Chapter 8. Backup and Restore Procedures

Table of Contents
Server Backup Procedures
Server Restore Procedures
Cisco Router Configuration Backups

Performing regular backups should be considered one of a responsible system administrator's top priorities. Although Linux is an extremely reliable operating system, failures can, do, and probably will occur. They may be caused by hardware failure, power outages, or other unforeseen problems.

More likely will be those problems caused by human error, resulting in undesired changes to, or even deletions of, crucial files. If you are hosting users on your system, you will most certainly be requested to restore an inadvertently deleted file or two.

If you perform regular backups, preferably on a daily basis (at least for user files which are updated often), you will hopefully reduce the possibility of, and increase your recovery from, such file lossage.

The safest method of doing backups is to record them on separate media, such as tape, removable drive, writeable CD, etc., and then store your backup sets in a location separate from your Linux system. Sometimes this may not be practical -- perhaps you do not have a fire-proof vault in which you can store your backup tapes! Or perhaps you do not have access to such an external backup system in the first place. Nonetheless, backups can still be performed, albeit on a slightly limited basis.

At my place of employment, I perform backups on several Linux servers. Depending on the situation, some of these backup sets are written to tapes, others are written to a separate server over the network, while still others are simply written to a separate disk partition (for example, in the ``/archive/'' file system) by an automatic cron job (perhaps because the server is in a remote location, for which a daily visit to perform a tape backup is impractical or impossible).

At home, I do not have an external backup system, nor do I have massive amounts of available disk space to write a backup image. Therefore, I instead back up only my user files on ``/home/'' as well as some customized configuration files in ``/etc/'', writing the backup set to a separate disk partition.

Server Backup Procedures

There are a variety of methods of performing backups with Linux. These include command-line tools included with every Linux distribution, such as ``dd'', ``dump'', ``cpio'', as well as ``tar''. Also available are text-based utilities, such as ``Amanda'' and ``Taper'', which is designed to add a more user-friendly interface to the backup and restore procedures. There are GUI-based utilities as well, such as ``KDat''. Finally, commercial backup utilities are also available, such as ``BRU'' and ``PerfectBackup+''. Any one of these backup solutions can provide protection for your valuable data.

A brief listing of some of the tools available, including where they can be obtained, can be found on the “Linux Applications and Utilities Page”, at When deciding on a backup solution, you will need to consider the following factors:


Caution: When backing up your file systems, do not include the ``/proc'' pseudo-filesystem! The files in /proc are not actually files but are simply file-like links which describe and point to kernel data structures. Backing up a file like ``/proc/kcore'', which is actually a pseudo-file containing the contents of your entire memory, seems like a pretty big waste of tape to me! :-) You will also likely want to avoid backing up the ``/mnt'' file system, unless you have the peculiar desire to back up the files from your CD-ROM device, floppy drive, network file shares, or other mounted devices.

Obviously, the procedures for performing a backup and restore will differ depending on your choice of a backup solution. However, in this section, I will discuss methods for performing backups with the two tools I use most: ``tar'' (whose name stands for “Tape ARchiver”), which is a command-line backup tool largely portable across *nix systems; as well as ``KDat'', a GUI-based tape backup utility which comes included with the KDE packages (see the section called KDE Installation and Configuration in Chapter 5 for more information on KDE).

Finally, I should add that, depending on your choice of backup solution, even if the tool doesn't have the ability built-in to schedule automated or unattended backups, you may be able to automate such backups by using the cron facilities. See the section called Automating Tasks with Cron and Crontab files in Chapter 9 for details on using cron and on creating crontab schedule files.

Backing up with ``tar'':

If you decide to use ``tar'' as your backup solution, you should probably take the time to get to know the various command-line options that are available; type “man tar” for a comprehensive list. You will also need to know how to access the appropriate backup media; although all devices are treated like files in the Unix world, if you are writing to a character device such as a tape, the name of the “file” is the device name itself (eg. ``/dev/nst0'' for a SCSI-based tape drive).

The following command will perform a backup of your entire Linux system onto the ``/archive/'' file system, with the exception of the ``/proc/'' pseudo-filesystem, any mounted file systems in ``/mnt/'', the ``/archive/'' file system (no sense backing up our backup sets!), as well as Squid's rather large cache files (which are, in my opinion, a waste of backup media and unnecessary to back up):

tar -zcvpf /archive/full-backup-`date '+%d-%B-%Y'`.tar.gz \
    --directory / --exclude=mnt --exclude=proc --exclude=var/spool/squid .

Don't be intimidated by the length of the command above! As we break it down into its components, you will see the beauty of this powerful utility.

The above command specifies the options ``z'' (compress; the backup data will be compressed with ``gzip''), ``c'' (create; an archive file is begin created), ``v'' (verbose; display a list of files as they get backed up), ``p'' (preserve permissions; file protection information will be “remembered” so they can be restored). The ``f'' (file) option states that the very next argument will be the name of the archive file (or device) being written. Notice how a filename which contains the current date is derived, simply by enclosing the ``date'' command between two back-quote characters. A common naming convention is to add a ``tar'' suffix for non-compressed archives, and a ``tar.gz'' suffix for compressed ones.

The ``--directory'' option tells tar to first switch to the following directory path (the ``/'' directory in this example) prior to starting the backup. The ``--exclude'' options tell tar not to bother backing up the specified directories or files. Finally, the ``.'' character tells tar that it should back up everything in the current directory.


