backuppc-cae051c/doc-src/BackupPC.pod

=encoding ISO8859-1

=head1 BackupPC Introduction

This documentation describes BackupPC version __VERSION__,
released on __RELEASEDATE__.

=head2 Overview

BackupPC is a high-performance, enterprise-grade system for backing up
Unix, Linux, WinXX, and MacOSX PCs, desktops and laptops to a server's
disk.  BackupPC is highly configurable and easy to install and maintain.

Given the ever decreasing cost of disks and raid systems, it is now
practical and cost effective to backup a large number of machines onto
a server's local disk or network storage.  For some sites this might be
the complete backup solution.  For other sites additional permanent
archives could be created by periodically backing up the server to tape.

Features include:

=over 4

=item *

A clever pooling scheme minimizes disk storage and disk I/O.
Identical files across multiple backups of the same or different PC
are stored only once, resulting in substantial savings in disk storage
and disk writes.

=item *

Compression provides additional reductions in storage, depending
on the type of data being backed up. The CPU impact of compression
is low since only new files (those not already in the pool) need
to be compressed.

=item *

A powerful http/cgi user interface allows administrators to view
the current status, edit configuration, add/delete hosts, view log
files, and allows users to initiate and cancel backups and browse
and restore files from backups.

=item *

The http/cgi user interface has internationalization (i18n) support,
currently providing English, French, German, Spanish, Italian,
Dutch, Polish, Portuguese-Brazilian, Chinese, Polish, Czech,
Japanese, Ukrainian, and Russian.

=item *

No client-side software is needed. On WinXX the standard smb
protocol is used to extract backup data. On linux, unix or MacOSX
clients, rsync, tar (over ssh/rsh/nfs) or ftp is used to extract
backup data.  Alternatively, rsync can also be used on WinXX (using
cygwin), since rsync provides for efficient transfers and allows
incremental backups to detect almost all changes.

=item *

Flexible restore options.  Single files can be downloaded from
any backup directly from the CGI interface.  Zip or Tar archives
for selected files or directories from any backup can also be
downloaded from the CGI interface.  Finally, direct restore to
the client machine (using smb or tar) for selected files or
directories is also supported from the CGI interface.

=item *

BackupPC supports mobile environments where laptops are only
intermittently connected to the network and have dynamic IP addresses
(DHCP).  Configuration settings allow machines connected via slower WAN
connections (eg: dial up, DSL, cable) to not be backed up, even if they
use the same fixed or dynamic IP address as when they are connected
directly to the LAN.

=item *

Flexible configuration parameters allow multiple backups to be performed
in parallel, specification of which shares to backup, which directories
to backup or not backup, various schedules for full and incremental
backups, schedules for email reminders to users and so on.  Configuration
parameters can be set system-wide or also on a per-PC basis.

=item *

Users are sent periodic email reminders if their PC has not
recently been backed up.  Email content, timing and policies
are configurable.

=item *

BackupPC is Open Source software hosted by GitHub.

=back

=head2 BackupPC 4.0

This is the first release of 4.0, which is a significant rewrite of
BackupPC.  This section provides a short overview of the changes and
features in 4.0.

Here's a short summary of what has changed in V4:

=over 4

=item *

No use of hardlinks (except temporarily to do atomic renames).  Reference
counting is handled at the application level in a batch manner (hardlinks
will still remain for any legacy V3 backups).

=item *

Backups are stored as "reverse deltas" - the most recent backup is always filled
and older backups are reconstituted by merging all the deltas starting with the
nearest future filled backup and working backwards.

This is the opposite of V3 where incrementals are stored as "forward deltas"
to a prior backup (typically the last full backup or prior lower-level
incremental backup, or the last full in the case of rsync).

=item *

Since the most recent backup is filled, viewing/restoring that backup (which is
the most common backup used) doesn't require merging any deltas from other backups.

=item *

The concepts of incr/full backups and unfilled/filled storage are decoupled.  The most
recent backup is always filled.  By default, for the remaining backups, full backups
are filled and incremental backups are unfilled, but that is configurable.

=item *

Uses full-file MD5 digests, which are stored in the directory attrib
files.  Each backup directory only contains an empty attrib file whose
name includes its own MD5 digest, which is used to look up the attrib
file's contents in the pool.  In turn, that file contains the metadata
for every file in that directory, including each files's MD5 digest.

=item *

The Pool layout still supports chains to handle md5 collisions.  While collisions
can be constructed and are now well-known, they are highly unlikely in the wild.
Pool files are never renamed or moved, unlike V3.

=item *

Any backup can be deleted (deltas are merged into next older backup if it is
not filled).

=item *

The reverse deltas allow "infinite incrementals" - no need for a full backup
if you are willing to trade speed for the risk that a file change will
not be detected if the metadata (eg, mtime or size) doesn't change.

=item *

An rsync "full" backup now uses --checksum (instead of --ignore-times),
which is much more efficient on the server side - the server just needs to
check the full-file checksum computed by the client, together with the mtime,
nlinks, size attributes, to see if the file has changed.  If you want a more
conservative approach, you can change it back to --ignore-times, which
requires the server to send block checksums to the client.

=item *

The use of rsync --checksum allows BackupPC to guess a potential match
anywhere in the pool, even on a first-time backup.  In that case, the usual
rsync block checksums are still exchanged to make sure the complete file
is identical.

=item *

Uses a modified rsync called rsync_bpc (currently based on rsync-3.0.9)
on the server side (in place of File::RsyncP), with a C code interface
to the BackupPC storage.  So the whole data path for rsync is now in compiled
C code, which is much faster than perl.

=item *

Due to the use of rsync-3.X, acls and xattrs are supported, and many other
useful options (but not all) are supported.  Rsync protocol 30 supports
the efficient incremental file list, which significantly improves memory
usage and startup time.  It also supports MD5 full-file checksums, which
match BackupPC's new digest.  That allows a full-file digest to be checked
as easily as an mtime on the server side.

=item *

Significant portions of the BackupPC code are now compiled C code in a
new module called BackupPC::XS that is dynamically linked to perl.

=back

Here is a more detailed discussion:

=over 4

=item *

Completely new backup storage.  No hardlinks!  Backups are stored as reverse deltas,
with the most recent backup always filled.  Prior backup "n" contains the changes
relative to prior backup "n+1".

=item *

Since every backup is based on the last filled backup, the concept of incremental
levels is removed.

=item *

Example: let's assume backup #4 is the most recent, and therefore filled, and
backups #0..3 are not filled.

Backups #0..3 store just the necessary reverse changes needed to
reconstruct those backups, relative to the next backup.

   - To view/restore backup #4, all the information is stored in backup #4.
   - To view/restore backup #3, backup #4 (the filled one), is merged with the deltas in #3.
   - To view/restore backup #2, backup #4 (the filled one), is merged with the deltas in #3 and #2
   - etc.

When a new backup is started (#5), we begin by renaming backup #4 to #5.
At that instant, backup #4 storage is now empty (which means backups #4
and #5 are currently identical).  As the backup runs, changes are made
to #5 with the changed/new files in place, and the opposite changes are
added to backup #4, to keep the "view" of backup #4 unchanged.

After the backup is done, #5 is now the filled version of the latest
backup, and #4 contains the changes necessary to turn #5 back into the state
when backup #4 was done.  If there are no changes detected in the new
backup, the storage tree for #4 will be empty.  If just one file changed,
the new file will be below #5, and the prior file will be below #4 (well,
technically not quite true, since files aren't stored below the backup
trees; more correctly, the attrib file in #5 will point to the new pool
file, and the attrib file in #4 will point to the old pool file).

=item *

The concepts of incr/full backups and unfilled/filled storage are now
decoupled.  The most recent backup is always filled (whether or not the
last backup was a full or incr).  Certain older backups can be filled
for convenience to make restoring old backups faster (because fewer
backups need to be merged), and are used to specify expiry schedules.

=item *

When a backup starts, there are several different cases that determine
how the backups are stored and whether prior deltas are stored:

=over 4

=item 1

No existing backups: create a new backup #0 and do a full backup in place
(ie: no prior deltas are stored).

=item 2

V3 backups exist, but no V4 backups.  The last V3 backup is duplicated into
V4 format, and a full backup is done in place (ie: no prior deltas are stored).

=item 3

Last V4 backup is a full, or more than $Conf{FillCycle} since last filled
backup.  The last backup is duplicated to create a new filled backup, and
the new backup is done in place (ie: no prior deltas are stored).

=item 4

There are V4 backups and it's less than $Conf{FillCycle} since last one is
filled.  Renumber the last backup to #n+1, and put the reverse deltas in
initially empty backup tree #n.

=item 5

CompressLevel has toggled on/off between backups.  This isn't well tested and
it's very hard to support efficiently.  We treat this as a brand new (empty) backup
in place, that is therefore filled.  That way we won't need to merge between
backups with compress on/off.

=item 6

Last backup was a V4 partial.  If prior V4 backup is filled (and not partial),
then just do another in-place backup.  Otherwise, treat as case 4.  When complete
(whether successful or another partial), delete the prior deltas in #n, which
merges the cumulative changes into #n-1.

=back

=item *

The treatment of a "Partial" backup has changed.  Unlike in V3 where partials are
removed prior to the next backup, in V4 partials are kept and are used as the starting
point for the next backup.  See case 6 above.  If the new backup fails, if no files
have been backed up, the empty backup #n is removed.

=item *

Backups are stored as mangled directory trees, but each directory only
contains an "attrib" file.  The attrib file is zero-length, and its name
includes the MD5 digest so the contents can be looked up in the pool.

The attrib contents in the pool contains the directory contents: for each
file, that means the metadata, xattrs and the MD5 digest of the file
contents.

=item *

A modified rsync called rsync_bpc, based on rsync 3.0.9, is used on
the server side, with a C code layer that emulates all the file-system
OS calls to be compatible with the BackupPC store.  That means for
rsync, the data path is now fully in compiled C, which should mean a
significant speedup.  It also means many (but not all) of the rsync
options are supported natively.

=item *

Significant parts of the BackupPC storage and pooling code have been written in C
(the same code is used in the server rsync_bpc).  BackupPC::FileZIO, BackupPC::PoolWrite,
BackupPC::Attrib, BackupPC::AttribCache and BackupPC::PoolRefCnt (reference counting and
storage) are all replaced with BackupPC::XS, a C-code perl extension.

=item *

Extended attributes (xattr) are supported.  Rsync is configured to "store acls using xattr",
meaning both acls and xattrs are supported.

=item *

infinite incrementals with rsync are supported.  The most recent backup
is always filled, so an incremental will still leave the most recent
backup filled.

=item *

any V4 backup can be deleted - dependencies are merged into the next older backup
if it isn't already filled.

=item *

file digests are full-file MD5.  Collisions are much more unlikely than V3,
but still possible.  Duplicates are implemented with an extension to the
16 byte MD5 digest (ie: 16 bytes for plain file, 17 bytes for next
255 duplicates etc).

=item *

V4 pool files are stored in a new hierarchy, two levels deep, with
7 bits at each level (ie: 128 directories at top-level, and each
with 128 directories at next level).

=item *

V4 pool files are never moved or renamed.

=item *

Inodes for hardlinked files are stored in each backup tree.  This makes
backing up hardlinks accurate, compared to V3, and provides for consistent
inode numbering across backups.

=item *

zero-sized files or empty attribute files don't get written or pooled.

=item *

the elimination of hardlinks means that reference counting has to be maintained by
the BackupPC code.  This is one of the riskiest area in terms of development
and testing.  Reference counts are maintained per-backup, per-host, and for the
whole pool.

Each operation that changes reference counts (eg: doing a new backup, deleting
a backup, or duplicating (filling) a backup) creates one or more poolRefDelta
files in that client's backup directory (ie: TopDir/pc/HOST/NNN).  These files
are lists of MD5 digests, and corresponding counts deltas.

Each night, BackupPC_nightly runs BackupPC_refCountUpdate, which, for each
host, updates the per-host reference count database with the new deltas.
It then combines all the per-host reference count files to create the
global pool reference count database.

BackupPC_refCountUpdate can run concurrently with backups.  If you still
have V3 backups and pool, BackupPC_nightly still needs to run and check
for old V3 pool files that can be deleted.  But since there are no
new V3 backups happening, BackupPC_nightly can run concurrently with
backups.

=item *

There is a new utility BackupPC_fsck that can check/fix the per-host
and global reference counts.  The per-host reference count database
is verified by parsing all the attrib files in each backup tree.
The global reference count database is verified by combing all the
per-host reference count databases and comparing them.

BackupPC_fsck cannot run when BackupPC is.

=item *

When BackupPC_refCountUpdate updates the overall reference counts, it
removes pool files that have a reference count of zero.  To avoid race
conditions, it uses a two-phase process.  It first flags files that have
zero reference counts using one of the file attributes.  The next time
it runs (typically 24 hours later), any flagged files that still have
zero reference count are then removed.  The rest of the code knows not
to use flagged pool files to avoid race conditions.

=item *

Progress indication: a simple status that shows the number of files
processed so far.  It's hard to convert that to a percentage, since
the total isn't known until the end of the backup.  But knowing the
number of files is quite helpful, since you can get an idea of the
expected total based on the prior backups, or knowing what configuration
you have changed (ie: adding a large new tree).

=item *

BackupPC_link is removed since it is no longer used.

=item *

Since files are no longer stored in backup trees, browsing the backup
trees is even harder than V3 (where you just had to deal with mangling).
A new utility BackupPC_ls acts like "ls -l", showing accurate directory
listings of files, together with the MD5 digests.

BackupPC_ls can be given either an explicit hostname, number,
and unmangled path, or can be given the full (mangled) path,
which makes it easier to use directory completion.  It should
be possible to configure tcsh and bash, together with some new
hooks in BackupPC_ls, to give a more natural file/directory
completion.

BackupPC_zcat also can take just the MD5 digest (which you can paste
from BackupPC_ls).  Currently BackupPC_zcat doesn't support the tree
parsing that BackupPC_ls does (it can only zcat actual files),  but
that should be easy to rectify.

