etc/sane.d/epkowa.conf}} for wrong configurations or remove the {{Pkg|iscan}} package.<br />
<br />
==== Communication via xHCI not working (older scanner models) ====<br />
<br />
Some older scanner models do not work when connected via an USB3 port. If you experience this issue, try setting the {{ic|1=SANE_USB_WORKAROUND=1}} [[environment variable]] before starting your frontend.[https://lists.alioth.debian.org/pipermail/sane-announce/2017/000036.html][https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/?id=1207ce5a40664c04b934bd0a6babbc1575361356]<br />
<br />
If that does not work, try one of the following workarounds:<br />
<br />
* Use an USB2 port instead of an USB3 port, if available.<br />
* Disable xHCI via BIOS/EFI. eHCI will consequently be used and communication with the scanner will work. On the downside, USB3 speed can not be reached on any port.<br />
* On (some) intel chipsets the {{ic|setpci}} command can be used to route specific usb ports to either the xHCI or the eHCI controller. See [https://forums.opensuse.org/showthread.php/507627-Suse-13-2-scanner-no-longer-working-on-64-bit-version?p=2714695#post2714695 here] and [https://superuser.com/questions/812022/force-a-single-usb-3-0-port-to-work-as-usb-2-0 here] (scroll down to where it says "setpci") for further information. With this it is possible to toggle single USB ports with a simple shell script.<br />
* Connect the scanner over the network instead if it is supported.<br />
<br />
=== Slow startup ===<br />
<br />
If you encounter slow startup issue (e.g. {{ic|xsane}} or {{ic|scanimage -L}} take a lot to find scanner) it may be that more than one driver supporting it is available. <br />
<br />
Have a look at {{ic|/etc/sane.d/dll.conf}} and try commenting out one (e.g. you may have {{ic|epson}}, {{ic|epson2}} and {{ic|epkowa}} enabled at the same time, try leaving only {{ic|epson}} or {{ic|epkowa}} uncommented).<br />
<br />
You can also try to comment out {{ic|net}} driver, if there are no network scanners.<br />
<br />
Your [[webcam]] might also be listed as scanning device and slow down detection at startup. To blacklist webcam, try commenting out all the lines in {{ic|/etc/sane.d/v4l.conf}}.<br />
<br />
=== Device busy ===<br />
<br />
{{Accuracy|The user should not need to be in the scanner group (see [[Users and groups#Pre-systemd groups]])}}<br />
<br />
If your USB device is listed with {{ic|scanimage -L}} but launching the test {{ic|1=scanimage pixma:04A9173E_11DAD1 --format=tiff > test.tiff}} always return the 'Device busy' error, you might try to add your username to the scanner group {{ic|usermod -a -G scanner yourusername}} then blacklist the {{ic|usblp}} kernel module by writing {{ic|blacklist usblp}} in {{ic|/etc/modprobe.d/no-usblp.conf}} (it prevents {{ic|usblp}} from loading to support scanning, not needed by xsane and related tools, might also [[CUPS/Troubleshooting#Conflict_with_usblp|conflict with CUPS]]). Reboot to finish. [http://cromwell-intl.com/linux/canon-pixma-printer-scanner.html]<br />
<br />
=== Permission problem ===<br />
<br />
With systemd, the {{ic|scanner}} and {{ic|lp}} groups are deprecated. No need to add your user to those groups. See [[Users and groups#Pre-systemd groups]] for detail.<br />
<br />
You can also try to change permissions of usb device but this is not recommended, a better solution is to fix the [[Udev rules]] so that your scanner is recognized.<br />
<br />
First check connected usb devices with {{ic|lsusb}}:<br />
<br />
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub<br />
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub<br />
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub<br />
Bus 003 Device 003: ID 04d9:1603 Holtek Semiconductor, Inc.<br />
Bus 003 Device 002: ID 04fc:0538 Sunplus Technology Co., Ltd<br />
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub<br />
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub<br />
Bus 001 Device 006: ID 03f0:2504 Hewlett-Packard<br />
Bus 001 Device 002: ID 046d:0802 Logitech, Inc. Webcam C200<br />
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub<br />
<br />
In our example we see the scanner: {{ic|Bus 001 Device 006: ID 03f0:2504 Hewlett-Packard}}. Here {{ic|03f0}} is the ''vendorID'' and {{ic|2504}} is the ''productID''.<br />
<br />
Now open {{ic|/usr/lib/udev/rules.d/49-sane.rules}} and see if there is there is a line with the ''vendorID'' and ''productID'' of your scanner. If there is not any, create the new file {{ic|/etc/udev/rules.d/49-sane-missing-scanner.rules}}, with the following contents:<br />
<br />
ATTRS{idVendor}=="'''vendorID'''", ATTRS{idProduct}=="'''productID'''", MODE="0664", GROUP="scanner", ENV{libsane_matched}="yes"<br />
<br />
Save the file, plug out and back in your scanner and the file permissions should be now correct.<br />
<br />
{{Accuracy|The scanner needs to be added to the right backend file, {{ic|hp4200.conf}} will not work for any scanner.}}<br />
<br />
Another tip, is that you can add your device (scanner) in backend file:<br />
<br />
Add {{ic|usb 0x03f0 0x2504}} to {{ic|/etc/sane.d/hp4200.conf}} so it looks like this:<br />
<br />
#<br />
# Configuration file for the hp4200 backend<br />
#<br />
#<br />
# HP4200<br />
#usb 0x03f0 0x0105<br />
usb 0x03f0 0x2504<br />
<br />
==== Parallel port scanners ====<br />
<br />
All devices attached to a parallel port are assumed to be printers, and are given a {{ic|lp}} group. Either create a [[udev]] rule to mark the relevant parallel port as {{ic|libsane_matched}}, or add your user to the {{ic|lp}} [[user group]]. CUPS also uses the {{ic|lp}} group for read-only access to configuration files, so there are potential security implications to adding users to the {{ic|lp}} group - see [[CUPS#Connection Interfaces]] for more information.</div>Akobelhttps://wiki.archlinux.org/index.php?title=BackupPC&diff=503501BackupPC2017-12-21T10:44:15Z<p>Akobel: typo</p>
<hr />
<div>[[Category:System recovery]]<br />
[[ja:BackupPC]]<br />
'''BackupPC''' is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.<br />
<br />
Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape.<br />
<br />
Note that BackupPC only provides file-based backups and restores. In particular, it is not suitable out-of-the-box for "hot" database backups (although pre-backup hooks can be used to dump databases and do "cold" backups); you will need tools like [[xtrabackup]] for that purpose. Also, BackupPC only offers limited handling of opened files. Make sure to read about the [http://backuppc.sourceforge.net/faq/limitations.html limitations of BackupPC] and test a backup-and-restore cycle before you actually need to resort to it for real.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|backuppc}} from the [[official repositories]].<br />
Install {{Pkg|rsync}} and {{Pkg|perl-file-rsyncp}} if you want to use [[rsync]] as a transport, and {{Pkg|rrdtool}} to display usage data in the CGI interface.<br />
<br />