Note: It is important to realize that the options to tar are cAsE-sEnSiTiVe! In addition, most of the options can be specified as either single mneumonic characters (eg. ``f''), or by their easier-to-memorize full option names (eg. ``file''). The mneumonic representations are identified by prefixing them with a ``-'' character, while the full names are prefixed with two such characters. Again, see the “man” pages for information on using tar.

Another example, this time writing only the specified file systems (as opposed to writing them all with exceptions as demonstrated in the example above) onto a SCSI tape drive follows:

tar -cvpf /dev/nst0 --label="Backup set created on `date '+%d-%B-%Y'`." \
    --directory / --exclude=var/spool/ etc home usr/local var/spool

In the above command, notice that the ``z'' (compress) option is not used. I strongly recommend against writing compressed data to tape, because if data on a portion of the tape becomes corrupted, you will lose your entire backup set! However, archive files stored without compression have a very high recoverability for non-affected files, even if portions of the tape archive are corrupted.

Because the tape drive is a character device, it is not possible to specify an actual file name. Therefore, the file name used as an argument to tar is simply the name of the device, ``/dev/nst0'', the first tape device on the SCSI bus.


Note: The ``/dev/nst0'' device does not rewind after the backup set is written; therefore it is possible to write multiple sets on one tape. (You may also refer to the device as ``/dev/st0'', in which case the tape is automatically rewound after the backup set is written.)

Since we aren't able to specify a filename for the backup set, the ``--label'' option can be used to write some information about the backup set into the archive file itself.

Finally, only the files contained in the ``/etc/'', ``/home/'', ``/usr/local'', and ``/var/spool/'' (with the exception of Squid's cache data files) are written to the tape.

When working with tapes, you can use the following commands to rewind, and then eject your tape:

mt -f /dev/nst0 rewind
mt -f /dev/nst0 offline


Tip: You will notice that leading ``/'' (slash) characters are stripped by tar when an archive file is created. This is tar's default mode of operation, and it is intended to protect you from overwriting critical files with older versions of those files, should you mistakenly recover the wrong file(s) in a restore operation. If you really dislike this behavior (remember, its a feature!) you can specify the ``--absolute-paths'' option to tar, which will preserve the leading slashes. However, I don't recommend doing so, as it is Dangerous!

Backing up with ``KDat'':

If you are using the KDE desktop environment, I believe you will find the ``KDat'' utility both powerful as well as user-friendly. In addition, an added bonus is that KDat uses ``tar'' as its backup engine. Therefore, backup sets written with KDat can be read not only with KDat but with tar as well! This makes KDat a very nice choice for both user-friendliness as well as backup portability.


Tip: Even if you choose not to use nor install the full KDE package, you can still use KDat as long as you have the Qt libraries installed.

The first time you run the KDat program, you will need to create a backup profile. Such a profile tells KDat which files on your system you would like to back up. If you wish, you can create more than one backup profile, depending on your needs (for example, you could create a profile called “Full Backup” for a full system backup, and “Quick Backup” for a backup of user files only).

To create a backup profile, either choose “Create Backup Profile” from the “File” option on menu bar (or right-click on the “Backup Profiles” folder, then choose “Create Backup Profile”). On the right hand side of the KDat window, you can change various settings, such as the profile name, archive name, tar options, as well as others. Click the “Help” menu for more information on what these settings are for.

To specify which files should be included in your backup profile, left-click the checkbox beside the ``/'' directory folder. This will enable all files in and below this directory for backups. Then, left-click on the small ``+'' sign beside the folder. This will expand the folder, showing a list of files in and below it. This will allow you to exclude any files you do not wish to backup; simply left-click the checkbox beside each file or directory you wish to exclude. For example, a full backup should probably have every file and directory checkmarked, with the exception of the ``/proc'' (a pseudo-filesystem containing information about your running system), ``/mnt'' (a directory below which CD-ROM drives, floppies, and network shares are usually mounted), and, if you are a Squid user, ``/var/spool/squid'' (Squid's cache data files). Once you have selected the appropriate files, left-click on the backup profile you are creating, then left-click the “Files >>” button to move the selected files list to your backup profile.


Note: Should your server data be larger in size than can be physically stored on a tape, you will need to create separate backup profiles, one for each portion of your backup set.

To actually perform a backup, insert a tape into the drive, and then choose “Mount Tape” from the “File” menu (or left-click the icon that looks like a tape). This will “mount” the tape (actually, because a tape device is a character device, it isn't actually possible to mount it -- what KDat actually does is to first rewind the tape, attempts to read in header information, and if successful, find the corresponding tape index on your hard drive. Otherwise, KDat will prompt you to format the tape.


(Note: If KDat keeps complaining that a tape isn't in the drive and it actually is in the drive, you should ensure the correct tape device name is specified in the preferences; left-click the “Edit” option on the menu bar and choose “User Preferences”.)

Once KDat has mounted the tape, before you start the backup you must first choose the backup profile you wish to use for the backup. To start the backup, simply right-click on the desired backup profile, and then left-click on the “Backup” option. KDat will first display a dialog box showing you the details of the backup profile you have selected; left-click the “Ok” button to start the backup.

While the backup is in progress, KDat will display a dialog box showing various statistical information (elapsed time, backup size, backup rate, estimated time remaining, as well as the number of files and total bytes written), and display a list of files as they are backed up. A full backup containing several gigabytes of data might take several hours to complete. If you find it necessary, you can left-click the “Abort” button at any time to interrupt the backup process.

Once the backup is complete, you can unmount the tape by choosing “Edit” from the menu bar, and then “Unmount Tape”, or left-click on the tape icon, which will rewind and eject the tape.