Installing BackupPC

This post is how I was able to install BackupPC on my Ubuntu 10.04 server and backup Windows/Linux/Mac clients using rsync and ssh.

Client Setup (Windows 7/Vista/XP)
These instructions are written for Windows 7, Vista, or XP clients. For the SSH portion we will be using CopSSH which is a customized packaged version of the Cygwin openssh code. Rsyncd will be used as the communication for BackupPC to do it’s magic. We could install Cygwin and customize the installation which contains the code but I have found that these two separate products work well and take less configuration and time to complete.
First create a backuppc user account and add it to the Administrators and Backup Operators groups. Set it so the password never expires. Make sure every Windows user has a password set.
SSH Client/Server (Windows 7/Vista/XP)
CopSSH ( downloads at (
Extract CopSSH and install the file accepting all the defaults. The installer will create a service account and generate a random password. Once installed you need to activate a user. Click Start > All Programs > Copssh > 1. Activate a User. From the drop down box for username select your user id and click Next. Type a passphrase and click Activate.
Now you need to open port 22 on the firewall.
Open Control Panel > System Security > Windows Firewall > Advanced Settings. Under Windows firewall and advanced settings click Inbound Rules. On the Right Pane click New Rule. Select Port, click next, in Specific local ports type 22, click next, click Next to allow the connection, click next to allow it through public, private and domain. Give it a name and save it. Try to connect from your server to the system.
For you command line junkies type:
c:windowssystem32> netsh firewall set portopening protocol = TCP port = 22 name = openssh mode = enable scope = CUSTOM addresses = LocalSubnet


Download rsyncd from (
Make a folder named ‘rsyncd’ in C: and unzip the content into c:rsyncd.

Edit Configuration files
Edit c:rsyncdrsyncd.secrets and change UUU:PPP to : and save the file.


Edit c:rsyncdrsyncd.conf file and add the details for the information you want to backup. For this example just want to backup the documents folder for the user. So adding the following lines will take care of it.

path = c:/users/backuppc/Documents
comment = documents
auth users = backuppc
secrets file = c:/rsyncd/rsyncd.secrets
hosts allow =
strict modes = false
read only = true
list = false

You can back up the whole drive and will probably want to add exceptions for directories like TEMP and others. You can do this by creating a separate text file on the server with them listed.

Save the file changes when you are done adding.

Service / Firewall Setup
From a command prompt type cd c:rsyncd press Enter
Run this command to register it as a service.
cygrunsrv.exe -I rsyncd -e CYGWIN=nontsec -p c:/rsyncd/rsync.exe -a "--config=c:/rsyncd/rsyncd.conf --daemon –no-detach"
or edit c:rsyncdservice.bat and remove the rem comments from the last 3 lines and run the command.

Automatic Wakeup/Standby

You may want to configure the clients to automatically wake up when BackupPC connects to them so they don’t need to always be on. First, configure Wake on LAN in the BIOS and configure the network interface. Under the Power Management tab set AC Recover -> Last, Suspend Mode -> S3, and Remote Wake Up -> On.

Client Setup (Linux)
SSH and rsync are standard fare on Linux. Setting them up and configuring are simple to do.
Rsync is included and just needs to be configured to run as a daemon. Edit or create the /etc/rsyncd.conf configuration file. The format is the same as the Windows systems with the exception of the drive letters. Change the values to suit your needs.

motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/
lock file = /var/run/rsync.lock
path = /home
comment = User files
auth users = backuppc
secrets file = /etc/rsyncd.secrets
hosts allow =
strict modes = false
read only = true
list = false
Edit /etc/rsyncd.secrets and change or add UUU:PPP to : and save the file. If the user id you want to use doesn’t exist then you will need to create it.
Change the permissions on rsyncd.secrets and rsync.conf to non-world readable.
$ chmod 640 /etc/rsyncd.secrets
$ chmod 640 /etc/rsyncd.conf
Restart rsync on the system.
$ sudo /etc/init.d/rsync restart

Client Setup (MAC)
Enabling SSH (Remote Access)
Enabling SSH on the MAC is easy due to the kernel being built on BSD. With that in mind, to enable SSH on the system 10.4 and higher.