=item *

Configuration for expiry: since full/incr are decoupled from filled/unfilled,
expiry is a bit trickier.

The convention for expiry parameters is "FullKeepPeriod/FullKeepCnt"
etc refer to B<Filled> backups, and "IncrKeepPeriod/IncrKeepCnt" refer
to B<Unfilled> backups.

=item *

V3 migration: nothing specific is needed.  V4 can browse/view/restore
V3 backups.  When you install V4, no changes are made to any V3 backups.
If you are upgrading from V3, be sure to set $Conf{PoolV3Enabled} to 1 so
the old V3 pool is searched for matching files.

=over 4

=item *

When you install V4, it will notice that the V3 pool exists.  Running
configure.pl should set $Conf{PoolV3Enabled} to 1 in that case, but
you should be sure to check that.

=item *

When a V4 backup is first done, BackupPC_backupDuplicate is
run to duplicate the most recent V3 backup to create a new V4 backup.
A "filled" view of the most recent V3 backup is used to create
a "filled" V4 backup tree.

This step could be time consuming, since every file needs to be read
(as a V3 file) and written as a V4 file.  However, the V4 pooling
code knows about the V3 pool, so it will move the V3 pool file
into the V4 pool.  So this duplication process doesn't burn a lot of
pool storage space, but every file still needs to be read
(to compute the MD5 digest) and "written" (really just
matching/linking).

=item *

Expiry: all the V3 + V4 backups are considered on a combined basis
for expiry checking.

=item *

On a clean new V4 install, the steps of computing and checking V3
digests is eliminated.

=item *

Downgrading V4->V3: Not tested and not recommended.
In theory you can remove any new V4 backups, remove the V4 pool
itself, and you should be able to re-install V3 and still have
access to your original full working V3 store (except for any
V3 backups that V4 might have routinely removed based on normal
backup expiry configuration).

However, any V3 pool files moved to V4 will no longer be in the V3
pool.  So subsequent V3 backups will burn more storage as files
get re-added to the old V3 pool.

Hopefully downgrading isn't necessary...

=back

=item *

Optimizations: the C code implementation should give a significant performance
advantage, as well as the more flexible.

Potential V4 optimizations that are planned, but not yet implemented, include:

=over 4

=item *

rsync-bpc doesn't support checksum caching.

=item *

rsync-bpc with --ignore-times actually reads each unchanged file three times,
and writes it once (normal rsync reads twice and writes once; the extra one
is due to compression).  Some careful optimization can eliminate two reads
and the write.  The final read can be eliminated with checksum caching.

=item *

BackupPC_refCountUpdate, BackupPC_fsck, BackupPC_backupDuplicate,
BackupPC_backupDelete are all single-threaded.

=back

=back

=head2 Backup basics

=over 4

=item Full Backup

A full backup is a complete backup of a share. BackupPC can be configured
to do a full backup at a regular interval (typically weekly).  BackupPC
can be configured to keep a certain number of full backups.  Exponential
expiry is also supported, allowing full backups with various vintages to
be kept (for example, a settable number of most recent weekly fulls, plus
a settable number of older fulls that are 2, 4, 8, or 16 weeks apart).

=item Incremental Backup

An incremental backup is a backup of files that have changed since the
last successful backup.

Rsync is the best option for BackupPC.  Any files whose attributes
have changed (ie: uid, gid, mtime, modes, size) since the last full
are backed up.  Deleted, new files and renamed files are detected by
rsync incrementals.

For SMB and tar, BackupPC uses the modification time (mtime) to
determine which files have changed since the last backup.  That
means SMB and tar incrementals are not able to detect deleted files,
renamed files or new files whose modification time is prior to the
last lower-level backup.

BackupPC can also be configured to keep a certain number of incremental
backups, and to keep a smaller number of very old incremental backups.

BackupPC "fills-in" incremental backups when browsing or restoring,
based on the levels of each backup, giving every backup a "full"
appearance.  This makes browsing and restoring backups much easier:
you can restore from any one backup independent of whether it was
an incremental or full.

=item Partial Backup

When a full or incremental backup fails or is canceled, the most
recent backup is labeled "partial".  Prior to V4, that backup was
incomplete, and would be deleted when the next backup completed.

In V4 a partial backup denotes that the last backup is incomplete.
However, since V4 does backup updating in place, it represents the best
and latest backup.  A partial backup can be browsed or used to restore
files just like a successful full or incremental backup.  And it will
be used as the starting point for the next backup attempt.

=item Identical Files

BackupPC pools identical files.  By "identical files" we mean files
with identical contents, not necessary the same permissions, ownership
or modification time.  Two files might have different permissions,
ownership, or modification time but will still be pooled whenever
the contents are identical.  This is possible since BackupPC stores
the file metadata (permissions, ownership, and modification time)
separately from the file contents.

Prior to V4, identical files were stored using hardlinks.  In V4+,
hardlinks are eliminated (except for temporary atomic renames), and
reference counting is done at the application level.

=item Backup Policy

Based on your site's requirements you need to decide what your backup
policy is.  BackupPC is not designed to provide exact re-imaging of
failed disks.  See L<Some Limitations> for more information.
However, with rsync and tar transports for linux/unix clients, plus
full support for special file types, extended attributes etc,
likely means an exact image of a linux/unix file system can be made.

BackupPC saves backups onto disk. Because of pooling you can relatively
economically keep several weeks or months of old backups.

At some sites the disk-based backup will be adequate, without a
secondary offsite cloud, disk or tape backup. This system is robust
to any single failure: if a client disk fails or loses files, the
BackupPC server can be used to restore files. If the server disk
fails, BackupPC can be restarted on a fresh file system, and create
new backups from the clients. The chance of the server disk failing
can be made very small by spending more money on increasingly better
RAID systems.  However, there is still the risk of catastrophic
events like fires or earthquakes that can destroy both the BackupPC
server and the clients it is backing up if they are physically
nearby.

Some sites might choose to do periodic backups to tape or cd/dvd.
This backup can be done perhaps weekly using the archive function of
BackupPC.

Other users have reported success with removable disks to rotate the
BackupPC data drives, or using rsync to mirror the BackupPC data pool
offsite.

In V4, since hardlinks are not used permanently, duplicating a V4 pool
is much easier, allowing remote copying of the pool.

=back

=head2 Resources

=over 4

=item BackupPC home page

The BackupPC project page is at:

    https://backuppc.github.io/backuppc

This page has links to the current documentation, github project source
and general information.

=item Github

BackupPC development is hosted on github:

    https://github.com/backuppc

Releases for BackupPC and the required packages BackupPC-XS and rsync-bpc are
available at:

    https://github.com/backuppc/backuppc/releases
    https://github.com/backuppc/backuppc-xs/releases
    https://github.com/backuppc/rsync-bpc/releases

=item BackupPC Wiki

BackupPC has a Wiki at L<https://github.com/backuppc/backuppc/wiki>.
Everyone is encouraged to contribute to the Wiki.  Anyone with a
Github account can edit the Wiki.

=item Mailing lists

Three BackupPC mailing lists exist for announcements (backuppc-announce),
developers (backuppc-devel), and a general user list for support, asking
questions or any other topic relevant to BackupPC (backuppc-users).

The lists are archived on SourceForge:

    https://sourceforge.net/p/backuppc/mailman/backuppc-users/

You can subscribe to these lists by visiting:

    http://lists.sourceforge.net/lists/listinfo/backuppc-announce
    http://lists.sourceforge.net/lists/listinfo/backuppc-users
    http://lists.sourceforge.net/lists/listinfo/backuppc-devel

The backuppc-announce list is moderated and is used only for
important announcements (eg: new versions).  It is low traffic.
You only need to subscribe to one of backuppc-announce and
backuppc-users: backuppc-users also receives any messages on
backuppc-announce.

The backuppc-devel list is only for developers who are working on BackupPC.
Do not post questions or support requests there.  But detailed technical
discussions should happen on this list.

To post a message to the backuppc-users list, send an email to

    backuppc-users@lists.sourceforge.net

Do not send subscription requests to this address!

=item Other Programs of Interest

If you want to mirror linux or unix files or directories to a remote server
you should use rsync, L<http://rsync.samba.org>.  BackupPC uses
rsync as a transport mechanism; if you are already an rsync user you
can think of BackupPC as adding efficient storage (compression and
pooling) and a convenient user interface to rsync.

Two popular open source packages that do tape backup are
Amanda (L<http://www.amanda.org>)
and Bacula (L<http://www.bacula.org>).
These packages can be used as complete solutions, or also as back
ends to BackupPC to backup the BackupPC server data to tape.

Avery Pennarun's bup (L<https://github.com/bup/bup>) uses the git packfile format to
do efficient incrementals and deduplication.
Various programs and scripts use rsync to provide hardlinked backups.
See, for example, Mike Rubel's site (L<http://www.mikerubel.org/computers/rsync_snapshots>),
JW Schultz's dirvish (L<http://www.dirvish.org/>),
Ben Escoto's rdiff-backup (L<http://www.nongnu.org/rdiff-backup>),
and John Bowman's rlbackup (L<http://www.math.ualberta.ca/imaging/rlbackup>).

BackupPC provides many additional features, such as compressed storage,
deduplicating any matching files (rather than just files with the same name),
and storing special files without root privileges.  But these other programs
provide simple, effective and fast solutions and are definitely worthy of
consideration.

=back

=head2 Road map

The new features planned for future releases of BackupPC
are on the Wiki at L<https://github.com/backuppc/backuppc/wiki>.

Comments and suggestions are welcome.

=head2 You can help

BackupPC is free. I work on BackupPC because I enjoy doing it and I like
to contribute to the open source community.

BackupPC already has more than enough features for my own needs.  The
main compensation for continuing to work on BackupPC is knowing that
more and more people find it useful.  So feedback is certainly
appreciated, both positive and negative.

Also, everyone is encouraged to contribute patches, bug reports,
feature and design suggestions, new code, Wiki additions (you can
do those directly) and documentation corrections or improvements.
Answering questions on the mailing list is a big help too.

=head1 Installing BackupPC

=head2 Requirements

BackupPC requires:

=over 4

=item *

A linux, solaris, or unix based server with a substantial amount of free
disk space (see the next section for what that means). The CPU and disk
performance on this server will determine how many simultaneous backups
you can run. You should be able to run 4-8 simultaneous backups on a
moderately configured server.

It is also recommended you consider either an LVM or RAID setup so that
you can expand the file system as necessary.

=item *

Perl version 5.8.0 or later.  If you don't have perl, please
see L<http://www.cpan.org>.

=item *

The perl modules BackupPC::XS (version >= 0.50) is required, and
several others, File::Listing, Archive::Zip, XML::RSS, Net::FTP,
Net::FTP::RetrHandle, Net::FTP::AutoReconnect are recommended.

Try "perldoc BackupPC::XS" and "perldoc Archive::Zip" to see if you have these
modules.  If not, fetch them from L<http://www.cpan.org> and see the
instructions below for how to build and install them.

The CGI Perl module is required for the http/cgi user interface. CGI was a core module,
but from version 5.22 Perl no longer ships with it.

=item *

If you are using rsync to backup linux/unix machines you should have
rsync on each client machine.  Version 3+ is strongly recommended, but
earlier versions will work too. See L<http://rsync.samba.org>.
Use "rsync --version" to check your version.

For BackupPC to use Rsync you will also need to install rsync-bpc on
the server.

=item *

If you are using smb to backup WinXX machines you need smbclient and
nmblookup from the samba package.  You will also need nmblookup if
you are backing up linux/unix DHCP machines.  See L<http://www.samba.org>.

See L<http://www.samba.org> for source and binaries.  It's pretty easy to
fetch and compile samba, and just grab smbclient and nmblookup, without
doing the installation. Alternatively, L<http://www.samba.org> has binary
distributions for most platforms.

=item *

If you are using tar to backup linux/unix machines, those machines should have
version 1.13.20 or higher recommended.  Use "tar --version" to check your version.
Various GNU mirrors have the newest versions of tar;
see L<http://www.gnu.org/software/tar/>.

=item *

The Apache web server, see L<http://www.apache.org>, preferably built
with mod_perl support.

=item *

If rrdtool is installed on the BackupPC server, graphs of the pool usage
will be maintained and displayed.  To enable the graphs, point $Conf{RrdToolPath}
to the rrdtool executable.

=back

=head2 What type of storage space do I need?

Starting with 4.0.0, BackupPC no longer uses hardlinks for storage of
deduplicated files.  However, hardlinks are still used temporarily in
a few places for doing atomic renames, with a fallback doing a file copy
if the hardlink fails, and files are moved (renamed) across various paths
that turn into expensive file copies if they span multiple file systems.

So ideally BackupPC's data store (__TOPDIR__) is a single file system that
supports hardlinks.  It is ok to use a single symbolic link at the top-level
directory (__TOPDIR__) to point the entire data store somewhere else).
You can of course use any kind of RAID system or logical volume manager
that combines the capacity of multiple disks into a single, larger,
file system. Such approaches have the advantage that the file system can
be expanded without having to copy it.

Any standard linux or unix file system supports hardlinks.  NFS mounted
file systems work too (provided the underlying file system supports
hardlinks).  But windows based FAT and NTFS file systems will not work.

In BackupPC 3.x, hardlinks are fundamental to deduplication, so a startup
check is done ensure that the file system can support hardlinks, since
this is a common area of configuration problems in v3.  In 4.x, that check
is only done if the pool still contains v3 backups and pool files.

=head2 How much disk space do I need?

Here's one real example (circa 2002) for an environment that is
backing up 65 laptops with compression off. Each full backup averages
3.2GB. Each incremental backup averages about 0.2GB. Storing one
full backup and two incremental backups per laptop is around 240GB
of raw data. But because of the pooling of identical files, only
87GB is used.  This is without compression.

Another example, with compression on: backing up 95 laptops, where
each backup averages 3.6GB and each incremental averages about 0.3GB.
Keeping three weekly full backups, and six incrementals is around
1200GB of raw data.  Because of pooling and compression, only 150GB
is needed.

