Saturday, June 27, 2015

Mac Backups With Rsync to Encrypted Flash Media

Backup Woes

The main advantage of using a Mac is that it defaults to idiot mode and the main annoyance with a Mac is that it defaults to idiot mode, but underneath it all there is BSD...

The Mac Time Machine backup utility is one such idiot application which is probably fine for a large number of people,  but which doesn't fit my usage scenario.  Coupled with the Disk Utility which makes it hard to format a Flash Memory Device properly, it is even worse.

I want to make backups to USB and SD memory devices, since they are small, solid state and convenient.  However, to make a proper backup, the device should be formatted with HFS+ and it must be Encrypted.  The Disk Utility defaults to the prehistoric FAT in order to support file exchange with legacy Windows machines and FAT doesn't support proper file ownership and permissions.

Also, it is rather self defeating if your HDD is encrypted, while your backups are in plain text on a FAT disk.

Format a Removable Disk with HFS+

  • Run Disk Utility
  • Select ‘1 Partition’ from the Volume Scheme menu.
  • Enter a name eg MACBACKUP1
  • Select Mac OS X Case Sensitive Extended (Journaled) from the Format menu.
  • Click the ‘Options’ button and select ‘GUID Partition Table’ 

 Enable File Ownership Data

  • Right click the flash drive and select ‘Get Info’.
  • Click the lock icon in the bottom right corner.
  • Remove the check mark from ‘Ignore ownership on this volume.

Encrypt the Flash Disk

  • Right click the disk icon and select Encrypt.
  • Generate and save your password in KeepassX.

Backup with Rsync

Now finally, the media is ready to be used for a secure backup.  Time Machine works if the media is formatted this way, but it defaults to backing up everything and a Flash Disk is usually too small to backup everything.  Also, there is no point in backing up the whole system, since one can download a new system from Apple.  I only need to backup my Documents folder - everything else is expendable.

Make a file called /Volumes/MACBACKUP1/sync
Make a directory called /Volumes/MACBACKUP1/bak

Edit the sync script with vi:

#! /bin/bash
rsync -avz --progress --delete --max-delete=10 --max-size=20M ~/Documents /Volumes/MACBACKUP1/bak


Make it executable with chmod +x sync

By selecting a max-size of 20 Megabytes, I exclude things like large archives and ISO images.  Deletions are limited to ten files, in order to prevent a possible disastrous delete of the whole backup set, following a local delete disaster.  The result is a 51 GB backup set, which fits on a 64 GB memory schtick - nice.

Now, you can insert the backup device and click the sync script to backup whatever should be backed up to that device and thereby backup Documents to a USB schtick and backup Pictures to a SD card for example, while having it all secure and encrypted, in case the flash thingy gets lost or stolen or copied by the NSA/CSIS/GCHQ/FSB...

La voila!

Herman

No comments:

Post a Comment

On topic comments are welcome. Junk will be deleted.