Start the '''backuppc''' [[systemd]] [[daemon]] and, if you wish to have it running at boot time, enable it.<br />
<br />
=== Placing data directories on a separate partition ===<br />
<br />
The BackupPC pool is stored by default under {{ic|/var/lib/backuppc}}, which also serves as the home directory for the backuppc user.<br />
This path can be changed via the <code>$Conf{TopDir}</code> entry in {{ic|/etc/backuppc/config.pl}}.<br />
Typical reasons are that you keep your system on a fast, but expensive and small, [[SSD]] and need to store the backups on a traditional hard disk, or that you want to keep the backup pool on a partition managed by an [[LVM]] to be able to resize to partition according to changing demands.<br />
<br />
The documentation suggests to not change the <code>$Conf{TopDir}</code> entry, but instead use symlinks. However, be careful when doing so because package upgrades for backuppc will replace symlinks for both {{ic|/var/lib/backuppc}} or any of the default subdirectories {{ic|cpool}}, {{ic|pc}} or {{ic|pool}} by empty directories '''without any warning'''.<br />
<br />
Thus, it is recommended to either use bind mounts in [[fstab]] instead of symlinks, or to deliberately ignore the recommendation in {{ic|/etc/backuppc/config.pl}} and change <code>$Conf{TopDir}</code> nevertheless. Alternatively, use [[pacman]]'s pre- and post-[[pacman#Hooks|transaction hooks]] such as the following (remember to make the shell scripts executable by {{ic|chmod a+x /etc/pacman.d/hooks/backuppc-restore-symlinks-*.sh}}):<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-post.hook|<nowiki><br />
[Trigger]<br />
Operation = Upgrade<br />
Type = Package<br />
Target = backuppc<br />
<br />
[Action]<br />
Description = Restore symlinks for BackupPC pool directories<br />
When = PostTransaction<br />
Exec = /etc/pacman.d/hooks/backuppc-restore-symlinks-post.sh</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-post.sh|<nowiki><br />
#!/usr/bin/bash<br />
<br />
if [ ! -d /tmp/backuppc-symlinks-cache ]; then<br />
exit 0<br />
fi<br />
<br />
if [ -L /tmp/backuppc-symlinks-cache/backuppc ]; then<br />
rmdir /var/lib/backuppc/{cpool,pc,pool,}<br />
mv /tmp/backuppc-symlinks-cache/backuppc /var/lib/<br />
echo "==> Restored /var/lib/backuppc => $(readlink /var/lib/backuppc)"<br />
fi<br />
<br />
for dir in cpool pc pool; do<br />
if [ -L /tmp/backuppc-symlinks-cache/$dir ]; then<br />
rmdir /var/lib/backuppc/$dir<br />
mv /tmp/backuppc-symlinks-cache/$dir /var/lib/backuppc/<br />
echo "==> Restored /var/lib/backuppc/${dir} => $(readlink /var/lib/backuppc/$dir)"<br />
fi<br />
done<br />
<br />
if [ -f /tmp/backuppc-symlinks-cache/was-running ]; then<br />
echo '==> BackupPC service was stopped for upgrade.'<br />
echo '==> Check the configuration and run `systemctl start backuppc.service` to restart the service.'<br />
rm -f /tmp/backuppc-symlinks-cache/was-running<br />
fi<br />
<br />
rmdir --ignore-fail-on-non-empty /tmp/backuppc-symlinks-cache &>/dev/null</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-pre.hook|<nowiki><br />
[Trigger]<br />
Operation = Upgrade<br />
Type = Package<br />
Target = backuppc<br />
<br />
[Action]<br />
Description = Stash symlinks for BackupPC pool directories<br />
When = PreTransaction<br />
Exec = /etc/pacman.d/hooks/backuppc-restore-symlinks-pre.sh</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-pre.sh|<nowiki><br />
#!/usr/bin/bash<br />
<br />
if systemctl is-active backuppc.service &>/dev/null; then<br />
systemctl stop backuppc.service<br />
mkdir -p /tmp/backuppc-symlinks-cache<br />
touch /tmp/backuppc-symlinks-cache/was-running<br />
fi<br />
<br />
for dir in /var/lib/backuppc/{cpool,pc,pool,}; do<br />
if [ -L $dir ]; then<br />
mkdir -p /tmp/backuppc-symlinks-cache<br />
mv $dir /tmp/backuppc-symlinks-cache<br />
fi<br />
done</nowiki>}}<br />
<br />
== Apache configuration ==<br />
<br />
BackupPC has a web interface that allows you to easily control it. You can access it using Apache and mod_perl or a C wrapper but other webservers like {{Pkg|lighttpd}} works too. <br />
Install {{Pkg|apache}} from the official repositories.<br />
<br />
=== Edit Apache configuration ===<br />
BackupPC's web UI needs to run as the user backuppc, but Apache normally runs under the user http. There are several ways to fix this. The two demonstrated here are common for single-purpose servers (Apache is only used to serve the BackupPC UI) or for multi-purpose servers (Apache may also server other websites under the regular http user).<br />
<br />
Setting up Apache for single-purpose use is a bit easier but not as flexible.<br />
<br />
==== General settings ====<br />
<br />
Edit {{ic|/etc/backuppc/config.pl}}. Set administrator name:<br />
$Conf{CgiAdminUsers} = 'admin'; <br />
Next, we need to add a users file and set the admin password:<br />
# htpasswd -c /etc/backuppc/backuppc.users admin<br />
<br />
The BackupPC-Webfrontend is initially configured so that you can only access it from the localhost. If you want to access it from all machines in your network, you have to edit {{ic|/etc/httpd/conf/extra/backuppc.conf}}. Edit the line:<br />
Require ip 127.0.0.1<br />
to:<br />
Require ip 127.0.0.1 192.168.0<br />
where you have to replace 192.168.0 to your corresponding IP-Adresses you want to gain access from.<br />
After one of the configuration steps below has also been performed, [re]start the Apache service.<br />
<br />
==== Single-purpose Apache settings ====<br />
[[Install]] {{AUR|mod_perl}} from the [[official repositories]].<br />
<br />
Edit the Apache configuration file to load mod_perl, tell Apache to run as user backuppc and to include {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule perl_module modules/mod_perl.so<br />
User backuppc<br />
Group backuppc<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
==== Multi-purpose Apache settings ====<br />
Instead of globally changing the Apache user and group like in the example above, we will instead make Apache run just the BackupPC CGI script as the backuppc user and leave the default user alone. This method uses mod_cgi to call a wrapper written in C instead of using the extra mod_perl dependency. You still need to have {{Pkg|perl}} itself installed so the wrapper can run the BackupPC scripts.<br />
<br />
Make sure Apache can run CGI programs (the line loading mod_cgi is not commented) and that it reads the BackupPC configuration by including it in {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule cgi_module modules/mod_cgi.so<br />
...<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
===== The webserver user and the suid problem =====<br />
<br />
The current setup of BackupPC, the webserver needs to run as backuppc user and this can be a problem on many setups where the webserver is used for other sites. In the past one could suid a Perl script, but it was blocked globally due security problems several years ago. To workaround that, perl-suid was used, but again blocked due the same problem more recently, scripts cannot be run securely with suid bit. Still there is another way, this time using a simple binary program that is suid as a launcher, that will run the backuppc Perl scripts already with the correct user. This isolates the Perl script from the environment and it is considered safe.<br />