Here's a rule of thumb. Add up the disk usage of all the machines you
want to backup (210GB in the first example above). This is a rough
minimum space estimate that should allow a couple of full backups and at
least half a dozen incremental backups per machine. If compression is on
you can reduce the storage requirements by maybe 30-40%.  Add some margin
in case you add more machines or decide to keep more old backups.

Your actual mileage will depend upon the types of clients, operating
systems and applications you have. The more uniform the clients and
applications the bigger the benefit from pooling common files.

In addition to total disk space, you should make sure you have
plenty of inodes on your BackupPC data partition. Some users have
reported running out of inodes on their BackupPC data partition.
So even if you have plenty of disk space, BackupPC will report
failures when the inodes are exhausted.  This is a particular
problem with ext2/ext3 file systems that have a fixed number of
inodes when the file system is built.  Use "df -i" to see your
inode usage.

=head2 Step 1: Getting BackupPC

Many linux distributions now include BackupPC, so installing
BackupPC via your package manager is the best approach.

For example, for Debian, supported by Ludovic Drolez, can be found at
L<http://packages.debian.org/backuppc> and is included in the current
stable Debian release.  On Debian, BackupPC can be installed with
the command:

    apt-get install backuppc

You should also install rsync-bpc; the BackupPC package might include
it already, but if not:

    apt-get install rsync-bpc

If those commands work, you can skip to Step 3.

Alternatively, manually fetching and installing BackupPC is easy.
Start by downloading the latest version from

    https://github.com/backuppc/backuppc/releases

=head2 Step 2: Installing the distribution

Note: most information in this step is only relevant if you build
and install BackupPC yourself.  If you use a package provided by a
distribution, the package management system should take of installing
any needed dependencies.

First off, there are several perl modules you should install.  The
first one, BackupPC::XS, is required.  The others are optional
but highly recommended.  Use either your linux package manager,
or the cpan command, or follow the instructions in the README files
to install these packages:

=over 4

=item BackupPC::XS

Significant portions of BackupPC are implemented in C code contained in
this module.  You can run "perldoc BackupPC::XS" to see if this module
is installed.  You need to have version >= 0.50.  BackupPC::XS is
available from:

    https://github.com/backuppc/backuppc-xs/releases

and also CPAN.

=item Archive::Zip

To support restore via Zip archives you will need to install
Archive::Zip, also from L<http://www.cpan.org>.
You can run "perldoc Archive::Zip" to see if this module is installed.

=item XML::RSS

To support the RSS feature you will need to install XML::RSS, also from
L<http://www.cpan.org>.  There is not need to install this module if you
don't plan on using RSS. You can run "perldoc XML::RSS" to see if this
module is installed.

=item CGI

The CGI Perl module is required for the http/cgi user interface. CGI was a core module,
but from version 5.22 Perl no longer ships with it so you'll need to install it if you
are using a recent version of perl.

=item SCGI

The SCGI Perl module is required to use the S/CGI protocol for the http/cgi user interface.

=item File::Listing, Net::FTP, Net::FTP::RetrHandle, Net::FTP::AutoReconnect

To use ftp with BackupPC you will need four libraries, but actually
need to install only File::Listing from L<http://www.cpan.org>.
You can run "perldoc File::Listing" to see if this module is installed.
Net::FTP is a standard module. Net::FTP::RetrHandle and
Net::FTP::AutoReconnect included in BackupPC distribution.

=back

To build and install these packages you should use the cpan command.  At
the prompt, type

    install BackupPC::XS

Alternatively, if you want to install these manually, you can fetch the tarball
from L<http://www.cpan.org> and then run these commands:

    tar zxvf BackupPC-XS-0.50.tar.gz
    cd BackupPC-XS-0.50
    perl Makefile.PL
    make
    make test
    make install

The same sequence of commands can be used for each module.

Next, you should install rsync_bpc if you want to use rsync to backup clients
(which is the recommended approach for all client types).  If you don't use
your package manager, fetch the release from:

    https://github.com/backuppc/rsync-bpc/releases

Then run these commands (updating the version number as appropriate):

    tar zxf rsync-bpc-3.0.9.5.tar.gz
    cd rsync-bpc-3.0.9.5
    ./configure
    make
    make install

Now let's move onto BackupPC itself.  After fetching BackupPC-__VERSION__.tar.gz,
run these commands as root:

    tar zxf BackupPC-__VERSION__.tar.gz
    cd BackupPC-__VERSION__
    perl configure.pl

The configure.pl script also accepts command-line options if you
wish to run it in a non-interactive manner.  It has self-contained
documentation for all the command-line options, which you can
read with perldoc:

    perldoc configure.pl

Starting with BackupPC 3.0.0, the configure.pl script by default
complies with the file system hierarchy (FHS) conventions.  The
major difference compared to earlier versions is that by default
configuration files will be stored in /etc/BackupPC
rather than below the data directory, __TOPDIR__/conf,
and the log files will be stored in /var/log/BackupPC
rather than below the data directory, __TOPDIR__/log.

Note that distributions may choose to use different locations for
BackupPC files than these defaults.

If you are upgrading from an earlier version the configure.pl script
will keep the configuration files and log files in their original
location.

When you run configure.pl you will be prompted for the full paths
of various executables, and you will be prompted for the following
information.

=over 4

=item BackupPC User

It is best if BackupPC runs as a special user, eg backuppc, that has
limited privileges. It is preferred that backuppc belongs to a system
administrator group so that sysadmin members can browse BackupPC files,
edit the configuration files and so on. Although configurable, the
default settings leave group read permission on pool files, so make
sure the BackupPC user's group is chosen restrictively.

On this installation, this is __BACKUPPCUSER__.

For security purposes you might choose to configure the BackupPC
user with the shell set to /bin/false.  Since you might need to
run some BackupPC programs as the BackupPC user for testing
purposes, you can use the -s option to su to explicitly run
a shell, eg:

    su -s /bin/bash __BACKUPPCUSER__

Depending upon your configuration you might also need the -l option.

If the -s option is not available on your operating system, you can
specify the -m option to use your login shell as invoked shell:

    su -m __BACKUPPCUSER__

=item Data Directory

You need to decide where to put the data directory, below which
all the BackupPC data is stored.  This needs to be a big file system.

On this installation, this is __TOPDIR__.

=item Install Directory

You should decide where the BackupPC scripts, libraries and documentation
should be installed, eg: /usr/local/BackupPC.

On this installation, this is __INSTALLDIR__.

=item CGI bin Directory

You should decide where the BackupPC CGI script resides.  This will
usually be below Apache's cgi-bin directory.

It is also possible to use a different directory and use Apache's
``<Directory>'' directive to specify that location.  See the Apache
HTTP Server documentation for additional information.

On this installation, this is __CGIDIR__.

=item Apache image Directory

A directory where BackupPC's images are stored so that Apache can
serve them.  You should ensure this directory is readable by Apache and
create a symlink to this directory from the BackupPC CGI bin Directory.

=item Config and Log Directories

In this installation the configuration and log directories are
located in the following locations:

    __CONFDIR__/config.pl    main config file
    __CONFDIR__/hosts        hosts file
    __CONFDIR__/pc/HOST.pl   per-pc config file
    __LOGDIR__/BackupPC      log files, pid, status

The configure.pl script doesn't prompt for these locations but
they can be set for new installations using command-line options.

=back

=head2 Step 3: Setting up config.pl

After running configure.pl, browse through the config file,
__CONFDIR__/config.pl, and make sure all the default settings are
correct. In particular, you will need to decide whether to use
smb, tar,or rsync or ftp transport (or whether to set it on a
per-PC basis) and set the relevant parameters for that transport
method. See the section L<Step 5: Client Setup> for
more details.

=head2 Step 4: Setting up the hosts file

The file __CONFDIR__/hosts contains the list of clients to backup.
BackupPC reads this file in three cases:

=over 4

=item *

Upon startup.

=item *

When BackupPC is sent a HUP (-1) signal.  Assuming you installed the
init.d script, you can also do this with "/etc/init.d/backuppc reload".

=item *

When the modification time of the hosts file changes.  BackupPC
checks the modification time once during each regular wakeup.

=back

Whenever you change the hosts file (to add or remove a host) you can
either do a kill -HUP BackupPC_pid or simply wait until the next regular
wakeup period.

Each line in the hosts file contains three fields, separated
by whitespace:

=over 4

=item Host name

This is typically the hostname or NetBios name of the client machine
and should be in lowercase.  The hostname can contain spaces (escape
with a backslash), but it is not recommended.

Please read the section L<How BackupPC Finds Hosts>.

In certain cases you might want several distinct clients to refer
to the same physical machine.  For example, you might have a database
you want to backup, and you want to bracket the backup of the database
with shutdown/restart using $Conf{DumpPreUserCmd} and $Conf{DumpPostUserCmd}.
But you also want to backup the rest of the machine while the database
is still running.  In the case you can specify two different clients in
the host file, using any mnemonic name (eg: myhost_mysql and myhost), and
use $Conf{ClientNameAlias} in myhost_mysql's config.pl to specify the
real hostname of the machine.

=item DHCP flag

Starting with v2.0.0 the way hosts are discovered has changed and now
in most cases you should specify 0 for the DHCP flag, even if the host
has a dynamically assigned IP address.
Please read the section L<How BackupPC Finds Hosts>
to understand whether you need to set the DHCP flag.

You only need to set DHCP to 1 if your client machine doesn't
respond to the NetBios multicast request:

    nmblookup myHost

but does respond to a request directed to its IP address:

    nmblookup -A W.X.Y.Z

If you do set DHCP to 1 on any client you will need to specify the range of
DHCP addresses to search is specified in $Conf{DHCPAddressRanges}.

Note also that the $Conf{ClientNameAlias} feature does not work for
clients with DHCP set to 1.

=item User name

This should be the unix login/email name of the user who "owns" or uses
this machine. This is the user who will be sent email about this
machine, and this user will have permission to stop/start/browse/restore
backups for this host.  Leave this blank if no specific person should
receive email or be allowed to stop/start/browse/restore backups
for this host.  Administrators will still have full permissions.

=item More users

Additional usernames, separated by commas and with no whitespace,
can be specified.  These users will also have full permission in
the CGI interface to stop/start/browse/restore backups for this host.
These users will not be sent email about this host.

=back

The first non-comment line of the hosts file is special: it contains
the names of the columns and should not be edited.

Here's a simple example of a hosts file:

    host        dhcp    user      moreUsers
    farside     0       craig     jim,dave
    larson      1       gary      andy

=head2 Step 5: Client Setup

Four methods for getting backup data from a client are supported:
smb, tar, rsync and ftp.  Smb or rsync are the preferred methods
for WinXX clients and rsync or tar are the preferred methods for
linux/unix/MacOSX clients.

The transfer method is set using the $Conf{XferMethod} configuration
setting. If you have a mixed environment (ie: you will use smb for some
clients and tar for others), you will need to pick the most common
choice for $Conf{XferMethod} for the main config.pl file, and then
override it in the per-PC config file for those hosts that will use
the other method.  (Or you could run two completely separate instances
of BackupPC, with different data directories, one for WinXX and the
other for linux/unix, but then common files between the different
machine types will duplicated.)

Here are some brief client setup notes:

=over 4

=item WinXX

One setup for WinXX clients is to set $Conf{XferMethod} to "smb".
Actually, rsyncd is the better method for WinXX if you are prepared to
run rsync/cygwin on your WinXX client.

If you want to use rsyncd for WinXX clients you can find a pre-packaged
exe installer on L<https://github.com/backuppc/cygwin-rsyncd/releases>.
The package is called cygwin-rsync. It contains rsync.exe, template setup files
and the minimal set of cygwin libraries for everything to run.  The README file
contains instructions for running rsync as a service, so it starts
automatically everytime you boot your machine.  If you use rsync
to backup WinXX machines, be sure to set $Conf{ClientCharset}
correctly (eg: 'cp1252') so that the WinXX filename encoding is
correctly converted to utf8.

Otherwise, to use SMB, you can either create shares for the data you want
to backup or your can use the existing C$ share.  To create a new
share, open "My Computer", right click on the drive (eg: C), and
select "Sharing..." (or select "Properties" and select the "Sharing"
tab). In this dialog box you can enable sharing, select the share name
and permissions.

All Windows NT based OS (NT, 2000, XP Pro), are configured by default
to share the entire C drive as C$.  This is a special share used for
various administration functions, one of which is to grant access to backup
operators. All you need to do is create a new domain user, specifically
for backup. Then add the new backup user to the built in "Backup
Operators" group. You now have backup capability for any directory on
any computer in the domain in one easy step. This avoids using
administrator accounts and only grants permission to do exactly what you
want for the given user, i.e.: backup.
Also, for additional security, you may wish to deny the ability for this
user to logon to computers in the default domain policy.

If this machine uses DHCP you will also need to make sure the
NetBios name is set.  Go to Control Panel|System|Network Identification
(on Win2K) or Control Panel|System|Computer Name (on WinXP).
Also, you should go to Control Panel|Network Connections|Local Area
Connection|Properties|Internet Protocol (TCP/IP)|Properties|Advanced|WINS
and verify that NetBios is not disabled.

The relevant configuration settings are $Conf{SmbShareName},
$Conf{SmbShareUserName}, $Conf{SmbSharePasswd}, $Conf{SmbClientPath},
$Conf{SmbClientFullCmd}, $Conf{SmbClientIncrCmd} and
$Conf{SmbClientRestoreCmd}.

BackupPC needs to know the smb share username and password for a
client machine that uses smb.  The username is specified in
$Conf{SmbShareUserName}. There are four ways to tell BackupPC the
smb share password:

=over 4

=item *

As an environment variable BPC_SMB_PASSWD set before BackupPC starts.
If you start BackupPC manually the BPC_SMB_PASSWD variable must be set
manually first.  For backward compatibility for v1.5.0 and prior, the
environment variable PASSWD can be used if BPC_SMB_PASSWD is not set.
Warning: on some systems it is possible to see environment variables of
running processes.