1. Open System Preferences and click Sharing.
2. Click Services and select the Remote Login checkbox.
Note: Selecting Remote Login also also enables the secure FTP (sftp) service.
Rsync is included and just needs to be configured to run as a daemon. Edit or create the /etc/rsyncd.conf configuration file. The format is the same as the Windows systems with the exception of the drive letters. Change the values to suit your needs.
path = /Users
comment = User files
auth users = backuppc
secrets file = /etc/rsyncd.secrets
hosts allow =
strict modes = false
read only = true
list = false
Edit /etc/rsyncd.secrets and change or add UUU:PPP to : and save the file.
Change the permissions on rsyncd.secrets and rsync.conf to non-world readable.
$ chmod 640 /etc/rsyncd.secrets
$ chmod 640 /etc/rsyncd.conf

Now start rsync in daemon mode. This is done by creating rsync.plist and copying it to /Library/Startupitems/.

After rebooting the system rsync will be running in daemon mode waiting for a connection from BackupPC.
Server Setup (Ubuntu Linux)

BackupPC is available via the Synaptic Package Manager in Ubuntu for extremely easy installation.
Install software
Install BackupPC and sshd so you can connect remotely.
$ sudo apt-get install backuppc
$ sudo apt-get install openssh-server
Set a password for the backuppc web user.
$ htpasswd /etc/backuppc/htpasswd backuppc
Passwordless SSH
We need to setup SSH for the backuppc user. Follow the default suggestions for ssh-keygen and don’t use a passphrase. You could try to use ssh-agent or Seahorse to store the passphrases for encrypted keys, but it is difficult to ensure they are unlocked whenever the backuppc user needs them.

$ sudo -i
$ su backuppc
$ bash
$ ssh-keygen -t rsa
Setup passwordless SSH for each of the clients so the backuppc user can connect without prompts. First copy the backuppc user’s public key to the authorized_users file on each client.
ssh-copy-id username@client
or, if you don’t have ssh-copy-id, use the following where highport is the SSH port you set for the client if you secured SSH. Otherwise you can omit -P highport.

$ scp -P highport /var/lib/backuppc/.ssh/ username@client:~/.ssh/
$ ssh username@client
$ cat ~/.ssh/ >> ~/.ssh/authorized_keys
$ rm ~/.ssh/

Global BackupPC Settings

Most of the global settings are easily configured via the web interface, at http://localhost/backuppc but you can also edit /etc/backuppc/ directly.
Define each host you want to back up. It is easiest to automate email notifications if you use the user’s email address as their username.

ClientCharset ->; cp1252
Only choose if your primary clients run Windows – use the default UTF8 for other clients. If you don’t set this as default, you’ll have to configure it for each Windows client.
XferMethod ->; rsyncd
Regular rsync over SSH doesn’t work between Linux and Windows/Cygwin boxes because of a bug fixed in rsync 3.0. However, BackkupPC doesn’t use the features of 3.0 and the problem remains. Using rsyncd over a pre-established SSH tunnel or VPN is the best way around this.
RsyncdUserName ->; backuppc
Or whatever you call it.
RsyncShareName ->; cyg
Or whatever you call it.
RsyncdUserName ->; backuppc
RsyncdPasswd ->; password you used in the client rsync.secrets files.
Same as is hardcoded in rsyncd.conf on the clients.

BackupFilesExclude is easier to modify in /etc/backuppc/ directly. Pick the exclude list for the primary operating system of your clients. Unfortunately, you will have to hard code the exclude list for your other clients. For example, if Windows 7 or Vista is the primary OS and XP is the only other one, use the 7/Vista excludes below in and the XP excludes in each clients file. You can check out the wiki page I wrote most of to get ideas for excludes for Windows 2000 or Linux.

You may also want to exclude some of the Cygwin directories like /bin, /tmp and /packages (where I told Cygwin to put the package directory during setup). Just make sure to backup /etc so you don’t lose your configuration!