<br />
You need to replace the original backuppc CGI with the below C code compiled program and move the backuppc CGI to another place.<br />
<br />
Move the real CGI {{ic|/usr/share/backuppc/cgi-bin/BackupPC_Admin}} to the lib directory {{ic|/usr/share/backuppc/lib/real-BackupPC_Admin.cgi}}.<br />
<br />
Save the C code below to a file named ''wrapper.c'' (please update the CGI path if needed) and compile it with:<br />
<br />
$ gcc -o BackupPC_Admin wrapper.c<br />
<br />
The wrapper C code:<br />
<br />
#include <unistd.h><br />
#define REAL_PATH "/usr/share/backuppc/lib/real-BackupPC_Admin.cgi"<br />
int main(ac, av)<br />
char **av;<br />
{<br />
execv(REAL_PATH, av);<br />
return 0;<br />
}<br />
<br />
Place the new binary {{ic|BackupPC_Admin}} in the cgi-bin directory and chown the binary CGI to {{ic|backuppc:http}} and set the suid bit:<br />
<br />
# chown backuppc:http /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
# chmod 4750 /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
<br />
Do not forget to clear the suid bit on the original Perl script if it was set (or the CGI page will not load):<br />
<br />
# chmod 0755 /usr/share/backuppc/lib/real-BackupPC_Admin.cgi<br />
<br />
Keep your web server with its usual user and backup should now be able to run correctly.<br />
<br />
{{Note|Keep in mind that the fix described in this section will be overwritten at every package upgrade, resulting in the BackupPC_Admin page displaying a message similar to ''Error: Wrong user: my userid is 33, instead of 126(backuppc)''. You will have to reapply the whole modification manually again to fix it.}}<br />
<br />
== Alternative nginx configuration ==<br />
Install {{Pkg|fcgiwrap}}. Enable and start {{ic|fcgiwrap.socket}}.<br />
{{hc|/etc/nginx/sites-available/backuppc|<nowiki><br />
server {<br />
listen <your_server_port>;<br />
server_name <your_server_name>;<br />
<br />
root /usr/share/backuppc/html;<br />
index /index.cgi;<br />
<br />
access_log /var/log/nginx/backuppc.access.log;<br />
error_log /var/log/nginx/backuppc.error.log;<br />
<br />
location / {<br />
allow 127.0.0.1/32;<br />
# allow 192.168.0.0/24;<br />
deny all;<br />
<br />
# auth_basic "Backup";<br />
# auth_basic_user_file conf/backuppc.users;<br />
}<br />
<br />
location /backuppc {<br />
alias /usr/share/backuppc/html/;<br />
}<br />
<br />
location ~\.cgi$ {<br />
include fastcgi_params;<br />
fastcgi_pass unix:/run/fcgiwrap.sock;<br />
<br />
fastcgi_param REMOTE_ADDR $remote_addr;<br />
fastcgi_param REMOTE_USER $remote_user;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin/BackupPC_Admin;<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
And symlink to sites-enabled:<br />
<br />
# ln -s /etc/nginx/sites-available/backuppc /etc/nginx/sites-enabled<br />
<br />
Change fcgiwrap executing user in systemd fcgiwrap.service file to user: backuppc<br />
<br />
== Alternative lighttpd configuration ==<br />
<br />
{{hc|/etc/lighttpd/lighttpd.conf|<nowiki><br />
server.port = 81<br />
server.username = "backuppc"<br />
server.groupname = "backuppc"<br />
server.document-root = "/srv/http"<br />
server.errorlog = "/var/log/lighttpd/error.log"<br />
dir-listing.activate = "enable"<br />
index-file.names = ( "index.html", "index.php", "index.cgi" )<br />
mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", "" => "application/octet-stream" )<br />
<br />
server.modules = ("mod_alias", "mod_cgi", "mod_auth", "mod_access" )<br />
<br />
alias.url = ( "/BackupPC_Admin" => "/usr/share/backuppc/cgi-bin/BackupPC_Admin" )<br />
alias.url += ( "/backuppc" => "/usr/share/backuppc/html" )<br />
<br />
cgi.assign += ( ".cgi" => "/usr/bin/perl" )<br />
cgi.assign += ( "BackupPC_Admin" => "/usr/bin/perl" )<br />
<br />
auth.backend = "plain"<br />
auth.backend.plain.userfile = "/etc/lighttpd/passwd"<br />
auth.require = ( "/BackupPC_Admin" => ( "method" => "basic", "realm" => "BackupPC", "require" => "user=admin" ) )<br />
</nowiki>}}<br />
<br />
{{hc|/etc/lighttpd/passwd|<br />
admin:''yourpassword''<br />
}}<br />
<br />
And create log file:<br />
<br />
# touch /var/log/lighttpd/error.log<br />
# chown backuppc:backuppc /var/log/lighttpd/error.log<br />
<br />
== Accessing the admin page ==<br />
<br />
Before accesing de admin page you have to specify which users/groups will be able to edit BackupPC's configuration.<br />
<br />
{{hc|/etc/backuppc/config.pl|<nowiki><br />
$Conf{CgiAdminUserGroup} = '<authorized groups>';<br />
$Conf{CgiAdminUsers} = '<authorized users>'; # <-- set to '*' if the webserver is not autenticating users<br />
</nowiki>}}<br />
<br />
Browse to http://localhost/BackupPC_Admin respectively http://''your_backuppc_server_ip''/BackupPC_Admin.<br />
<br />
== Website view problem ==<br />
<br />
Due an Apache directive, the web interface may not shown properly. If that is your case, just modify the line in your {{ic|/etc/httpd/conf/httpd.conf}} that avoids .htaccess and .htpasswd from viewed for clients or change directory name /usr/share/backuppc/html for /usr/share/backuppc/files and update {{ic|/etc/httpd/conf/extra/backuppc.conf}} with the new path, as it follows:<br />
<br />
{{hc|/etc/httpd/conf/extra/backuppc.conf|<br />
Alias /BackupPC/images /usr/share/BackupPC/files/<br />
}}<br />
== See also ==<br />
<br />
* [http://backuppc.sourceforge.net/index.html BackupPC Home page]<br />
* [http://backuppc.sourceforge.net/faq/BackupPC.html BackupPC documentation]</div>Akobelhttps://wiki.archlinux.org/index.php?title=BackupPC&diff=503500BackupPC2017-12-21T10:43:30Z<p>Akobel: Placing data directories on a separate partition: describe automatic post-upgrade hooks</p>
<hr />
<div>[[Category:System recovery]]<br />
[[ja:BackupPC]]<br />
'''BackupPC''' is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.<br />
<br />
Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape.<br />
<br />
Note that BackupPC only provides file-based backups and restores. In particular, it is not suitable out-of-the-box for "hot" database backups (although pre-backup hooks can be used to dump databases and do "cold" backups); you will need tools like [[xtrabackup]] for that purpose. Also, BackupPC only offers limited handling of opened files. Make sure to read about the [http://backuppc.sourceforge.net/faq/limitations.html limitations of BackupPC] and test a backup-and-restore cycle before you actually need to resort to it for real.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|backuppc}} from the [[official repositories]].<br />
Install {{Pkg|rsync}} and {{Pkg|perl-file-rsyncp}} if you want to use [[rsync]] as a transport, and {{Pkg|rrdtool}} to display usage data in the CGI interface.<br />
<br />