=item *

Alternatively the BPC_SMB_PASSWD setting can be included in
/etc/init.d/backuppc, in which case you must make sure this file
is not world (other) readable.

=item *

As a configuration variable $Conf{SmbSharePasswd} in
__CONFDIR__/config.pl.  If you put the password
here you must make sure this file is not world (other) readable.

=item *

As a configuration variable $Conf{SmbSharePasswd} in the per-PC
configuration file (__CONFDIR__/pc/$host.pl or
__TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC).
You will have to use this option if the smb share password is different
for each host. If you put the password here you must make sure this file
is not world (other) readable.

=back

Placement and protection of the smb share password is a significant
security issue, so please double-check the file and directory
permissions.  In a future version there might be support for
encryption of this password, but a private key will still have to
be stored in a protected place.  Suggestions are welcome.

As an alternative to setting $Conf{XferMethod} to "smb" (using
smbclient) for WinXX clients, you can use an smb network filesystem (eg:
ksmbfs or similar) on your linux/unix server to mount the share,
and then set $Conf{XferMethod} to "tar" (use tar on the network
mounted file system).

Also, to make sure that filenames with special characters are correctly
transferred by smbclient you should make sure that the smb.conf file
has (for samba 3.x):

    [global]
	unix charset = UTF8

UTF8 is the default setting, so if the parameter is missing then it
is ok.  With this setting $Conf{ClientCharset} should be empty,
since smbclient has already converted the filenames to utf8.

=item Linux/Unix

The preferred setup for linux/unix clients is to set $Conf{XferMethod}
to "rsync", "rsyncd" or "tar".

You can use either rsync, smb, or tar for linux/unix machines. Smb requires
that the Samba server (smbd) be run to provide the shares. Since the smb
protocol can't represent special files like symbolic links and fifos,
tar and rsync are the better transport methods for linux/unix machines.
(In fact, by default samba makes symbolic links look like the file or
directory that they point to, so you could get an infinite loop if a
symbolic link points to the current or parent directory. If you really
need to use Samba shares for linux/unix backups you should turn off the
"follow symlinks" samba config setting. See the smb.conf manual page.)

Important note: many linux systems use sparse files for /var/log/lastlog,
and have large special files below /proc and /run.  Make sure you
exclude those directories and files when you configure your client.

The requirements for each Xfer Method are:

=over 4

=item rsync

To use rsync, you need rsync-bpc installed on the BackupPC server.

On the client, you should have at least rsync 3.x.  Rsync is run on
the remote client via ssh.

The relevant configuration settings are $Conf{RsyncClientPath},
$Conf{RsyncSshArgs}, $Conf{RsyncShareName}, $Conf{RsyncArgs},
$Conf{RsyncArgsExtra}, $Conf{RsyncFullArgsExtra}, and $Conf{RsyncRestoreArgs}.

=item rsyncd

To use rsync, you need rsync-bpc installed on the BackupPC server.

On the client, you should have at least rsync 3.x. In this case the
rsync daemon should be running on the client machine and BackupPC
connects directly to it.

The relevant configuration settings are $Conf{RsyncBackupPCPath},
$Conf{RsyncdClientPort}, $Conf{RsyncdUserName}, $Conf{RsyncdPasswd},
$Conf{RsyncShareName}, $Conf{RsyncArgs}, $Conf{RsyncArgsExtra}, and
$Conf{RsyncRestoreArgs}. $Conf{RsyncShareName} is the name of an rsync
module (ie: the thing in square brackets in rsyncd's conf file -- see
rsyncd.conf), not a file system path.

Be aware that rsyncd will remove the leading '/' from path names in
symbolic links if you specify "use chroot = no" in the rsynd.conf file.
See the rsyncd.conf manual page for more information.

=item tar

You must have GNU tar on the client machine.  Use "tar --version"
or "gtar --version" to verify.  The version should be at least
1.13.20.  Tar is run on the client machine via rsh or ssh.

The relevant configuration settings are $Conf{TarClientPath},
$Conf{TarShareName}, $Conf{TarClientCmd}, $Conf{TarFullArgs},
$Conf{TarIncrArgs}, and $Conf{TarClientRestoreCmd}.

=item ftp

FTP Xfer Method is supported in V4 but not recommended since it only
handles minimal metadata, it doesn't support hardlinks or special
files, and can only restore regular files (not symbolic links etc).

You need to be running an ftp server on the client machine.
The relevant configuration settings are $Conf{FtpShareName},
$Conf{FtpUserName}, $Conf{FtpPasswd}, $Conf{FtpBlockSize},
$Conf{FtpPort}, $Conf{FtpTimeout}, and $Conf{FtpFollowSymlinks}.

=back

You need to set $Conf{ClientCharset} to the client's charset so that
filenames are correctly converted to utf8.  Use "locale charmap"
on the client to see its charset.  Note, however, that modern versions
of smbclient and rsync handle this conversion automatically, so in
most cases you won't need to set $Conf{ClientCharset}.

For linux/unix machines you should not backup "/proc".  This directory
contains a variety of files that look like regular files but they are
special files that don't need to be backed up (eg: /proc/kcore is a
regular file that contains physical memory).  See $Conf{BackupFilesExclude}.
It is safe to backup /dev since it contains mostly character-special
and block-special files, which are correctly handed by BackupPC
(eg: backing up /dev/hda5 just saves the block-special file information,
not the contents of the disk).  Similarly, on many linux systems,
/var/log/lastlog is a sparse file, with a very large apparent size,
so you should exclude that too.

Alternatively, rather than backup all the file systems as a single
share ("/"), it is easier to restore a single file system if you backup
each file system separately.  To do this you should list each file system
mount point in $Conf{TarShareName} or $Conf{RsyncShareName}, and add the
--one-file-system option to $Conf{TarClientCmd} or $Conf{RsyncArgs}.
In this case there is no need to exclude /proc explicitly since it looks
like a different file system.

Ssh allows BackupPC to run as a privileged user on the client (eg:
root), since it needs sufficient permissions to read all the backup
files.  Ssh is setup so that BackupPC on the server (an otherwise low
privileged user) can ssh as root on the client, without being prompted
for a password.  However, directly enabled ssh root logins is not
good practice.  A better approach is the ssh as a regular user, and
then configure sudo to allow just rsync to be executed.

There are two common versions of ssh: v1 and v2. Here are some
instructions for one way to setup ssh.  (Check which version of SSH
you have by typing "ssh" or "man ssh".)

=item MacOSX

In general this should be similar to Linux/Unix machines.
In versions 10.4 and later, the native MacOSX tar works,
and also supports resource forks.  xtar is another option,
and rsync works too (although the MacOSX-supplied rsync
has an extension for extended attributes that is not
compatible with standard rsync).

=item SSH Setup

SSH is a secure way to run tar or rsync on a backup client to extract
the data.  SSH provides strong authentication and encryption of
the network data.

Note that if you run rsyncd (rsync daemon), ssh is not used.
In this case, rsyncd provides its own authentication, but there
is no encryption of network data.  If you want encryption of
network data you can use ssh to create a tunnel, or use a
program like stunnel.

Setup instructions for ssh can be found on the
Wiki at L<https://github.com/backuppc/backuppc/wiki>.

=item Clients that use DHCP

If a client machine uses DHCP BackupPC needs some way to find the
IP address given the hostname.  One alternative is to set dhcp
to 1 in the hosts file, and BackupPC will search a pool of IP
addresses looking for hosts.  More efficiently, it is better to
set dhcp = 0 and provide a mechanism for BackupPC to find the
IP address given the hostname.

For WinXX machines BackupPC uses the NetBios name server to determine
the IP address given the hostname.
For unix machines you can run nmbd (the NetBios name server) from
the Samba distribution so that the machine responds to a NetBios
name request. See the manual page and Samba documentation for more
information.

Alternatively, you can set $Conf{NmbLookupFindHostCmd} to any command
that returns the IP address given the hostname.

Please read the section L<How BackupPC Finds Hosts>
for more details.

=back

=head2 Step 6: Running BackupPC

The installation contains an init.d backuppc script that can be copied
to /etc/init.d so that BackupPC can auto-start on boot.
See init.d/README for further instructions.

BackupPC should be ready to start.  If you installed the init.d script,
then you should be able to run BackupPC with:

    /etc/init.d/backuppc start

(This script can also be invoked with "stop" to stop BackupPC and "reload"
to tell BackupPC to reload config.pl and the hosts file.)

Otherwise, just run

     __INSTALLDIR__/bin/BackupPC -d

as user __BACKUPPCUSER__.  The -d option tells BackupPC to run as a daemon
(ie: it does an additional fork).

Any immediate errors will be printed to stderr and BackupPC will quit.
Otherwise, look in __LOGDIR__/LOG and verify that BackupPC reports
it has started and all is ok.

=head2 Step 7: Talking to BackupPC

You should verify that BackupPC is running by using BackupPC_serverMesg.
This sends a message to BackupPC via the unix (or TCP) socket and prints
the response.  Like all BackupPC programs, BackupPC_serverMesg
should be run as the BackupPC user (__BACKUPPCUSER__), so you
should

    su __BACKUPPCUSER__

before running BackupPC_serverMesg.  If the BackupPC user is
configured with /bin/false as the shell, you can use the -s
option to su to explicitly run a shell, eg:

    su -s /bin/bash __BACKUPPCUSER__

Depending upon your configuration you might also need
the -l option.

If the -s option is not available on your operating system, you can
specify the -m option to use your login shell as invoked shell:

    su -m __BACKUPPCUSER__

You can request status information and start and stop backups using this
interface. This socket interface is mainly provided for the CGI interface
(and some of the BackupPC subprograms use it too).  But right now we just
want to make sure BackupPC is happy.  Each of these commands should
produce some status output:

    __INSTALLDIR__/bin/BackupPC_serverMesg status info
    __INSTALLDIR__/bin/BackupPC_serverMesg status jobs
    __INSTALLDIR__/bin/BackupPC_serverMesg status hosts

The output should be some hashes printed with Data::Dumper.  If it
looks cryptic and confusing, and doesn't look like an error message,
then all is ok.

The hosts status should produce a list of every host you have listed
in __CONFDIR__/hosts as part of a big cryptic output line.

You can also request that all hosts be queued:

    __INSTALLDIR__/bin/BackupPC_serverMesg backup all

At this point you should make sure the CGI interface works since
it will be much easier to see what is going on.  We'll get to that
shortly.

=head2 Step 8: Checking email delivery

The script BackupPC_sendEmail sends status and error emails to
the administrator and users.  It is usually run each night
by BackupPC_nightly.

To verify that it can run sendmail and deliver email correctly
you should ask it to send a test email to you:

    su __BACKUPPCUSER__
    __INSTALLDIR__/bin/BackupPC_sendEmail -u MYNAME@MYDOMAIN.COM

BackupPC_sendEmail also takes a -c option that checks if BackupPC
is running, and it sends an email to $Conf{EMailAdminUserName}
if it is not.  That can be used as a keep-alive check by adding

    __INSTALLDIR__/bin/BackupPC_sendEmail -c

to __BACKUPPCUSER__'s cron.

The -t option to BackupPC_sendEmail causes it to print the email
message instead of invoking sendmail to deliver the message.

=head2 Step 9: CGI interface

The CGI interface script, BackupPC_Admin, is a powerful and flexible
way to see and control what BackupPC is doing.  It is written for an
Apache server.  If you don't have Apache, see L<http://www.apache.org>.

There are three options for setting up the CGI interface:

=over 4

=item SCGI

New to 4.x, SCGI uses the SCGI interface to Apache, which requires
the mod_scgi.so module to be installed and loaded by Apache.  This
allows Apache to run as any unprivileged user.  The actual SCGI
server runs as the as the BackupPC user (__BACKUPPCUSER__), and
handles the requests from Apache via a TCP socket.

=item mod_perl

Mod_perl required the mod_perl module to be loaded by Apache.  This
allows BackupPC_Admin to be run from inside Apache.  Unlike SCGI,
using mod_perl with BackupPC_Admin requires a dedicated Apache to
be run as the BackupPC user (__BACKUPPCUSER__).  This is because
BackupPC_Admin needs permission to access various files in BackupPC's
data directories.

=item standard

The standard mode, which is significantly slower than SCGI or
mod_perl, is where Apache runs BackupPC_Admin as a separate process
for every request.  This adds significant startup overhead for every
request, and also requires that BackupPC_Admin be run as setuid to
the BackupPC user (__BACKUPPCUSER__), if Apache isn't being run as
that user.  Setuid scripts are discouraged, so the preference is to
use SCGI or mod_perl.

=back

Here are some specifics for each setup:

=over 4

=item SCGI Setup

First you need to install mod_scgi.  If you can't find a pre-built
package, the source is available at L<http://python.ca/scgi>.  The
release has subdirectories for apache1 and apache2.  Pick your
matching version (nowadays most likely apache2).  You'll need apxs,
the Apache Extension Tool, installed to build from source.  Once
compiled, the module mod_scgi.so should be installed via the Makefile.

To enable the SCGI server, set $Conf{SCGIServerPort} to an available
non-privileged TCP port number, eg: 10268.  The matching port number
has to appear in the Apache configuration file.  Typical Apache
configuration entries will look like this:

    LoadModule scgi_module modules/mod_scgi.so
    SCGIMount /BackupPC_Admin 127.0.0.1:10268
    <Location /BackupPC_Admin>
        AuthUserFile /etc/httpd/conf/passwd
        AuthType basic
        AuthName "access"
        require valid-user
    </Location>

Or a typical Nginx configuration file:

    server {
        listen 80;
        server_name yourBackupPCServerHost;

        root  /var/www/backuppc;

        access_log  /var/log/nginx/backuppc.access.log;
        error_log   /var/log/nginx/backuppc.error.log;

        location /BackupPC_Admin {
            auth_basic "BackupPC";
            auth_basic_user_file conf.d/backuppc.users;

            include   scgi_params;
            scgi_pass 127.0.0.1:10268;
	        scgi_param REMOTE_USER $remote_user;
	        scgi_param SCRIPT_NAME $document_uri;
        }
    }

This allows the SCGI interface to be accessed with a URL:

    http://yourBackupPCServerHost/BackupPC_Admin

You can use a different path or name if you prefer a different URL.
Unlike traditional CGI, there is no need to specify a valid path to
a CGI script.