I ran into a lot of problems on my Windows 7 and Vista machines where rsync would follow the junction points Microsoft added for backward compatibility (see this site for more info). This caused extra-long filenames rsync couldn’t handle. To find all junction points on your 7/Vista machine open the Command Prompt and run from the root of the c drive:

dir /aL /s >; c:usersUSERNAMEJunctionPoints.txt

The rules below will exclude these junction points. Rules with asterisks in them will match the junction points that are in every user profile by default without having to code excludes for each user manually. We can remove any temp data and program or system installation files as well. On 7/Vista, only original installation data is stored in Program Files. Any data programs write to their installation folder goes to ProgramData automatically instead. The Windows folder shouldn’t hold anything interesting, either.

Exclude list for Windows 7/Vista clients with the rsyncd share being /cygdrive/c:

$Conf{BackupFilesExclude} = {
#Windows 7/Vista specific!
‘*’ => [
#7/Vista junction points
‘/Documents and Settings’,
‘/ProgramData/Application Data’,
‘/ProgramData/Start Menu’,
‘/Users/All Users’,
‘/Users/Users/Default User’,
‘/Users/Users/All Users/Application Data’,
‘/Users/Users/All Users/Desktop’,
‘/Users/All Users/Documents’,
‘/Users/All Users/Favorites’,
‘/Users/All Users/Start Menu’,
‘/Users/All Users/Templates’,

#Junction points common to every user profile
‘/Users/*/Application Data’,
‘/Users/*/Local Settings’,
‘/Users/*/My Documents’,
‘/Users/*/Start Menu’,
‘/Users/*/AppData/Local/Application Data’,
‘/Users/*/AppData/Local/Temporary Internet Files’,
‘/Users/*/Documents/My Music’,
‘/Users/*/Documents/My Pictures’,
‘/Users/*/Documents/My Videos’,

#Temporary and in-use user data
‘/Users/*/AppData/Local/Microsoft/Windows/Temporary Internet Files’,
‘/Users/*/AppData/Local/Microsoft/Windows Defender/FileTracker’,
‘ProgramData/Microsoft/Windows Defender’,

#Installation folders and system data
‘/Program Files’,
‘/System Volume Information’,


Exclude list for Windows XP clients with the rsyncd share being /cygdrive/c:

$Conf{BackupFilesExclude} = {
#XP specific!
‘*’ => [
#Temporary and in-use user data
‘/Documents and Settings/*/Cookies’,
‘/Documents and Settings/*/Local Settings/Temporary Internet Files’,
‘/Documents and Settings/*/Local Settings/Temp’,
‘/Documents and Settings/*/NTUSER.DAT*’,
‘/Documents and Settings/*/ntuser.dat*’,
‘/Documents and Settings/*/Local Settings/Application Data/Microsoft/Windows/UsrClass.dat*’,
‘/Documents and Settings/*/Local Settings/Application Data/Mozilla/Firefox/Profiles/*/Cache’,
‘/Documents and Settings/*/Local Settings/Application Data/Mozilla/Firefox/Profiles/*/OfflineCache’,
‘/Documents and Settings/*/Recent’,

#Installation folders and system data
‘/System Volume Information’,


EMailAdminUserName ->


CgiUserConfigEditEnable -> no
You probably don’t want users editing their configuration.


FullKeepCnt -> 4, 2, 3, 0, 0, 4
Spreads out backups exponentially over almost three years. The schedule is approximately 0wk (current), 1wk, 2wk, 3wk, 5wk, 7wk, 11wk, 15wk, 19wk, 51wk/1yr, 83wk/1.6yr, 115wk/2.2yr, 147wk/2.8yr.
FullAgeMax -> 1095
3 years.
IncrLevels -> 3, 2, 5, 4, 7, 6
This is based on the Tower of Hanoi puzzle and is a way of balancing your backups so you don’t backup the same data a bunch of times yet retain duplicate backups of the data. See Tower of Hanoi pattern for backup for more info.
BlackoutPeriods:hourEnd -> 1
Better for night owls
BlackoutPeriods:weekDays -> 0, 1, 2, 3, 4, 5, 6
Avoid the same times every day for a home environment.