Start the '''backuppc''' [[systemd]] [[daemon]] and, if you wish to have it running at boot time, enable it.<br />
<br />
=== Placing data directories on a separate partition ===<br />
<br />
The BackupPC pool is stored by default under {{ic|/var/lib/backuppc}}, which also serves as the home directory for the backuppc user.<br />
This path can be changed via the <code>$Conf{TopDir}</code> entry in {{ic|/etc/backuppc/config.pl}}.<br />
Typical reasons are that you keep your system on a fast, but expensive and small, [[SSD]] and need to store the backups on a traditional hard disk, or that you want to keep the backup pool on a partition managed by an [[LVM]] to be able to resize to partition according to changing demands.<br />
<br />
The documentation suggests to not change the <code>$Conf{TopDir}</code> entry, but instead use symlinks. However, be careful when doing so because package upgrades for backuppc will replace symlinks for both {{ic|/var/lib/backuppc}} or any of the default subdirectories {{ic|cpool}}, {{ic|pc}} or {{ic|pool}} by empty directories '''without any warning'''.<br />
<br />
Thus, it is recommended to either use bind mounts in [[fstab]] instead of symlinks, or to deliberately ignore the recommendation in {{ic|/etc/backuppc/config.pl}} and change <code>$Conf{TopDir}</code> nevertheless. Alternatively, use [[pacman]]'s pre- and post-[[pacman#Hooks|transaction hooks]] such as the following (remember to make the shell scripts executable by {{ic|chmod a+x /etc/pacman.d/hooks/backuppc-restore-symlinks-*.sh}}:<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-post.hook|<nowiki><br />
[Trigger]<br />
Operation = Upgrade<br />
Type = Package<br />
Target = backuppc<br />
<br />
[Action]<br />
Description = Restore symlinks for BackupPC pool directories<br />
When = PostTransaction<br />
Exec = /etc/pacman.d/hooks/backuppc-restore-symlinks-post.sh</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-post.sh|<nowiki><br />
#!/usr/bin/bash<br />
<br />
if [ ! -d /tmp/backuppc-symlinks-cache ]; then<br />
exit 0<br />
fi<br />
<br />
if [ -L /tmp/backuppc-symlinks-cache/backuppc ]; then<br />
rmdir /var/lib/backuppc/{cpool,pc,pool,}<br />
mv /tmp/backuppc-symlinks-cache/backuppc /var/lib/<br />
echo "==> Restored /var/lib/backuppc => $(readlink /var/lib/backuppc)"<br />
fi<br />
<br />
for dir in cpool pc pool; do<br />
if [ -L /tmp/backuppc-symlinks-cache/$dir ]; then<br />
rmdir /var/lib/backuppc/$dir<br />
mv /tmp/backuppc-symlinks-cache/$dir /var/lib/backuppc/<br />
echo "==> Restored /var/lib/backuppc/${dir} => $(readlink /var/lib/backuppc/$dir)"<br />
fi<br />
done<br />
<br />
if [ -f /tmp/backuppc-symlinks-cache/was-running ]; then<br />
echo '==> BackupPC service was stopped for upgrade.'<br />
echo '==> Check the configuration and run `systemctl start backuppc.service` to restart the service.'<br />
rm -f /tmp/backuppc-symlinks-cache/was-running<br />
fi<br />
<br />
rmdir --ignore-fail-on-non-empty /tmp/backuppc-symlinks-cache &>/dev/null</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-pre.hook|<nowiki><br />
[Trigger]<br />
Operation = Upgrade<br />
Type = Package<br />
Target = backuppc<br />
<br />
[Action]<br />
Description = Stash symlinks for BackupPC pool directories<br />
When = PreTransaction<br />
Exec = /etc/pacman.d/hooks/backuppc-restore-symlinks-pre.sh</nowiki>}}<br />
<br />
{{hc|/etc/pacman.d/hooks/backuppc-restore-symlinks-pre.sh|<nowiki><br />
#!/usr/bin/bash<br />
<br />
if systemctl is-active backuppc.service &>/dev/null; then<br />
systemctl stop backuppc.service<br />
mkdir -p /tmp/backuppc-symlinks-cache<br />
touch /tmp/backuppc-symlinks-cache/was-running<br />
fi<br />
<br />
for dir in /var/lib/backuppc/{cpool,pc,pool,}; do<br />
if [ -L $dir ]; then<br />
mkdir -p /tmp/backuppc-symlinks-cache<br />
mv $dir /tmp/backuppc-symlinks-cache<br />
fi<br />
done</nowiki>}}<br />
<br />
== Apache configuration ==<br />
<br />
BackupPC has a web interface that allows you to easily control it. You can access it using Apache and mod_perl or a C wrapper but other webservers like {{Pkg|lighttpd}} works too. <br />
Install {{Pkg|apache}} from the official repositories.<br />
<br />
=== Edit Apache configuration ===<br />
BackupPC's web UI needs to run as the user backuppc, but Apache normally runs under the user http. There are several ways to fix this. The two demonstrated here are common for single-purpose servers (Apache is only used to serve the BackupPC UI) or for multi-purpose servers (Apache may also server other websites under the regular http user).<br />
<br />
Setting up Apache for single-purpose use is a bit easier but not as flexible.<br />
<br />
==== General settings ====<br />
<br />
Edit {{ic|/etc/backuppc/config.pl}}. Set administrator name:<br />
$Conf{CgiAdminUsers} = 'admin'; <br />
Next, we need to add a users file and set the admin password:<br />
# htpasswd -c /etc/backuppc/backuppc.users admin<br />
<br />
The BackupPC-Webfrontend is initially configured so that you can only access it from the localhost. If you want to access it from all machines in your network, you have to edit {{ic|/etc/httpd/conf/extra/backuppc.conf}}. Edit the line:<br />
Require ip 127.0.0.1<br />
to:<br />
Require ip 127.0.0.1 192.168.0<br />
where you have to replace 192.168.0 to your corresponding IP-Adresses you want to gain access from.<br />
After one of the configuration steps below has also been performed, [re]start the Apache service.<br />
<br />
==== Single-purpose Apache settings ====<br />
[[Install]] {{AUR|mod_perl}} from the [[official repositories]].<br />
<br />
Edit the Apache configuration file to load mod_perl, tell Apache to run as user backuppc and to include {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule perl_module modules/mod_perl.so<br />
User backuppc<br />
Group backuppc<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
==== Multi-purpose Apache settings ====<br />
Instead of globally changing the Apache user and group like in the example above, we will instead make Apache run just the BackupPC CGI script as the backuppc user and leave the default user alone. This method uses mod_cgi to call a wrapper written in C instead of using the extra mod_perl dependency. You still need to have {{Pkg|perl}} itself installed so the wrapper can run the BackupPC scripts.<br />
<br />
Make sure Apache can run CGI programs (the line loading mod_cgi is not commented) and that it reads the BackupPC configuration by including it in {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule cgi_module modules/mod_cgi.so<br />
...<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
===== The webserver user and the suid problem =====<br />
<br />