Important security warning!!  The SCGIServerPort must not be
accessible by anyone untrusted.  That means you can't allow
untrusted users access to the BackupPC server, and you should
block the SCGIServerPort TCP port on the BackupPC server.  If you
don't understand what that means, or can't confirm you have
configured SCGI securely, then don't enable SCGI - use one of
the following two methods!!

=item Mod_perl Setup

The advantage of the mod_perl setup is that no setuid script is
needed (like in the standard method below), and there is a significant
performance advantage.  Not only does all the perl code need to be
parsed just once, the config.pl and hosts files, plus the connection
to the BackupPC server are cached between requests.  The typical
speedup is around 10-15x.

To use mod_perl you need to run Apache as user __BACKUPPCUSER__.
If you need to run multiple Apaches for different services then
you need to create multiple top-level Apache directories, each
with their own config file.  You can make copies of /etc/init.d/httpd
and use the -d option to httpd to point each http to a different
top-level directory.  Or you can use the -f option to explicitly
point to the config file.  Multiple Apache's will run on different
Ports (eg: 80 is standard, 8080 is a typical alternative port accessed
via http://yourhost.com:8080).

Inside BackupPC's Apache http.conf file you should check the
settings for ServerRoot, DocumentRoot, User, Group, and Port.  See
L<http://httpd.apache.org/docs/server-wide.html> for more details.

For mod_perl, BackupPC_Admin should not have setuid permission, so
you should turn it off:

    chmod u-s __CGIDIR__/BackupPC_Admin

To tell Apache to use mod_perl to execute BackupPC_Admin, add this
to Apache's 1.x httpd.conf file:

    <IfModule mod_perl.c>
	PerlModule Apache::Registry
	PerlTaintCheck On
	<Location /cgi-bin/BackupPC/BackupPC_Admin>   # <--- change path as needed
	   SetHandler perl-script
	   PerlHandler Apache::Registry
	   Options ExecCGI
	   PerlSendHeader On
	</Location>
    </IfModule>

Apache 2.0.44 with Perl 5.8.0 on RedHat 7.1, Don Silvia reports that
this works (with tweaks from Michael Tuzi):

    LoadModule perl_module modules/mod_perl.so
    PerlModule Apache2

    <Directory /path/to/cgi/>
	SetHandler perl-script
	PerlResponseHandler ModPerl::Registry
	PerlOptions +ParseHeaders
	Options +ExecCGI
	Order deny,allow
	Deny from all
	Allow from 192.168.0
	AuthName "Backup Admin"
	AuthType Basic
	AuthUserFile /path/to/user_file
	Require valid-user
    </Directory>

There are other optimizations and options with mod_perl.  For
example, you can tell mod_perl to preload various perl modules,
which saves memory compared to loading separate copies in every
Apache process after they are forked.  See Stas's definitive
mod_perl guide at L<http://perl.apache.org/guide>.

=item Standard Setup

The CGI interface should have been installed by the configure.pl script
in __CGIDIR__/BackupPC_Admin.  BackupPC_Admin should have been installed
as setuid to the BackupPC user (__BACKUPPCUSER__), in addition to user
and group execute permission.

You should be very careful about permissions on BackupPC_Admin and
the directory __CGIDIR__: it is important that normal users cannot
directly execute or change BackupPC_Admin, otherwise they can access
backup files for any PC. You might need to change the group ownership
of BackupPC_Admin to a group that Apache belongs to so that Apache
can execute it (don't add "other" execute permission!).
The permissions should look like this:

    ls -l __CGIDIR__/BackupPC_Admin
    -swxr-x---    1 __BACKUPPCUSER__   web      82406 Jun 17 22:58 __CGIDIR__/BackupPC_Admin

The setuid script won't work unless perl on your machine was installed
with setuid emulation.  This is likely the problem if you get an error
saying such as "Wrong user: my userid is 25, instead of 150", meaning
the script is running as the httpd user, not the BackupPC user.
This is because setuid scripts are disabled by the kernel in most
flavors of unix and linux.

To see if your perl has setuid emulation, see if there is a program
called sperl5.8.0 (or sperl5.8.2 etc, based on your perl version)
in the place where perl is installed. If you can't find this program,
then you have two options: rebuild and reinstall perl with the setuid
emulation turned on (answer "y" to the question "Do you want to do
setuid/setgid emulation?" when you run perl's configure script), or
switch to the mod_perl alternative for the CGI script (which doesn't
need setuid to work).

=back

BackupPC_Admin requires that users are authenticated by Apache.
Specifically, it expects that Apache sets the REMOTE_USER environment
variable when it runs.  There are several ways to do this.  One way
is to create a .htaccess file in the cgi-bin directory that looks like:

    AuthGroupFile /etc/httpd/conf/group    # <--- change path as needed
    AuthUserFile /etc/http/conf/passwd     # <--- change path as needed
    AuthType basic
    AuthName "access"
    require valid-user

You will also need "AllowOverride Indexes AuthConfig" in the Apache
httpd.conf file to enable the .htaccess file. Alternatively, everything
can go in the Apache httpd.conf file inside a Location directive. The
list of users and password file above can be extracted from the NIS
passwd file.

One alternative is to use LDAP.  In Apache's http.conf add these lines:

    LoadModule auth_ldap_module   modules/auth_ldap.so
    AddModule auth_ldap.c

    # cgi-bin - auth via LDAP (for BackupPC)
    <Location /cgi-bin/BackupPC/BackupPC_Admin>    # <--- change path as needed
      AuthType Basic
      AuthName "BackupPC login"
      # replace MYDOMAIN, PORT, ORG and CO as needed
      AuthLDAPURL ldap://ldap.MYDOMAIN.com:PORT/o=ORG,c=CO?uid?sub?(objectClass=*)
      require valid-user
    </Location>

If you want to disable the user authentication you can set
$Conf{CgiAdminUsers} to '*', which allows any user to have
full access to all hosts and backups.  In this case the REMOTE_USER
environment variable does not have to be set by Apache.

Alternatively, you can force a particular username by getting Apache
to set REMOTE_USER, eg, to hard code the user to www you could add
this to Apache's httpd.conf:

    <Location /cgi-bin/BackupPC/BackupPC_Admin>   # <--- change path as needed
        Setenv REMOTE_USER www
    </Location>

Finally, you should also edit the config.pl file and adjust, as necessary,
the CGI-specific settings.  They're near the end of the config file. In
particular, you should specify which users or groups have administrator
(privileged) access: see the config settings $Conf{CgiAdminUserGroup}
and $Conf{CgiAdminUsers}.  Also, the configure.pl script placed various
images into $Conf{CgiImageDir} that BackupPC_Admin needs to serve
up.  You should make sure that $Conf{CgiImageDirURL} is the correct
URL for the image directory.

See the section L<Fixing installation problems> for suggestions on debugging the Apache authentication setup.

=head2 How BackupPC Finds Hosts

Starting with v2.0.0 the way hosts are discovered has changed.  In most
cases you should specify 0 for the DHCP flag in the conf/hosts file,
even if the host has a dynamically assigned IP address.

BackupPC (starting with v2.0.0) looks up hosts with DHCP = 0 in this manner:

=over 4

=item *

First DNS is used to lookup the IP address given the client's name
using perl's gethostbyname() function.  This should succeed for machines
that have fixed IP addresses that are known via DNS.  You can manually
see whether a given host have a DNS entry according to perl's
gethostbyname function with this command:

    perl -e 'print(gethostbyname("myhost") ? "ok\n" : "not found\n");'

=item *

If gethostbyname() fails, BackupPC then attempts a NetBios multicast to
find the host.  Provided your client machine is configured properly,
it should respond to this NetBios multicast request.  Specifically,
BackupPC runs a command of this form:

    nmblookup myhost

If this fails you will see output like:

    querying myhost on 10.10.255.255
    name_query failed to find name myhost

If it is successful you will see output like:

    querying myhost on 10.10.255.255
    10.10.1.73 myhost<00>

Depending on your netmask you might need to specify the -B option to
nmblookup.  For example:

    nmblookup -B 10.10.1.255 myhost

If necessary, experiment with the nmblookup command which will return the
IP address of the client given its name.  Then update
$Conf{NmbLookupFindHostCmd} with any necessary options to nmblookup.

=back

For hosts that have the DHCP flag set to 1, these machines are
discovered as follows:

=over 4

=item *

A DHCP address pool ($Conf{DHCPAddressRanges}) needs to be specified.
BackupPC will check the NetBIOS name of each machine in the range using
a command of the form:

    nmblookup -A W.X.Y.Z

where W.X.Y.Z is each candidate address from $Conf{DHCPAddressRanges}.
Any host that has a valid NetBIOS name returned by this command (ie:
matching an entry in the hosts file) will be backed up.  You can
modify the specific nmblookup command if necessary via $Conf{NmbLookupCmd}.

=item *

You only need to use this DHCP feature if your client machine doesn't
respond to the NetBios multicast request:

    nmblookup myHost

but does respond to a request directed to its IP address:

    nmblookup -A W.X.Y.Z

=back

=head2 Other installation topics

=over 4

=item Removing a client

If there is a machine that no longer needs to be backed up (eg: a retired
machine) you have two choices.  First, you can keep the backups accessible
and browsable, but disable all new backups.  Alternatively, you can
completely remove the client and all its backups.

To disable backups for a client $Conf{BackupsDisable} can be
set to two different values in that client's per-PC config.pl file:

=over 4

=item 1

Don't do any regular backups on this machine.  Manually
requested backups (via the CGI interface) will still occur.

=item 2

Don't do any backups on this machine.  Manually requested
backups (via the CGI interface) will be ignored.

=back

This will still allow the client's old backups to be browsable
and restorable.

To completely remove a client and all its backups, you should remove its
entry in the conf/hosts file, and then delete the __TOPDIR__/pc/$host
directory.  Whenever you change the hosts file, you should send
BackupPC a HUP (-1) signal so that it re-reads the hosts file.
If you don't do this, BackupPC will automatically re-read the
hosts file at the next regular wakeup.

Note that when you remove a client's backups you won't initially
recover much disk space.  That's because the client's files are
still in the pool.  Overnight, when BackupPC_nightly next runs,
all the unused pool files will be deleted and this will recover
the disk space used by the client's backups.

=item Copying the pool

If the pool disk requirements grow you might need to copy the entire
data directory to a new (bigger) file system.  Hopefully you are lucky
enough to avoid this by having the data directory on a RAID file system
or LVM that allows the capacity to be grown in place by adding disks.

Backups prior to V4 make extensive use of hardlinks.  So unless you have
a virgin V4 installation, your file system will contain large numbers
of hardlinks.  This makes it hard to copy.

Prior to V4 (or a V4 upgrade to a V3 installation), the backup data
directories contain large numbers of hardlinks.  If you try to copy
the pool the target directory will occupy a lot more space if the
hardlinks aren't re-established.

Unless you have a pure V4 installation, the best way to copy a pool
file system, if possible, is by copying the raw device at the block
level (eg: using dd).  Application level programs that understand
hardlinks include the GNU cp program with the -a option and rsync -H.
However, the large number of hardlinks in the pool will make the
memory usage large and the copy very slow.  Don't forget to stop
BackupPC while the copy runs.

If you have a pure V4 installation, copying the pool and PC backup
directories should be quite easy.  Rsync 3.x should work well.

=back

=head2 Fixing installation problems

If you find a solution to your problem that could help other users
please add it to the Wiki at L<https://github.com/backuppc/backuppc/wiki>.

=head1 Restore functions

BackupPC supports several different methods for restoring files. The
most convenient restore options are provided via the CGI interface.
Alternatively, backup files can be restored using manual commands.

=head2 CGI restore options

By selecting a host in the CGI interface, a list of all the backups
for that machine will be displayed.  By selecting the backup number
you can navigate the shares and directory tree for that backup.

BackupPC's CGI interface automatically fills incremental backups
with the corresponding full backup, which means each backup has
a filled appearance.  Therefore, there is no need to do multiple
restores from the incremental and full backups: BackupPC does all
the hard work for you.  You simply select the files and directories
you want from the correct backup vintage in one step.

You can download a single backup file at any time simply by selecting
it.  Your browser should prompt you with the filename and ask you
whether to open the file or save it to disk.

Alternatively, you can select one or more files or directories in
the currently selected directory and select "Restore selected files".
(If you need to restore selected files and directories from several
different parent directories you will need to do that in multiple
steps.)

If you select all the files in a directory, BackupPC will replace
the list of files with the parent directory.  You will be presented
with a screen that has three options:

=over 4

=item Option 1: Direct Restore

With this option the selected files and directories are restored
directly back onto the host, by default in their original location.
Any old files with the same name will be overwritten, so use caution.
You can optionally change the target hostname, target share name,
and target path prefix for the restore, allowing you to restore the
files to a different location.

Once you select "Start Restore" you will be prompted one last time
with a summary of the exact source and target files and directories
before you commit.  When you give the final go ahead the restore
operation will be queued like a normal backup job, meaning that it
will be deferred if there is a backup currently running for that host.
When the restore job is run, smbclient, tar, rsync or rsyncd is used
(depending upon $Conf{XferMethod}) to actually restore the files.
Sorry, there is currently no option to cancel a restore that has been
started.  Currently ftp restores are not fully implemented.

A record of the restore request, including the result and list of
files and directories, is kept.  It can be browsed from the host's
home page.  $Conf{RestoreInfoKeepCnt} specifies how many old restore
status files to keep.