Client BackupPC Settings

RsyncdClientPort -> XXXXX
Pick a high (10000+) one for each client. They need to be unique to identify tunnels.


ClientNameAlias -> localhost
If you want to use SSH tunnels, you have to create one beforehand and then try to connect to the rsyncd server on the localhost. This breaks the default ping command, so you have to compensate. The workaround for that requires individual attention, which is why this is changed in client settings instead of global ones.
PingCmd -> /etc/backuppc/mktnl clienthostname clientsshport localport

In order to setup the SSH tunnel beforehand, we can create script that BackupPC can run before the backup. I’m placing it in the PingCmd field so it is run when BackupPC pings the host before it starts. It also allows me to return a valid ping even though we set the alias above to localhost.

Here is the contents of /etc/backuppc/mktnl:

/bin/ping -c 1 -w 3 $host
/usr/bin/ssh -f -L $locPort:localhost:$remPort $username@$host -p $sshPort sleep 10 1>/dev/null 2>/dev/null && echo “SSH tunnel started successfully.”

The ping command returns its results to BackupPC and the SSH tunnel is started and prints into the log for you. The sleep 10 makes the tunnel wait for 10 seconds after all traffic finishes before closing.
PingMaxMsec -> 200
Only set for external (over the Internet) hosts


hourEnd and hourBegin adjusted for user

Client Testing

You can test backups for each client by running the following where hostname is the name of the host in the BackupPC global settings.

/usr/share/backuppc/bin/BackupPC_dump -f -v hostname

Web Access and Email Configuration
Client Web Access

You need to set a password for each email address/username you defined previously so users can access their backup pages. Run the following for each host where client email is the email address/username you defined for that host.

htpasswd /etc/backuppc/htpasswd clientemail

To schedule checks for BackupPC status, use cron (see this site for more info). Run

crontab -e

and add the following line to get a message every half hour if the BackupPC server goes down:

*/30 * * * * /usr/share/backuppc/bin/BackupPC_sendEmail -c

If you want to send your email using the message submit port (587) instead of smtp (25), see this post. This will allow you to get around the port 25 blocks some ISPs use to reduce spam on their networks.
Separate Hard Drive for the Pool (Optional)

You probably want to use a separate hard drive or group of drives for your BackupPC pool for easier maintenance, expansion, and reliability. We are going to use Logical Volume Manager (LVM) to create a resizable pool we can easily add more drives to.
Setup LVM

LVM allows us to create expandable logical volumes across many drives. See A Beginner’s Guide To LVM for more detailed setup instructions. Also check out Managing Disk Space with LVM and A simple introduction to working with LVM.

Set up your drive using fdisk. The command below is for a drive at /dev/sdb

fdisk -l
fdisk /dev/sdb

The choices you want to make are: n, p, 1, ENTER, ENTER, t, 1, L, 8e, w. Then run

pvcreate /dev/sdb1
vgcreate bpcfs /dev/sdb1
lvcreate –name bpclv –extents 100%FREE bpcvg
mkfs.ext3 /deb/bpcvg/bpclv

If you get a ‘no entry for device-mapper found’ error, run

modprobe dm-mod

Change the Archive Directory

See here for more info. If your new partition is /dev/bpcvg/bpclv, execute the following commands as root

mount /dev/bpcvg/bpclv /mnt
cp -dpR /var/lib/backuppc/. /mnt
umount /dev/md0
mv /var/lib/backuppc /var/lib/backuppc.orig
mkdir /var/lib/backuppc
mount /dev/bpcvg/bpclv /var/lib/backuppc
df -h
This makes a backup of your data then copies it to the new drive. Once you’re sure that worked, you need to make it mount on startup. Edit /etc/fstab and add the following line:
/dev/bpcvg/bpclv /var/lib/backuppc ext3 rw,noatime 0 0
Then restart and run
df -h
to make sure it worked.

Comments are closed.