The current setup of BackupPC, the webserver needs to run as backuppc user and this can be a problem on many setups where the webserver is used for other sites. In the past one could suid a Perl script, but it was blocked globally due security problems several years ago. To workaround that, perl-suid was used, but again blocked due the same problem more recently, scripts cannot be run securely with suid bit. Still there is another way, this time using a simple binary program that is suid as a launcher, that will run the backuppc Perl scripts already with the correct user. This isolates the Perl script from the environment and it is considered safe.<br />
<br />
You need to replace the original backuppc CGI with the below C code compiled program and move the backuppc CGI to another place.<br />
<br />
Move the real CGI {{ic|/usr/share/backuppc/cgi-bin/BackupPC_Admin}} to the lib directory {{ic|/usr/share/backuppc/lib/real-BackupPC_Admin.cgi}}.<br />
<br />
Save the C code below to a file named ''wrapper.c'' (please update the CGI path if needed) and compile it with:<br />
<br />
$ gcc -o BackupPC_Admin wrapper.c<br />
<br />
The wrapper C code:<br />
<br />
#include <unistd.h><br />
#define REAL_PATH "/usr/share/backuppc/lib/real-BackupPC_Admin.cgi"<br />
int main(ac, av)<br />
char **av;<br />
{<br />
execv(REAL_PATH, av);<br />
return 0;<br />
}<br />
<br />
Place the new binary {{ic|BackupPC_Admin}} in the cgi-bin directory and chown the binary CGI to {{ic|backuppc:http}} and set the suid bit:<br />
<br />
# chown backuppc:http /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
# chmod 4750 /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
<br />
Do not forget to clear the suid bit on the original Perl script if it was set (or the CGI page will not load):<br />
<br />
# chmod 0755 /usr/share/backuppc/lib/real-BackupPC_Admin.cgi<br />
<br />
Keep your web server with its usual user and backup should now be able to run correctly.<br />
<br />
{{Note|Keep in mind that the fix described in this section will be overwritten at every package upgrade, resulting in the BackupPC_Admin page displaying a message similar to ''Error: Wrong user: my userid is 33, instead of 126(backuppc)''. You will have to reapply the whole modification manually again to fix it.}}<br />
<br />
== Alternative nginx configuration ==<br />
Install {{Pkg|fcgiwrap}}. Enable and start {{ic|fcgiwrap.socket}}.<br />
{{hc|/etc/nginx/sites-available/backuppc|<nowiki><br />
server {<br />
listen <your_server_port>;<br />
server_name <your_server_name>;<br />
<br />
root /usr/share/backuppc/html;<br />
index /index.cgi;<br />
<br />
access_log /var/log/nginx/backuppc.access.log;<br />
error_log /var/log/nginx/backuppc.error.log;<br />
<br />
location / {<br />
allow 127.0.0.1/32;<br />
# allow 192.168.0.0/24;<br />
deny all;<br />
<br />
# auth_basic "Backup";<br />
# auth_basic_user_file conf/backuppc.users;<br />
}<br />
<br />
location /backuppc {<br />
alias /usr/share/backuppc/html/;<br />
}<br />
<br />
location ~\.cgi$ {<br />
include fastcgi_params;<br />
fastcgi_pass unix:/run/fcgiwrap.sock;<br />
<br />
fastcgi_param REMOTE_ADDR $remote_addr;<br />
fastcgi_param REMOTE_USER $remote_user;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin/BackupPC_Admin;<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
And symlink to sites-enabled:<br />
<br />
# ln -s /etc/nginx/sites-available/backuppc /etc/nginx/sites-enabled<br />
<br />
Change fcgiwrap executing user in systemd fcgiwrap.service file to user: backuppc<br />
<br />
== Alternative lighttpd configuration ==<br />
<br />
{{hc|/etc/lighttpd/lighttpd.conf|<nowiki><br />
server.port = 81<br />
server.username = "backuppc"<br />
server.groupname = "backuppc"<br />
server.document-root = "/srv/http"<br />
server.errorlog = "/var/log/lighttpd/error.log"<br />
dir-listing.activate = "enable"<br />
index-file.names = ( "index.html", "index.php", "index.cgi" )<br />
mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", "" => "application/octet-stream" )<br />
<br />
server.modules = ("mod_alias", "mod_cgi", "mod_auth", "mod_access" )<br />
<br />
alias.url = ( "/BackupPC_Admin" => "/usr/share/backuppc/cgi-bin/BackupPC_Admin" )<br />
alias.url += ( "/backuppc" => "/usr/share/backuppc/html" )<br />
<br />
cgi.assign += ( ".cgi" => "/usr/bin/perl" )<br />
cgi.assign += ( "BackupPC_Admin" => "/usr/bin/perl" )<br />
<br />
auth.backend = "plain"<br />
auth.backend.plain.userfile = "/etc/lighttpd/passwd"<br />
auth.require = ( "/BackupPC_Admin" => ( "method" => "basic", "realm" => "BackupPC", "require" => "user=admin" ) )<br />
</nowiki>}}<br />
<br />
{{hc|/etc/lighttpd/passwd|<br />
admin:''yourpassword''<br />
}}<br />
<br />
And create log file:<br />
<br />
# touch /var/log/lighttpd/error.log<br />
# chown backuppc:backuppc /var/log/lighttpd/error.log<br />
<br />
== Accessing the admin page ==<br />
<br />
Before accesing de admin page you have to specify which users/groups will be able to edit BackupPC's configuration.<br />
<br />
{{hc|/etc/backuppc/config.pl|<nowiki><br />
$Conf{CgiAdminUserGroup} = '<authorized groups>';<br />
$Conf{CgiAdminUsers} = '<authorized users>'; # <-- set to '*' if the webserver is not autenticating users<br />
</nowiki>}}<br />
<br />
Browse to http://localhost/BackupPC_Admin respectively http://''your_backuppc_server_ip''/BackupPC_Admin.<br />
<br />
== Website view problem ==<br />
<br />
Due an Apache directive, the web interface may not shown properly. If that is your case, just modify the line in your {{ic|/etc/httpd/conf/httpd.conf}} that avoids .htaccess and .htpasswd from viewed for clients or change directory name /usr/share/backuppc/html for /usr/share/backuppc/files and update {{ic|/etc/httpd/conf/extra/backuppc.conf}} with the new path, as it follows:<br />
<br />
{{hc|/etc/httpd/conf/extra/backuppc.conf|<br />
Alias /BackupPC/images /usr/share/BackupPC/files/<br />
}}<br />
== See also ==<br />
<br />
* [http://backuppc.sourceforge.net/index.html BackupPC Home page]<br />
* [http://backuppc.sourceforge.net/faq/BackupPC.html BackupPC documentation]</div>Akobelhttps://wiki.archlinux.org/index.php?title=BackupPC&diff=501681BackupPC2017-12-11T16:09:01Z<p>Akobel: Warn about limitations</p>
<hr />
<div>[[Category:System recovery]]<br />
[[ja:BackupPC]]<br />
'''BackupPC''' is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.<br />
<br />
Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape.<br />
<br />
Note that BackupPC only provides file-based backups and restores. In particular, it is not suitable out-of-the-box for "hot" database backups (although pre-backup hooks can be used to dump databases and do "cold" backups); you will need tools like [[xtrabackup]] for that purpose. Also, BackupPC only offers limited handling of opened files. Make sure to read about the [http://backuppc.sourceforge.net/faq/limitations.html limitations of BackupPC] and test a backup-and-restore cycle before you actually need to resort to it for real.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|backuppc}} from the [[official repositories]].<br />
Install {{Pkg|rsync}} and {{Pkg|perl-file-rsyncp}} if you want to use [[rsync]] as a transport, and {{Pkg|rrdtool}} to display usage data in the CGI interface.<br />
<br />
