How to Set Up Secure Remote Backups with rsync on Linux

Reliable backup solutions are essential for system and data safety; combining scheduled tasks, shell scripts, and remote synchronization with rsync provides fast, secure, and efficient off‑site backups for web sites and other data.

1. What is rsync?

rsync (Remote Sync) is an open‑source tool that mirrors entire directory trees between hosts, supports incremental backups, preserves links and permissions, and compresses data before transfer, making it ideal for remote backup and server mirroring.

Official site: http://rsync.samba.org/ (latest version 3.1.3, maintained by Wayne Davison). It is typically pre‑installed on Linux/UNIX systems.

2. Configuring an rsync server

The setup consists of three steps: creating the rsync configuration file, creating a user data file, and starting the rsync daemon.

2.1 Create /etc/rsyncd.conf

# vim /etc/rsyncd.conf
uid = nobody            # enable anonymous user
gid = nobody
use chroot = yes        # jail to module directory
address = 192.168.1.1   # listening address
port = 873              # listening port
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.1.0/24
[wwwroot]
    path = /var/www/html
    comment = aaa
    read only = no
    dont compress = *.gz *.bz2 *.rar *.zip
    auth users = backuper
    secrets file = /etc/rsyncd_users.db

For security, the module should be read‑only; removing auth users and secrets file enables anonymous access.

2.2 Create user data file /etc/rsyncd_users.db

# vim /etc/rsyncd_users.db
backuper:123456

Since the credentials are stored in plain text, restrict the file permissions: # chmod 600 /etc/rsyncd_users.db Ensure the backup user has read permission on the source directory:

# ls -ld /var/www/html

2.3 Start the rsync daemon

# rsync --daemon
# netstat -anpt | grep rsync

To restart the service:

# kill $(cat /var/run/rsyncd.pid)   # stop
# rsync --daemon                    # start
# kill -9 $(cat /var/run/rsyncd.pid) # force stop

Alternatively, locate the PID with netstat -anpt | grep rsync and kill it, then remove the PID file:

# rm -rf /var/run/rsyncd.pid

3. Using rsync for backups

After the server is configured, the client can run rsync with various options:

-r  recursive
-l  copy symlinks as symlinks
-p  preserve permissions
-t  preserve timestamps
-g  preserve group (root only)
-o  preserve owner (root only)
-D  preserve devices and specials
-a  archive mode (equivalent to -rlptgoD)
-v  verbose output
-z  compress during transfer
-H  preserve hard links
-A  preserve ACLs
--delete        delete extraneous files on receiver
--checksum      skip files based on checksum

Typical usage scenarios:

Local copy : # rsync /etc/passwd 123.txt Sync via SSH : # rsync -av [email protected]:/root/123.txt . Sync with rsync daemon : # rsync -avz [email protected]::wwwroot /root or # rsync -avz rsync://[email protected]/wwwroot /root To allow writes on the server side, adjust permissions:

# chmod o+w /var/www/html
# ls -ld /var/www/html

4. Automating backups with cron

Backups are usually run on a schedule. Example cron entry runs rsync nightly at 22:30:

# vim /root/123.pass
123456          # password file for rsync
# chmod 600 /root/123.pass
# crontab -e
30 22 * * * /usr/bin/rsync -az --delete --password-file=/root/123.pass [email protected]::wwwroot /a
# systemctl restart crond

The cron format is minute hour day month weekday command. After editing, restart the cron daemon.

5. Illustrations