Note that for direct restore to work, the $Conf{XferMethod} must
be able to write to the client.  For example, that means an SMB
share for smbclient needs to be writable, and the rsyncd module
needs "read only" set to "false".  This creates additional security
risks.  If you only create read-only SMB shares (which is a good
idea), then the direct restore will fail.  You can disable the
direct restore option by setting $Conf{SmbClientRestoreCmd},
$Conf{TarClientRestoreCmd} and $Conf{RsyncRestoreArgs} to undef.

=item Option 2: Download Zip archive

With this option a zip file containing the selected files and directories
is downloaded.  The zip file can then be unpacked or individual files
extracted as necessary on the host machine. The compression level can be
specified.  A value of 0 turns off compression.

When you select "Download Zip File" you should be prompted where to
save the restore.zip file.

BackupPC does not consider downloading a zip file as an actual
restore operation, so the details are not saved for later browsing
as in the first case.  However, a mention that a zip file was
downloaded by a particular user, and a list of the files, does
appear in BackupPC's log file.

=item Option 3: Download Tar archive

This is identical to the previous option, except a tar file is downloaded
rather than a zip file (and there is currently no compression option).

=back

=head2 Command-line restore options

Apart from the CGI interface, BackupPC allows you to restore files
and directories from the command line.  The following programs can
be used:

=over 4

=item BackupPC_zcat

For each filename argument it inflates (uncompresses) the file and
writes it to stdout.  To use BackupPC_zcat you could give it the
full filename, eg:

    __INSTALLDIR__/bin/BackupPC_zcat __TOPDIR__/pc/host/5/fc/fcraig/fexample.txt > example.txt

It's your responsibility to make sure the file is really compressed:
BackupPC_zcat doesn't check which backup the requested file is from.
BackupPC_zcat returns a nonzero status if it fails to uncompress
a file.

In V4, BackupPC_zcat can be invoked in several other ways:

    BackupPC_zcat file...
    BackupPC_zcat MD5_digest...
    BackupPC_zcat $TopDir/pc/host/num/share/mangledPath...
    BackupPC_zcat [-h host] [-n num] [-s share] clientPath...

For example, you can do this:

    BackupPC_zcat d73955e08410dfc5ea8069b05d2f43b2

That digest can be pasted from the output of BackupPC_ls.

The last form uses unmangled paths, so you can do this:

    BackupPC_zcat -h HOST -n 10 -s / /home/craig/file

You can also mix real paths with unmangled paths.  Both of these versions work:

    BackupPC_zcat /data/BackupPC/pc/HOST/10/fhome/fcraig/ffile
    BackupPC_zcat /data/BackupPC/pc/HOST/10/home/craig/file

=item BackupPC_tarCreate

BackupPC_tarCreate creates a tar file for any files or directories in
a particular backup.  Merging of incrementals is done automatically,
so you don't need to worry about whether certain files appear in the
incremental or full backup.

The usage is:

    BackupPC_tarCreate [options] files/directories...
    Required options:
       -h host         host from which the tar archive is created
       -n dumpNum      dump number from which the tar archive is created
                       A negative number means relative to the end (eg -1
                       means the most recent dump, -2 2nd most recent etc).
       -s shareName    share name from which the tar archive is created;
                       can be "*" to mean all shares.

    Other options:
       -t              print summary totals
       -r pathRemove   path prefix that will be replaced with pathAdd
       -p pathAdd      new path prefix
       -b BLOCKS       BLOCKS x 512 bytes per record (default 20; same as tar)
       -w writeBufSz   write buffer size (default 1048576 = 1MB)
       -e charset      charset for encoding filenames (default: value of
                       $Conf{ClientCharset} when backup was done)
       -l              just print a file listing; don't generate an archive
       -L              just print a detailed file listing; don't generate an archive

The command-line files and directories are relative to the specified
shareName.  The tar file is written to stdout.

The -h, -n and -s options specify which dump is used to generate
the tar archive.  The -r and -p options can be used to relocate
the paths in the tar archive so extracted files can be placed
in a location different from their original location.

=item BackupPC_zipCreate

BackupPC_zipCreate creates a zip file for any files or directories in
a particular backup.  Merging of incrementals is done automatically,
so you don't need to worry about whether certain files appear in the
incremental or full backup.

The usage is:

    BackupPC_zipCreate [options] files/directories...
    Required options:
       -h host         host from which the zip archive is created
       -n dumpNum      dump number from which the tar archive is created
                       A negative number means relative to the end (eg -1
                       means the most recent dump, -2 2nd most recent etc).
       -s shareName    share name from which the zip archive is created

    Other options:
       -t              print summary totals
       -r pathRemove   path prefix that will be replaced with pathAdd
       -p pathAdd      new path prefix
       -c level        compression level (default is 0, no compression)
       -e charset      charset for encoding filenames (default: utf8)

The command-line files and directories are relative to the specified
shareName.  The zip file is written to stdout. The -h, -n and -s
options specify which dump is used to generate the zip archive.  The
-r and -p options can be used to relocate the paths in the zip archive
so extracted files can be placed in a location different from their
original location.

=item BackupPC_ls

In V3, a full (or filled) backup tree contains all the files, albeit with "mangled"
names, and the file contents are compressed.  Some users found it convenient to
directly navigate a PC's backup tree to check for files.

In V4 that is not possible, since only a single attrib file is stored per directory
in the PC backup tree, so the directory contents aren't visible without looking in
the attrib file.

A new utility BackupPC_ls (like "ls") can be used to view PC backup trees.  It shows file digests,
which can be pasted to BackupPC_zcat if you want to view the file contents.  The arguments
are similar to BackupPC_zcat.  The usage is:

    BackupPC_ls [-iR] [-h host] [-n bkupNum] [-s shareName] dirs/files...

The -i option will show inodes (inode number and number of links).  The -R option recurses into
directories.

If you don't specify -h, -n and -s, then you can specify the real file system path instead.
For example, the following three commands are equivalent:

    BackupPC_ls -h HOST -n 10 -s cDrive /home/craig/file
    BackupPC_ls /data/BackupPC/pc/HOST/10/fcDrive/fhome/fcraig/ffile
    BackupPC_ls /data/BackupPC/pc/HOST/10/cDrive/home/craig/file

As you can see, the portion of the full path after the backup number can
be either mangled or not.  Note that using the mangled form allows directory-name
completion via the shell, since those directories actually exist.

It would be great if someone would like to volunteer to add features to BackupPC_ls
to make file and directory completion work with unmangled names via the shell.  In
tcsh you can specify a completion program to run - BackupPC_ls could be given special
arguments to spit out the potential (unmangled) completions.  I'm not sure how bash
does this.

=back

Each of these programs reside in __INSTALLDIR__/bin.

=head1 Archive functions

BackupPC supports archiving to removable media. For users that require
offsite backups, BackupPC can create archives that stream to tape
devices, or create files of specified sizes to fit onto cd or dvd media.

Each archive type is specified by a BackupPC host with its XferMethod
set to 'archive'. This allows for multiple configurations at sites where
there might be a combination of tape and cd/dvd backups being made.

BackupPC provides a menu that allows one or more hosts to be archived.
The most recent backup of each host is archived using BackupPC_tarCreate,
and the output is optionally compressed and split into fixed-sized
files (eg: 650MB).

The archive for each host is done by default using
__INSTALLDIR__/bin/BackupPC_archiveHost.  This script can be copied
and customized as needed.

=head2 Configuring an Archive Host

To create an Archive Host, add it to the hosts file just as any other host
and call it a name that best describes the type of archive, e.g. ArchiveDLT

To tell BackupPC that the Host is for Archives, create a config.pl file in
the Archive Hosts's pc directory, adding the following line:

$Conf{XferMethod} = 'archive';

To further customise the archive's parameters you can add the changed
parameters in the host's config.pl file. The parameters are explained in
the config.pl file.  Parameters may be fixed or the user can be allowed
to change them (eg: output device).

The per-host archive command is $Conf{ArchiveClientCmd}.  By default
this invokes

     __INSTALLDIR__/bin/BackupPC_archiveHost

which you can copy and customize as necessary.

=head2 Starting an Archive

In the web interface, click on the Archive Host you wish to use. You will see a
list of previous archives and a summary on each. By clicking the "Start Archive"
button you are presented with the list of hosts and the approximate backup size
(note this is raw size, not projected compressed size) Select the hosts you wish
to archive and press the "Archive Selected Hosts" button.

The next screen allows you to adjust the parameters for this archive run.
Press the "Start the Archive" to start archiving the selected hosts with the
parameters displayed.

=head2 Starting an Archive from the command line

The script BackupPC_archiveStart can be used to start an archive from
the command line (or cron etc).  The usage is:

    BackupPC_archiveStart archiveHost userName hosts...

This creates an archive of the most recent backup of each of
the specified hosts.  The first two arguments are the archive
host and the username making the request.

=head1 Other Command Line Utilities

These utilities are automatically run by BackupPC when needed.  You don't
need to manually run these utilities.

=over

=item BackupPC_attribPrint

BackupPC_attribPrint prints the contents of an attrib file.  Usage:

	BackupPC_attribPrint attribPath
	BackupPC_attribPrint inodePath/inodeNum

=item BackupPC_backupDelete

BackupPC_backupDelete deletes an entire backup, or a directory path within a backup.  Usage:

    BackupPC_backupDelete -h host -n num [-p] [-l] [-r] [-s shareName [dirs...]]
    Options:
       -h host         hostname
       -n num          backup number to delete
       -s shareName    don't delete the backup; delete just this share
                       (or only dirs below this share if specified)
       -p              don't print progress information
       -l              don't remove XferLOG files
       -r              do a ref count update (default: none)
    If a shareName is specified, just that share (or share/dirs) are deleted.
    The backup itself is not deleted, nor is the log file removed.

=item BackupPC_backupDuplicate

BackupPC_backupDuplicate duplicates the last backup, which is used to create a filled backup
copy, and also to convert a V3 backup to a new V4 starting point.  Usage:

    BackupPC_backupDuplicate -h host [-p]
    Options:
       -h host         hostname
       -p              don't print progress information

=item BackupPC_fixupBackupSummary

BackupPC_fixupBackupSummary is used to re-create the backups file for all the hosts if it
is damaged or deleted.  Usage:

    BackupPC_fixupBackupSummary [-l]
    Options:
      -l    legacy mode: try to reconstruct backups from LOG
            files for backups prior to BackupPC v3.0.

=item BackupPC_fsck

BackupPC_fsck can only be run manually, and only while BackupPC isn't running.  It updates
the host reference counts, the overall pool reference counts and stats.  Usage:

    BackupPC_fsck [options]
    Options:
       -f              force regeneration of per-host reference counts
       -n              don't remove zero count pool files - print only
       -s              recompute pool stats

=item BackupPC_migrateV3toV4

If you upgraded an existing 3.x installation, BackupPC 4.x is backward compatible with 3.x backups:
it can browse, view and restore files.  However, the existing 3.x backups will still use hardlinks
for storage, and until those 3.x backups eventually expire, hardlinks will still be used for 3.x
backups.

BackupPC_migrateV3toV4 is an optional utility that can migrate existing 3.x backups to 4.x stoage
format, eliminating hardlinks.  This allows you to eliminate the old V3 pool and you can then
set $Conf{PoolV3Enabled} to 0.

    BackupPC_migrateV3toV4 -a [-m] [-p] [-v]
    BackupPC_migrateV3toV4 -h host [-n V3backupNum] [-m] [-p] [-v]
    Options:
       -a              migrate all hosts and all backups
       -h host         migrate just a specific host
       -n V3backupNum  migrate specific host backup; does all V3 backups
      		       for that host if not specified
       -m              don't migrate anything; just print what would be done
       -p              don't print progress information
       -v              verbose

The BackupPC server should not be running when you run BackupPC_migrateV3toV4.
It will check and exit if the BackupPC server is running.

If you want to test BackupPC_migrateV3toV4, a cautious approach is to make
backup copies of the V3 backups, allowing you to restore them if there is
any issue.  For example, if exampleHost has three 3.x backups numbered 5,
6, 7, you can use cp -prl (preserving hardlinks) to make copies:

    cd /data/BackupPC/pc/exampleHost
    mv 5 5.orig ; cp -prl 5.orig 5
    mv 6 6.orig ; cp -prl 6.orig 6
    mv 7 7.orig ; cp -prl 7.orig 7
    cp backups backups.save

    BackupPC_migrateV3toV4 -h exampleHost -n 5
    BackupPC_migrateV3toV4 -h exampleHost -n 6
    BackupPC_migrateV3toV4 -h exampleHost -n 7

If you want to put things back the way they were:

    rm -rf 5 ; mv 5.orig 5
    rm -rf 6 ; mv 6.orig 6
    rm -rf 7 ; mv 7.orig 7
    # copy the [567] lines from backups.save into backups;
    # only do "cp backups.save backups" if you are sure no
    # new backups have been done

Two important things to note with BackupPC_migrateV3toV4.  First, V4
storage does use more filesystem inodes than V3 (that's the small cost
of getting rid of hardlinks).  In particular, each directory in a backup
tree uses two inodes in V4 (one for the directory, and one for the (empty)
attrib file), and only one inode in V3 (one for the directory, and the
attrib and all other files are hardlinked to the pool).  So before you run
BackupPC_migrateV3toV4, make sure you have enough inodes in __TOPDIR__;
use df -i to make sure you are under 45% inode usage.

Secondly, if you run BackupPC_migrateV3toV4 on all your backups, the
old V3 pool should be empty, except for old-style attrib files, which
should all have only one link since no backups should reference them any
longer.  Before you turn off the V3 pool by setting $Conf{PoolV3Enabled}
to 0, make sure BackupPC_nightly has run enough times (specifically,
$Conf{PoolSizeNightlyUpdatePeriod} times) so that the V3 pool can be
emptied.  You could do this manually, but only if you are very careful
to check that the remaining files only have one link.

=item BackupPC_poolCntPrint

BackupPC_poolCntPrint is used to print reference count information, either per-backup,
per-host or for the entire pool depending on the file path you use.