Start the '''backuppc''' [[systemd]] [[daemon]] and, if you wish to have it running at boot time, enable it.<br />
<br />
=== Placing data directories on a separate partition ===<br />
<br />
The BackupPC pool is stored by default under {{ic|/var/lib/backuppc}}, which also serves as the home directory for the backuppc user.<br />
This path can be changed via the {{ic|$Conf{TopDir}}} entry in {{ic|/etc/backuppc/config.pl}}.<br />
Typical reasons are that you keep your system on a fast, but expensive and small, [[SSD]] and need to store the backups on a traditional hard disk, or that you want to keep the backup pool on a partition managed by an [[LVM]] to be able to resize to partition according to changing demands.<br />
<br />
The documentation suggests to not change the {{ic|$Conf{TopDir}}} entry, but instead use symlinks. However, be careful when doing so because package upgrades for backuppc will replace symlinks for both {{ic|/var/lib/backuppc}} or any of the default subdirectories {{ic|cpool}}, {{ic|pc}} or {{ic|pool}} by empty directories '''without any warning'''.<br />
<br />
Thus, it is recommended to either use bind mounts in [[fstab]] instead of symlinks, or to deliberately ignore the recommendation in {{ic|/etc/backuppc/config.pl}} and change {{ic|$Conf{TopDir}}} nevertheless.<br />
<br />
== Apache configuration ==<br />
<br />
BackupPC has a web interface that allows you to easily control it. You can access it using Apache and mod_perl or a C wrapper but other webservers like {{Pkg|lighttpd}} works too. <br />
Install {{Pkg|apache}} from the official repositories.<br />
<br />
=== Edit Apache configuration ===<br />
BackupPC's web UI needs to run as the user backuppc, but Apache normally runs under the user http. There are several ways to fix this. The two demonstrated here are common for single-purpose servers (Apache is only used to serve the BackupPC UI) or for multi-purpose servers (Apache may also server other websites under the regular http user).<br />
<br />
Setting up Apache for single-purpose use is a bit easier but not as flexible.<br />
<br />
==== General settings ====<br />
<br />
Edit {{ic|/etc/backuppc/config.pl}}. Set administrator name:<br />
$Conf{CgiAdminUsers} = 'admin'; <br />
Next, we need to add a users file and set the admin password:<br />
# htpasswd -c /etc/backuppc/backuppc.users admin<br />
<br />
The BackupPC-Webfrontend is initially configured so that you can only access it from the localhost. If you want to access it from all machines in your network, you have to edit {{ic|/etc/httpd/conf/extra/backuppc.conf}}. Edit the line:<br />
Require ip 127.0.0.1<br />
to:<br />
Require ip 127.0.0.1 192.168.0<br />
where you have to replace 192.168.0 to your corresponding IP-Adresses you want to gain access from.<br />
After one of the configuration steps below has also been performed, [re]start the Apache service.<br />
<br />
==== Single-purpose Apache settings ====<br />
[[Install]] {{AUR|mod_perl}} from the [[official repositories]].<br />
<br />
Edit the Apache configuration file to load mod_perl, tell Apache to run as user backuppc and to include {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule perl_module modules/mod_perl.so<br />
User backuppc<br />
Group backuppc<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
==== Multi-purpose Apache settings ====<br />
Instead of globally changing the Apache user and group like in the example above, we will instead make Apache run just the BackupPC CGI script as the backuppc user and leave the default user alone. This method uses mod_cgi to call a wrapper written in C instead of using the extra mod_perl dependency. You still need to have {{Pkg|perl}} itself installed so the wrapper can run the BackupPC scripts.<br />
<br />
Make sure Apache can run CGI programs (the line loading mod_cgi is not commented) and that it reads the BackupPC configuration by including it in {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule cgi_module modules/mod_cgi.so<br />
...<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
===== The webserver user and the suid problem =====<br />
<br />
The current setup of BackupPC, the webserver needs to run as backuppc user and this can be a problem on many setups where the webserver is used for other sites. In the past one could suid a Perl script, but it was blocked globally due security problems several years ago. To workaround that, perl-suid was used, but again blocked due the same problem more recently, scripts cannot be run securely with suid bit. Still there is another way, this time using a simple binary program that is suid as a launcher, that will run the backuppc Perl scripts already with the correct user. This isolates the Perl script from the environment and it is considered safe.<br />
<br />
You need to replace the original backuppc CGI with the below C code compiled program and move the backuppc CGI to another place.<br />
<br />
Move the real CGI {{ic|/usr/share/backuppc/cgi-bin/BackupPC_Admin}} to the lib directory {{ic|/usr/share/backuppc/lib/real-BackupPC_Admin.cgi}}.<br />
<br />
Save the C code below to a file named ''wrapper.c'' (please update the CGI path if needed) and compile it with:<br />
<br />
$ gcc -o BackupPC_Admin wrapper.c<br />
<br />
The wrapper C code:<br />
<br />
#include <unistd.h><br />
#define REAL_PATH "/usr/share/backuppc/lib/real-BackupPC_Admin.cgi"<br />
int main(ac, av)<br />
char **av;<br />
{<br />
execv(REAL_PATH, av);<br />
return 0;<br />
}<br />
<br />
Place the new binary {{ic|BackupPC_Admin}} in the cgi-bin directory and chown the binary CGI to {{ic|backuppc:http}} and set the suid bit:<br />
<br />
# chown backuppc:http /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
# chmod 4750 /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
<br />
Do not forget to clear the suid bit on the original Perl script if it was set (or the CGI page will not load):<br />
<br />
# chmod 0755 /usr/share/backuppc/lib/real-BackupPC_Admin.cgi<br />
<br />
Keep your web server with its usual user and backup should now be able to run correctly.<br />
<br />
== Alternative nginx configuration ==<br />
Install {{Pkg|fcgiwrap}}. Enable and start {{ic|fcgiwrap.socket}}.<br />
{{hc|/etc/nginx/sites-available/backuppc|<nowiki><br />
server {<br />
listen <your_server_port>;<br />
server_name <your_server_name>;<br />
<br />
root /usr/share/backuppc/html;<br />
index /index.cgi;<br />
<br />
access_log /var/log/nginx/backuppc.access.log;<br />
error_log /var/log/nginx/backuppc.error.log;<br />
<br />
location / {<br />
allow 127.0.0.1/32;<br />
# allow 192.168.0.0/24;<br />
deny all;<br />
<br />
# auth_basic "Backup";<br />
# auth_basic_user_file conf/backuppc.users;<br />
}<br />
<br />
location /backuppc {<br />
alias /usr/share/backuppc/html/;<br />
}<br />
<br />
location ~\.cgi$ {<br />
include fastcgi_params;<br />
fastcgi_pass unix:/run/fcgiwrap.sock;<br />
<br />
fastcgi_param REMOTE_ADDR $remote_addr;<br />