If you provide a hex md5 digest, the entire pool count for that digest is printed.
Usage:

    BackupPC_poolCntPrint [poolCntFilePath|hexDigest]...

=item BackupPC_refCountUpdate

BackupPC_refCountUpdate is used to either update the per-backup and
per-host reference counts, or the system-wide reference counts. It
is used by BackupPC_dump, BackupPC_nightly, BackupPC_backupDelete,
BackupPC_backupDuplicate and BackupPC_fsck.  Usage:

    BackupPC_refCountUpdate -h HOST [-c] [-f] [-F] [-o N] [-p] [-v]
        With no other args, updates count db on backups with poolCntDelta files
        and computers the host's total reference counts.  Also builds refCnt for
        any >=4.0 backups without refCnts.
          -f     - do an fsck on this HOST, which involves a rebuild of the
                   last two backup refCnts.  poolCntDelta files are ignored.
                   Also forces fsck if requested by needFsck flag files
                   in TopDir/pc/HOST/refCnt.  Equivalent to -o 2.
          -F     - rebuild all the >=4.0 per-backup refCnt files for this
                   host.  Equivalent to -o 3.
          -c     - compare current count db to new db before replacing
          -o N   - override $Conf{RefCntFsck}.
          -p     - don't show progress
          -v     - verbose
      Notes: in case there are legacy (ie: <=4.0.0alpha3) unapplied poolCntDelta
      files in TopDir/pc/HOST/refCnt then the -f flag is turned on.

    BackupPC_refCountUpdate -m [-f] [-p] [-c] [-r N-M] [-s] [-v] [-P phase]
          -m       Updates main count db, based on each HOST
          -f     - do an fsck on all the hosts, ignoring poolCntDelta files,
                   and replacing each host's count db.  Will wait for backups
                   to finish if any are running.
          -F     - rebuild all the >=4.0 per-backup refCnt files.
          -p     - don't show progress
          -c     - clean pool files
          -r N-M - process a subset of the main count db, 0 <= N <= M <= 255
          -s     - prints stats
          -v     - verbose
          -P phase Phase from 0..15 each time we run BackupPC_nightly.  Used
                   to compute exact pool size for portions of the pool based
                   on the phase and $Conf{PoolSizeNightlyUpdatePeriod}.

=back

=head1 Other CGI Functions

=head2 Configuration and Host Editor

The CGI interface has a complete configuration and host editor.
Only the administrator can edit the main configuration settings
and hosts.  The edit links are in the left navigation bar.

When changes are made to any parameter a "Save" button appears
at the top of the page.  If you are editing a text box you will
need to click outside of the text box to make the Save button
appear.  If you don't select Save then the changes won't be saved.

The host-specific configuration can be edited from the host
summary page using the link in the left navigation bar.
The administrator can edit any of the host-specific
configuration settings.

When editing the host-specific configuration, each parameter has
an "override" setting that denotes the value is host-specific,
meaning that it overrides the setting in the main configuration.
If you deselect "override" then the setting is removed from
the host-specific configuration, and the main configuration
file is displayed.

User's can edit their host-specific configuration if enabled
via $Conf{CgiUserConfigEditEnable}.  The specific subset
of configuration settings that a user can edit is specified
with $Conf{CgiUserConfigEdit}.  It is recommended to make this
list short as possible (you probably don't want your users saving
dozens of backups) and it is essential that they can't edit any
of the Cmd configuration settings, otherwise they can specify
an arbitrary command that will be executed as the BackupPC
user.

=head2 RSS

BackupPC supports a very basic RSS feed.  Provided you have the
XML::RSS perl module installed, a URL similar to this will
provide RSS information:

    http://localhost/cgi-bin/BackupPC/BackupPC_Admin?action=rss

This feature is experimental.  The information included will
probably change.

=head1 BackupPC Design

=head2 Some design issues

=over 4

=item Pooling common files

To see if a file is already in the pool, an MD5 digest of the file
contents is used.  This can't guarantee a file is identical: it
just reduces the search to often a single file or handful of files.

Depending on the Xfer method and settings, a complete file comparison
is done to verify if two files are really the same.

Prior to V4, identical files on multiples backups are represented
by hard links.  Hardlinks are used so that identical files all refer
to the same physical file on the server's disk. Also, hard links
maintain reference counts so that BackupPC knows when to delete
unused files from the pool.

In V4+, hardlinks are not used and reference counting is done at the
application level.  It is done in a batch manner, which simplifies
the implementation.

For the computer-science majors among you, you can think of the pooling
system used by BackupPC as just a chained hash table stored on a (big)
file system.

=item The hashing function

In V4+, the file digest is the MD5 digest of the complete file.
While MD5 collisions are now well known, and can be easily constructed,
in real use collisions will be extremely unlikely.

Prior to V4, just a portion of all but the smallest files was used
for the digest.  That decision was made long ago when CPUs were a
lot slower.  For files less than 256K, the digest is the MD5 digest
of the file size and the full file.  For files up to 1MB, the first
and last 128K of the file, and for over 1MB, the first and eighth
128K chunks are used, together with the file size.

=item Compression

BackupPC supports compression. It uses the deflate and inflate methods
in the Compress::Zlib module, which is based on the zlib compression
library (see L<http://www.gzip.org/zlib/>).

The $Conf{CompressLevel} setting specifies the compression level to use.
Zero (0) means no compression. Compression levels can be from 1 (least
cpu time, slightly worse compression) to 9 (most cpu time, slightly
better compression). The recommended value is 3. Changing it to 5, for
example, will take maybe 20% more cpu time and will get another 2-3%
additional compression.  Diminishing returns set in above 5.  See the zlib
documentation for more information about compression levels.

BackupPC implements compression with minimal CPU load. Rather than
compressing every incoming backup file and then trying to match it
against the pool, BackupPC computes the MD5 digest based on the
uncompressed file, and matches against the candidate pool files by
comparing each uncompressed pool file against the incoming backup file.
Since inflating a file takes roughly a factor of 10 less CPU time than
deflating there is a big saving in CPU time.

The combination of pooling common files and compression can yield
a factor of 8 or more overall saving in backup storage.

Note that you should not turn compression on and off are you have
started running BackupPC.  It will result in double the storage needs,
since all the files will be stored in both the compressed and uncompressed
pools.

=back

=head2 BackupPC operation

BackupPC reads the configuration information from
__CONFDIR__/config.pl. It then runs and manages all the backup
activity. It maintains queues of pending backup requests, user backup
requests and administrative commands. Based on the configuration various
requests will be executed simultaneously.

As specified by $Conf{WakeupSchedule}, BackupPC wakes up periodically
to queue backups on all the PCs.  This is a four step process:

=over 4

=item 1

For each host and DHCP address backup requests are queued on the
background command queue.

=item 2

For each PC, BackupPC_dump is forked. Several of these may be run in
parallel, based on the configuration. First a ping is done to see if
the machine is alive. If this is a DHCP address, nmblookup is run to
get the netbios name, which is used as the hostname. If DNS lookup
fails, $Conf{NmbLookupFindHostCmd} is run to find the IP address from
the hostname.  The file __TOPDIR__/pc/$host/backups is read to decide
whether a full or incremental backup needs to be run. If no backup is
scheduled, or the ping to $host fails, then BackupPC_dump exits.

The backup is done using the specified XferMethod.  Either samba's smbclient
or tar over ssh/rsh/nfs piped into BackupPC_tarExtract, or rsync over ssh/rsh
is run, or rsyncd is connected to, with the incoming data
extracted to __TOPDIR__/pc/$host/new.  The XferMethod output is put
into __TOPDIR__/pc/$host/XferLOG.

The letter in the XferLOG file shows the type of object, similar to the
first letter of the modes displayed by ls -l:

    d -> directory
    l -> symbolic link
    b -> block special file
    c -> character special file
    p -> pipe file (fifo)
    nothing -> regular file

The words mean:

=over 4

=item create

new for this backup (ie: directory or file not in pool)

=item pool

found a match in the pool

=item same

file is identical to previous backup (contents were
checksummed and verified during full dump).

=item skip

file skipped in incremental because attributes are the
same (only displayed if $Conf{XferLogLevel} >= 2).

=back

As BackupPC_tarExtract extracts the files from smbclient or tar, or as
rsync or ftp runs, it checks each file in the backup to see if it is
identical to an existing file from any previous backup of any PC. It
does this without needed to write the file to disk. If the file matches
an existing file, a hardlink is created to the existing file in the
pool. If the file does not match any existing files, the file is written
to disk and inserted into the pool.

BackupPC_tarExtract and rsync can handle arbitrarily large files
and multiple candidate matching files without needing to write the
file to disk in the case of a match.  This significantly reduces
disk writes (and also reads, since the pool file comparison is done
disk to memory, rather than disk to disk).

Based on the configuration settings, BackupPC_dump checks each
old backup to see if any should be removed.

=item 3

Once each night, BackupPC_nightly is run to complete some additional
administrative tasks, such as cleaning the pool.  This involves
removing any files in the pool that only have a single hard link
(meaning no backups are using that file).

If BackupPC_nightly takes too long to run, the settings
$Conf{MaxBackupPCNightlyJobs} and $Conf{BackupPCNightlyPeriod} can
be used to run several BackupPC_nightly processes in parallel, and
to split its job over several nights.

=back

BackupPC also listens for TCP connections on $Conf{ServerPort}, which
is used by the CGI script BackupPC_Admin for status reporting and
user-initiated backup or backup cancel requests.

=head2 Storage layout

BackupPC resides in several directories:

=over 4

=item __INSTALLDIR__

Perl scripts comprising BackupPC reside in __INSTALLDIR__/bin,
libraries are in __INSTALLDIR__/lib and documentation
is in __INSTALLDIR__/doc.

=item __CGIDIR__

The CGI script BackupPC_Admin resides in this cgi binary directory.

=item __CONFDIR__

All the configuration information resides below __CONFDIR__.
This directory contains:

The directory __CONFDIR__ contains:

=over 4

=item config.pl

Configuration file. See L<Configuration File> below for more details.

=item hosts

Hosts file, which lists all the PCs to backup.

=item pc

The directory __CONFDIR__/pc contains per-client configuration files
that override settings in the main configuration file.  Each file
is named __CONFDIR__/pc/HOST.pl, where HOST is the hostname.

In pre-FHS versions of BackupPC these files were located in
__TOPDIR__/pc/HOST/config.pl.

=back

=item __LOGDIR__

The directory __LOGDIR__ (__TOPDIR__/log on pre-FHS versions
of BackupPC) contains:

=over 4

=item LOG

Current (today's) log file output from BackupPC.

=item LOG.0 or LOG.0.z

Yesterday's log file output.  Log files are aged daily and compressed
(if compression is enabled), and old LOG files are deleted.

=item status.pl

A summary of BackupPC's status written periodically by BackupPC so
that certain state information can be maintained if BackupPC is
restarted.  Should not be edited.

=item UserEmailInfo.pl

A summary of what email was last sent to each user, and when the
last email was sent.  Should not be edited.

=back

=item __RUNDIR__

The directory __RUNDIR__ (__TOPDIR__/log on pre-FHS versions
of BackupPC) contains:

=over 4

=item BackupPC.pid

Contains BackupPC's process id.

=item BackupPC.sock

A unix domain socket for communicating to the BackupPC server.

=back

=item __TOPDIR__

All of BackupPC's data (PC backup images, logs, configuration information)
is stored below this directory.

Below __TOPDIR__ are several directories:

=over 4

=item __TOPDIR__/pool

All uncompressed files from PC backups are stored below __TOPDIR__/pool.
Each file's name is based on the MD5 hex digest of the file contents.

For V4+, the digest is the MD5 digest of the full file contents (the length
is not used).  For V4+ the pool files are stored in a 2 level tree, using
7 bits from the top of the first two bytes of the digest.  So there are 128
directories are each level, numbered evenly in hex from 0x00, 0x02, to 0xfe.

For example, if a file has an MD5 digest of 123456789abcdef0123456789abcdef0,
the uncompressed file is stored in __TOPDIR__/pool/12/34/123456789abcdef0123456789abcdef0.

Duplicates digest are represented with one (or more) hex byte extensions.
So three colliding files would be stored as

	__TOPDIR__/pool/12/34/123456789abcdef0123456789abcdef0
	__TOPDIR__/pool/12/34/123456789abcdef0123456789abcdef000
	__TOPDIR__/pool/12/34/123456789abcdef0123456789abcdef001

The rest of this section describes the old pool layout.  Note that both V3 and V4
pools can exist together, since they use different names for their directory trees.

As exampled earlier, prior to V4 the digest is computed as follows.
For files less than 256K, the file length and the entire
file is used. For files up to 1MB, the file length and the first and
last 128K are used. Finally, for files longer than 1MB, the file length,
and the first and eighth 128K chunks for the file are used.

Both BackupPC_dump (actually, BackupPC_tarExtract or rsync_bpc) are
responsible for checking newly backed up files against the pool. For
each file, the MD5 digest is used to generate a filename in the pool
directory.

If the file exists in the pool, the contents are compared.
If there is no match, additional files in the chain are checked (if any).
(Actually, multiple candidate files are compared in parallel.)

If $Conf{PoolV3Enabled} is set, then the V3 pool is checked
if there are no matches in the V4 pool.  If a V3 file matches, it is
simply moved (renamed) the the V4 pool with it's new filename based on
the V4 digest.  That still allows the V3 backups to be browsed etc, since
those backups are still based on hardlinks.

If the file contents exactly match, a reference count is incremented.
Otherwise, the file is added to the pool by using an atomic link operation,
followed by unlinking the temporary file.

One other issue: zero length files are not pooled, since there are a lot
of these files and on most file systems it doesn't save any disk space
to turn these files into hard links.

Prior to V4, each pool file is stored in a subdirectory X/Y/Z, where X,
Y, Z are the first 3 hex digits of the MD5 digest.

For example, if a file has an MD5 digest of 123456789abcdef0123456789abcdef0,
the file is stored in __TOPDIR__/pool/1/2/3/123456789abcdef0123456789abcdef0.