fastcgi_param REMOTE_USER $remote_user;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin/BackupPC_Admin;<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
And symlink to sites-enabled:<br />
<br />
# ln -s /etc/nginx/sites-available/backuppc /etc/nginx/sites-enabled<br />
<br />
Change fcgiwrap executing user in systemd fcgiwrap.service file to user: backuppc<br />
<br />
== Alternative lighttpd configuration ==<br />
<br />
{{hc|/etc/lighttpd/lighttpd.conf|<nowiki><br />
server.port = 81<br />
server.username = "backuppc"<br />
server.groupname = "backuppc"<br />
server.document-root = "/srv/http"<br />
server.errorlog = "/var/log/lighttpd/error.log"<br />
dir-listing.activate = "enable"<br />
index-file.names = ( "index.html", "index.php", "index.cgi" )<br />
mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", "" => "application/octet-stream" )<br />
<br />
server.modules = ("mod_alias", "mod_cgi", "mod_auth", "mod_access" )<br />
<br />
alias.url = ( "/BackupPC_Admin" => "/usr/share/backuppc/cgi-bin/BackupPC_Admin" )<br />
alias.url += ( "/backuppc" => "/usr/share/backuppc/html" )<br />
<br />
cgi.assign += ( ".cgi" => "/usr/bin/perl" )<br />
cgi.assign += ( "BackupPC_Admin" => "/usr/bin/perl" )<br />
<br />
auth.backend = "plain"<br />
auth.backend.plain.userfile = "/etc/lighttpd/passwd"<br />
auth.require = ( "/BackupPC_Admin" => ( "method" => "basic", "realm" => "BackupPC", "require" => "user=admin" ) )<br />
</nowiki>}}<br />
<br />
{{hc|/etc/lighttpd/passwd|<br />
admin:''yourpassword''<br />
}}<br />
<br />
And create log file:<br />
<br />
# touch /var/log/lighttpd/error.log<br />
# chown backuppc:backuppc /var/log/lighttpd/error.log<br />
<br />
== Accessing the admin page ==<br />
<br />
Before accesing de admin page you have to specify which users/groups will be able to edit BackupPC's configuration.<br />
<br />
{{hc|/etc/backuppc/config.pl|<nowiki><br />
$Conf{CgiAdminUserGroup} = '<authorized groups>';<br />
$Conf{CgiAdminUsers} = '<authorized users>'; # <-- set to '*' if the webserver is not autenticating users<br />
</nowiki>}}<br />
<br />
Browse to http://localhost/BackupPC_Admin respectively http://''your_backuppc_server_ip''/BackupPC_Admin.<br />
<br />
== Website view problem ==<br />
<br />
Due an Apache directive, the web interface may not shown properly. If that is your case, just modify the line in your {{ic|/etc/httpd/conf/httpd.conf}} that avoids .htaccess and .htpasswd from viewed for clients or change directory name /usr/share/backuppc/html for /usr/share/backuppc/files and update {{ic|/etc/httpd/conf/extra/backuppc.conf}} with the new path, as it follows:<br />
<br />
{{hc|/etc/httpd/conf/extra/backuppc.conf|<br />
Alias /BackupPC/images /usr/share/BackupPC/files/<br />
}}<br />
== See also ==<br />
<br />
* [http://backuppc.sourceforge.net/index.html BackupPC Home page]<br />
* [http://backuppc.sourceforge.net/faq/BackupPC.html BackupPC documentation]</div>Akobelhttps://wiki.archlinux.org/index.php?title=BackupPC&diff=501680BackupPC2017-12-11T15:48:22Z<p>Akobel: Recommendation to not symlinks for TopDir, in contrast to documentation in config.pl</p>
<hr />
<div>[[Category:System recovery]]<br />
[[ja:BackupPC]]<br />
'''BackupPC''' is a high-performance, enterprise-grade system for backing up Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's disk. BackupPC is highly configurable and easy to install and maintain.<br />
<br />
Given the ever decreasing cost of disks and raid systems, it is now practical and cost effective to backup a large number of machines onto a server's local disk or network storage. For some sites this might be the complete backup solution. For other sites additional permanent archives could be created by periodically backing up the server to tape.<br />
<br />
== Installation ==<br />
<br />
[[Install]] {{Pkg|backuppc}} from the [[official repositories]].<br />
Install {{Pkg|rsync}} and {{Pkg|perl-file-rsyncp}} if you want to use [[rsync]] as a transport, and {{Pkg|rrdtool}} to display usage data in the CGI interface.<br />
<br />
Start the '''backuppc''' [[systemd]] [[daemon]] and, if you wish to have it running at boot time, enable it.<br />
<br />
=== Placing data directories on a separate partition ===<br />
<br />
The BackupPC pool is stored by default under {{ic|/var/lib/backuppc}}, which also serves as the home directory for the backuppc user.<br />
This path can be changed via the {{ic|$Conf{TopDir}}} entry in {{ic|/etc/backuppc/config.pl}}.<br />
Typical reasons are that you keep your system on a fast, but expensive and small, [[SSD]] and need to store the backups on a traditional hard disk, or that you want to keep the backup pool on a partition managed by an [[LVM]] to be able to resize to partition according to changing demands.<br />
<br />
The documentation suggests to not change the {{ic|$Conf{TopDir}}} entry, but instead use symlinks. However, be careful when doing so because package upgrades for backuppc will replace symlinks for both {{ic|/var/lib/backuppc}} or any of the default subdirectories {{ic|cpool}}, {{ic|pc}} or {{ic|pool}} by empty directories '''without any warning'''.<br />
<br />
Thus, it is recommended to either use bind mounts in [[fstab]] instead of symlinks, or to deliberately ignore the recommendation in {{ic|/etc/backuppc/config.pl}} and change {{ic|$Conf{TopDir}}} nevertheless.<br />
<br />
== Apache configuration ==<br />
<br />
BackupPC has a web interface that allows you to easily control it. You can access it using Apache and mod_perl or a C wrapper but other webservers like {{Pkg|lighttpd}} works too. <br />
Install {{Pkg|apache}} from the official repositories.<br />
<br />
=== Edit Apache configuration ===<br />
BackupPC's web UI needs to run as the user backuppc, but Apache normally runs under the user http. There are several ways to fix this. The two demonstrated here are common for single-purpose servers (Apache is only used to serve the BackupPC UI) or for multi-purpose servers (Apache may also server other websites under the regular http user).<br />
<br />
Setting up Apache for single-purpose use is a bit easier but not as flexible.<br />
<br />
==== General settings ====<br />
<br />
Edit {{ic|/etc/backuppc/config.pl}}. Set administrator name:<br />
$Conf{CgiAdminUsers} = 'admin'; <br />
Next, we need to add a users file and set the admin password:<br />
# htpasswd -c /etc/backuppc/backuppc.users admin<br />
<br />
The BackupPC-Webfrontend is initially configured so that you can only access it from the localhost. If you want to access it from all machines in your network, you have to edit {{ic|/etc/httpd/conf/extra/backuppc.conf}}. Edit the line:<br />
Require ip 127.0.0.1<br />
to:<br />
Require ip 127.0.0.1 192.168.0<br />
where you have to replace 192.168.0 to your corresponding IP-Adresses you want to gain access from.<br />
After one of the configuration steps below has also been performed, [re]start the Apache service.<br />
<br />
==== Single-purpose Apache settings ====<br />
[[Install]] {{AUR|mod_perl}} from the [[official repositories]].<br />
<br />
Edit the Apache configuration file to load mod_perl, tell Apache to run as user backuppc and to include {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule perl_module modules/mod_perl.so<br />
User backuppc<br />
Group backuppc<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
==== Multi-purpose Apache settings ====<br />
Instead of globally changing the Apache user and group like in the example above, we will instead make Apache run just the BackupPC CGI script as the backuppc user and leave the default user alone. This method uses mod_cgi to call a wrapper written in C instead of using the extra mod_perl dependency. You still need to have {{Pkg|perl}} itself installed so the wrapper can run the BackupPC scripts.<br />
<br />
Make sure Apache can run CGI programs (the line loading mod_cgi is not commented) and that it reads the BackupPC configuration by including it in {{ic|/etc/httpd/conf/extra/backuppc.conf}}:<br />
{{hc|/etc/httpd/conf/httpd.conf|<br />
LoadModule cgi_module modules/mod_cgi.so<br />
...<br />
Include conf/extra/backuppc.conf<br />
}}<br />
<br />
===== The webserver user and the suid problem =====<br />
<br />
The current setup of BackupPC, the webserver needs to run as backuppc user and this can be a problem on many setups where the webserver is used for other sites. In the past one could suid a Perl script, but it was blocked globally due security problems several years ago. To workaround that, perl-suid was used, but again blocked due the same problem more recently, scripts cannot be run securely with suid bit. Still there is another way, this time using a simple binary program that is suid as a launcher, that will run the backuppc Perl scripts already with the correct user. This isolates the Perl script from the environment and it is considered safe.<br />
<br />
You need to replace the original backuppc CGI with the below C code compiled program and move the backuppc CGI to another place.<br />
<br />
Move the real CGI {{ic|/usr/share/backuppc/cgi-bin/BackupPC_Admin}} to the lib directory {{ic|/usr/share/backuppc/lib/real-BackupPC_Admin.cgi}}.<br />
<br />
Save the C code below to a file named ''wrapper.c'' (please update the CGI path if needed) and compile it with:<br />
<br />
$ gcc -o BackupPC_Admin wrapper.c<br />
<br />
The wrapper C code:<br />
<br />
#include <unistd.h><br />
#define REAL_PATH "/usr/share/backuppc/lib/real-BackupPC_Admin.cgi"<br />
int main(ac, av)<br />
char **av;<br />
{<br />
execv(REAL_PATH, av);<br />
return 0;<br />
}<br />
<br />
Place the new binary {{ic|BackupPC_Admin}} in the cgi-bin directory and chown the binary CGI to {{ic|backuppc:http}} and set the suid bit:<br />
<br />
# chown backuppc:http /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
# chmod 4750 /usr/share/backuppc/cgi-bin/BackupPC_Admin<br />
<br />
Do not forget to clear the suid bit on the original Perl script if it was set (or the CGI page will not load):<br />
<br />
# chmod 0755 /usr/share/backuppc/lib/real-BackupPC_Admin.cgi<br />
<br />
Keep your web server with its usual user and backup should now be able to run correctly.<br />
<br />
== Alternative nginx configuration ==<br />
Install {{Pkg|fcgiwrap}}. Enable and start {{ic|fcgiwrap.socket}}.<br />
{{hc|/etc/nginx/sites-available/backuppc|<nowiki><br />
server {<br />
listen <your_server_port>;<br />
server_name <your_server_name>;<br />
<br />
root /usr/share/backuppc/html;<br />
index /index.cgi;<br />
<br />
access_log /var/log/nginx/backuppc.access.log;<br />
error_log /var/log/nginx/backuppc.error.log;<br />
<br />
location / {<br />
allow 127.0.0.1/32;<br />
# allow 192.168.0.0/24;<br />
deny all;<br />
<br />
# auth_basic "Backup";<br />
# auth_basic_user_file conf/backuppc.users;<br />
}<br />
<br />
location /backuppc {<br />
alias /usr/share/backuppc/html/;<br />
}<br />
<br />
location ~\.cgi$ {<br />
include fastcgi_params;<br />
fastcgi_pass unix:/run/fcgiwrap.sock;<br />
<br />
fastcgi_param REMOTE_ADDR $remote_addr;<br />
fastcgi_param REMOTE_USER $remote_user;<br />
fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin/BackupPC_Admin;<br />
}<br />
}<br />
</nowiki>}}<br />
<br />
And symlink to sites-enabled:<br />
<br />
# ln -s /etc/nginx/sites-available/backuppc /etc/nginx/sites-enabled<br />
<br />
Change fcgiwrap executing user in systemd fcgiwrap.service file to user: backuppc<br />
<br />
== Alternative lighttpd configuration ==<br />
<br />
{{hc|/etc/lighttpd/lighttpd.conf|<nowiki><br />
server.port = 81<br />
server.username = "backuppc"<br />
server.groupname = "backuppc"<br />
server.document-root = "/srv/http"<br />
server.errorlog = "/var/log/lighttpd/error.log"<br />
dir-listing.activate = "enable"<br />
index-file.names = ( "index.html", "index.php", "index.cgi" )<br />
mimetype.assign = ( ".html" => "text/html", ".txt" => "text/plain", ".jpg" => "image/jpeg", ".png" => "image/png", "" => "application/octet-stream" )<br />
<br />
server.modules = ("mod_alias", "mod_cgi", "mod_auth", "mod_access" )<br />
<br />
alias.url = ( "/BackupPC_Admin" => "/usr/share/backuppc/cgi-bin/BackupPC_Admin" )<br />
alias.url += ( "/backuppc" => "/usr/share/backuppc/html" )<br />
<br />
cgi.assign += ( ".cgi" => "/usr/bin/perl" )<br />
cgi.assign += ( "BackupPC_Admin" => "/usr/bin/perl" )<br />
<br />
auth.backend = "plain"<br />
auth.backend.plain.userfile = "/etc/lighttpd/passwd"<br />
auth.require = ( "/BackupPC_Admin" => ( "method" => "basic", "realm" => "BackupPC", "require" => "user=admin" ) )<br />
</nowiki>}}<br />
<br />
{{hc|/etc/lighttpd/passwd|<br />
admin:''yourpassword''<br />
}}<br />
<br />
And create log file:<br />
<br />
# touch /var/log/lighttpd/error.log<br />
# chown backuppc:backuppc /var/log/lighttpd/error.log<br />
<br />
== Accessing the admin page ==<br />
<br />
Before accesing de admin page you have to specify which users/groups will be able to edit BackupPC's configuration.<br />
<br />
{{hc|/etc/backuppc/config.pl|<nowiki><br />
$Conf{CgiAdminUserGroup} = '<authorized groups>';<br />
$Conf{CgiAdminUsers} = '<authorized users>'; # <-- set to '*' if the webserver is not autenticating users<br />
</nowiki>}}<br />
<br />
Browse to http://localhost/BackupPC_Admin respectively http://''your_backuppc_server_ip''/BackupPC_Admin.<br />
<br />
== Website view problem ==<br />
<br />
Due an Apache directive, the web interface may not shown properly. If that is your case, just modify the line in your {{ic|/etc/httpd/conf/httpd.conf}} that avoids .htaccess and .htpasswd from viewed for clients or change directory name /usr/share/backuppc/html for /usr/share/backuppc/files and update {{ic|/etc/httpd/conf/extra/backuppc.conf}} with the new path, as it follows:<br />
<br />
{{hc|/etc/httpd/conf/extra/backuppc.conf|<br />
Alias /BackupPC/images /usr/share/BackupPC/files/<br />
}}<br />
== See also ==<br />
<br />
* [http://backuppc.sourceforge.net/index.html BackupPC Home page]<br />
* [http://backuppc.sourceforge.net/faq/BackupPC.html BackupPC documentation]</div>Akobel