The MD5 digest might not be unique (especially since not all the file's
contents are used for files bigger than 256K). Different files that have
the same MD5 digest are stored with a trailing suffix "_n" where n is
an incrementing number starting at 0. So, for example, if two additional
files were identical to the first, except the last byte was different,
and assuming the file was larger than 1MB (so the MD5 digests are the
same but the files are actually different), the three files would be
stored as:

	__TOPDIR__/pool/1/2/3/123456789abcdef0123456789abcdef0
	__TOPDIR__/pool/1/2/3/123456789abcdef0123456789abcdef0_0
	__TOPDIR__/pool/1/2/3/123456789abcdef0123456789abcdef0_1

=item __TOPDIR__/cpool

All compressed files from PC backups are stored below __TOPDIR__/cpool.
Its layout is the same as __TOPDIR__/pool, and the hashing function
is the same (and, importantly, based on the uncompressed file, not
the compressed file).

=item __TOPDIR__/pc/$host

For each PC $host, all the backups for that PC are stored below
the directory __TOPDIR__/pc/$host.  This directory contains the
following files:

=over 4

=item LOG

Current log file for this PC from BackupPC_dump.

=item LOG.MMYYYY or LOG.MMYYYY.z

Last month's log file.  Log files are aged monthly and compressed
(if compression is enabled), and old LOG files are deleted.
In earlier versions of BackupPC these files used to have
a suffix of 0, 1, ....

=item XferERR or XferERR.z

Output from the transport program (ie: smbclient, tar, rsync or ftp)
for the most recent failed backup.

=item XferLOG or XferLOG.z

Output from the transport program (ie: smbclient, tar, rsync or ftp)
for the current backup.

=item nnn (an integer)

Backups are in directories numbered sequentially starting at 0.  Below
each backup directory are the inodes (in nnn/inode) and the reference
counts for this backup are in nnn/refCnt.

=item refCnt

The host's reference count database is stored below the refCnt directory.

=item XferLOG.nnn or XferLOG.nnn.z

Output from the transport program (ie: smbclient, tar, rsync or ftp)
corresponding to backup number nnn.

=item RestoreInfo.nnn

Information about restore request #nnn including who, what, when, and
why. This file is in Data::Dumper format.  (Note that the restore
numbers are not related to the backup number.)

=item RestoreLOG.nnn.z

Output from smbclient, tar or rsync during restore #nnn.  (Note that the restore
numbers are not related to the backup number.)

=item ArchiveInfo.nnn

Information about archive request #nnn including who, what, when, and
why. This file is in Data::Dumper format.  (Note that the archive
numbers are not related to the restore or backup number.)

=item ArchiveLOG.nnn.z

Output from archive #nnn.  (Note that the archive numbers are not related
to the backup or restore number.)

=item config.pl

Old location of optional configuration settings specific to this host.
Settings in this file override the main configuration file.
In new versions of BackupPC the per-host configuration files are
stored in __CONFDIR__/pc/HOST.pl.

=item backups

A tab-delimited ascii table listing information about each successful
backup, one per row.  The columns are:

=over 4

=item num

The backup number, an integer that starts at 0 and increments
for each successive backup.  The corresponding backup is stored
in the directory num (eg: if this field is 5, then the backup is
stored in __TOPDIR__/pc/$host/5).

=item type

Set to "full" or "incr" for full or incremental backup.

=item startTime

Start time of the backup in unix seconds.

=item endTime

Stop time of the backup in unix seconds.

=item nFiles

Number of files backed up (as reported by smbclient, tar, rsync or ftp).

=item size

Total file size backed up (as reported by smbclient, tar, rsync or ftp).

=item nFilesExist

Number of files that were already in the pool
(as determined by BackupPC_dump).

=item sizeExist

Total size of files that were already in the pool
(as determined by BackupPC_dump).

=item nFilesNew

Number of files that were not in the pool
(as determined by BackupPC_dump).

=item sizeNew

Total size of files that were not in the pool
(as determined by BackupPC_dump).

=item xferErrs

Number of errors or warnings from smbclient, tar, rsync or ftp.

=item xferBadFile

Number of errors from smbclient that were bad file errors (zero otherwise).

=item xferBadShare

Number of errors from smbclient that were bad share errors (zero otherwise).

=item tarErrs

Number of errors from BackupPC_tarExtract.

=item compress

The compression level used on this backup.  Zero or empty means no
compression.

=item sizeExistComp

Total compressed size of files that were already in the pool
(as determined by BackupPC_dump).

=item sizeNewComp

Total compressed size of files that were not in the pool
(as determined by BackupPC_dump).

=item noFill

Set if this backup has not been filled - it just includes the
deltas from the next backup necessary to reconstruct this backup.

=item fillFromNum

If this backup was filled (ie: noFill is 0) then this is the
number of the backup that it was filled from

=item mangle

Set if this backup has mangled filenames and attributes.  Always
true for backups in v1.4.0 and above.  False for all backups prior
to v1.4.0.

=item xferMethod

Set to the value of $Conf{XferMethod} when this dump was done.

=item level

The level of this dump.  A full dump is level 0.  Currently incrementals
are 1.  In V4+ multi-level incrementals are no longer supported, so this
is just a 0 or 1.

=back

=item restores

A tab-delimited ascii table listing information about each requested
restore, one per row.  The columns are:

=over 4

=item num

Restore number (matches the suffix of the RestoreInfo.nnn and
RestoreLOG.nnn.z file), unrelated to the backup number.

=item startTime

Start time of the restore in unix seconds.

=item endTime

End time of the restore in unix seconds.

=item result

Result (ok or failed).

=item errorMsg

Error message if restore failed.

=item nFiles

Number of files restored.

=item size

Size in bytes of the restored files.

=item tarCreateErrs

Number of errors from BackupPC_tarCreate during restore.

=item xferErrs

Number of errors from smbclient, tar, rsync or ftp during restore.

=back

=item archives

A tab-delimited ascii table listing information about each requested
archive, one per row.  The columns are:

=over 4

=item num

Archive number (matches the suffix of the ArchiveInfo.nnn and
ArchiveLOG.nnn.z file), unrelated to the backup or restore number.

=item startTime

Start time of the restore in unix seconds.

=item endTime

End time of the restore in unix seconds.

=item result

Result (ok or failed).

=item errorMsg

Error message if archive failed.

=back

=back

=back

=back

=head2 Compressed file format

The compressed file format is as generated by Compress::Zlib::deflate
with one minor, but important, tweak. Since Compress::Zlib::inflate
fully inflates its argument in memory, it could take large amounts of
memory if it was inflating a highly compressed file. For example, a
200MB file of 0x0 bytes compresses to around 200K bytes. If
Compress::Zlib::inflate was called with this single 200K buffer, it
would need to allocate 200MB of memory to return the result.

BackupPC watches how efficiently a file is compressing. If a big file
has very high compression (meaning it will use too much memory when it
is inflated), BackupPC calls the flush() method, which gracefully
completes the current compression.  BackupPC then starts another
deflate and simply appends the output file.  So the BackupPC compressed
file format is one or more concatenated deflations/flushes.  The specific
ratios that BackupPC uses is that if a 6MB chunk compresses to less
than 64K then a flush will be done.

Back to the example of the 200MB file of 0x0 bytes.  Adding flushes
every 6MB adds only 200 or so bytes to the 200K output.  So the
storage cost of flushing is negligible.

To easily decompress a BackupPC compressed file, the script
BackupPC_zcat can be found in __INSTALLDIR__/bin.  For each
filename argument it inflates the file and writes it to stdout.

=head2 Rsync checksum caching

Rsync checksum caching is not implemented in V4. That's because a full
backup with rsync in V4 uses client-side whole-file checksums during a full
backup, meaning that the server doesn't need to send block-level digests on
every full backup.

The rest of this section applies to V3.

An incremental backup with rsync compares attributes on the client
with the last full backup.  Any files with identical attributes
are skipped.  In V3, a full backup with rsync sets the --ignore-times
option, which causes every file to be examined independent of
attributes.

Each file is examined by generating block checksums (default 2K
blocks) on the receiving side (that's the BackupPC side), sending
those checksums to the client, where the remote rsync matches those
checksums with the corresponding file.  The matching blocks and new
data is sent back, allowing the client file to be reassembled.
A checksum for the entire file is sent to as an extra check the
the reconstructed file is correct.

This results in significant disk IO and computation for BackupPC:
every file in a full backup, or any file with non-matching attributes
in an incremental backup, needs to be uncompressed, block checksums
computed and sent.  Then the receiving side reassembles the file and
has to verify the whole-file checksum.  Even if the file is identical,
prior to 2.1.0, BackupPC had to read and uncompress the file twice,
once to compute the block checksums and later to verify the whole-file
checksum.

=head2 Filename mangling

Backup filenames are stored in "mangled" form. Each node of
a path is preceded by "f" (mnemonic: file), and special characters
(\n, \r, % and /) are URI-encoded as "%xx", where xx is the ascii
character's hex value.  So c:/craig/example.txt is now stored as
fc/fcraig/fexample.txt.

This was done mainly so metadata could be stored alongside the backup
files without name collisions. In particular, the attributes for the
files in a directory are stored in a file called "attrib", and mangling
avoids filename collisions (I discarded the idea of having a duplicate
directory tree for every backup just to store the attributes). Other
metadata (eg: rsync checksums) could be stored in filenames preceded
by, eg, "c". There are two other benefits to mangling: the share name
might contain "/" (eg: "/home/craig" for tar transport), and I wanted
that represented as a single level in the storage tree.

The CGI script undoes the mangling, so it is invisible to the user.

=head2 Special files

Linux/unix file systems support several special file types: symbolic
links, character and block device files, fifos (pipes) and unix-domain
sockets. All except unix-domain sockets are supported by BackupPC
(there's no point in backing up or restoring unix-domain sockets since
they only have meaning after a process creates them). Symbolic links are
stored as a plain file whose contents are the contents of the link (not
the file it points to). This file is compressed and pooled like any
normal file. Character and block device files are also stored as plain
files, whose contents are two integers separated by a comma; the numbers
are the major and minor device number. These files are compressed and
pooled like any normal file. Fifo files are stored as empty plain files
(which are not pooled since they have zero size). In all cases, the
original file type is stored in the attrib file so it can be correctly
restored.

Hardlinks are supported.  In V4, file metadata include an inode number
and a link count.  Any file with more than one link points at the inode
information stored below the backup directory in the inode directory.
That directory contains a tree of up to 16K attrib files based on bits
10-23 of the inode number.  In particular, the directory name uses bits
17-23, and the attrib filename includes bits 10-16.  The key (index) in
the attrib file is the hex inode number.  The original file metadata's
link count might not be accurate; it's more a flag (>1) for when to look
up the inode information.  The correct link count is stored in the inode.

In V3, hardlinks are stored in a similar manner to symlinks.  When GNU
tar first encounters a file with more than one link (ie: hardlinks)
it dumps it as a regular file.  When it sees the second and subsequent
hardlinks to the same file, it dumps just the hardlink information.
BackupPC correctly recognizes these hardlinks and stores them just like
symlinks: a regular text file whose contents is the path of the file
linked to.  The CGI script will download the original file when you
click on a hardlink.

Also, BackupPC_tarCreate has enough magic to re-create the hardlinks
dynamically based on whether or not the original file and hardlinks
are both included in the tar file.  For example, imagine a/b/x is a
hardlink to a/c/y.  If you use BackupPC_tarCreate to restore directory
a, then the tar file will include a/b/x as the original file and a/c/y
will be a hardlink to a/b/x.  If, instead you restore a/c, then the
tar file will include a/c/y as the original file, not a hardlink.

=head2 Attribute file format

=over 4

=item V4 attrib files

The attribute file format is new in V4.  Every backup directory contains
an attrib file, which is zero length and its name includes the MD5 pool
digest, eg:

    attrib_33fe8f9ae2f5cedbea63b9d3ea767ac0

The digest is used to look up the contents in the V4 cpool, eg:

    __TOPDIR__/cpool/32/fe/33fe8f9ae2f5cedbea63b9d3ea767ac0

For inode attrib files, bits 17-23 (XX in hex) of the inode number are used for the
directory name, and the attrib filename includes bits 10-16 (YY in hex), so
relative to the backup directory:

    inode/XX/attribYY_33fe8f9ae2f5cedbea63b9d3ea767ac0

An empty attrib file has the name "attrib_0" (or "attribYY_0" for inodes).

The attrib file starts with a magic number, followed by the concatenation
of the following information for each file (all integers are stored in
perl's pack "w" format (variable length base 128)):

=over 4

=item *

Filename length, followed by the filename

=item *

Count of extended attributes

=item *

The unix file type, mtime, mode, uid, gid, size, inode number, compress,
number of links

=item *

MD5 digest length, followed by the digest contents

=item *

Each extended attribute (length of xattr name, length of xattr value, name, value)

=back

=item V3 attrib files

The unix attributes for the contents of a directory (all the files and
directories in that directory) are stored in a file called attrib.
There is a single attrib file for each directory in a backup.
For example, if c:/craig contains a single file c:/craig/example.txt,
that file would be stored as fc/fcraig/fexample.txt and there would be an
attribute file in fc/fcraig/attrib (and also fc/attrib and ./attrib).
The file fc/fcraig/attrib would contain a single entry containing the
attributes for fc/fcraig/fexample.txt.

The attrib file starts with a magic number, followed by the
concatenation of the following information for each file:

=over 4

=item *

Filename length in perl's pack "w" format (variable length base 128).

=item *

Filename.

=item *

The unix file type, mode, uid, gid and file size divided by 4GB and
file size modulo 4GB (type mode uid gid sizeDiv4GB sizeMod4GB),
in perl's pack "w" format (variable length base 128).

=item *

The unix mtime (unix seconds) in perl's pack "N" format (32 bit integer).

=back

The attrib file is also compressed if compression is enabled.
See the lib/BackupPC/Attrib.pm module for full details.

Attribute files are pooled just like normal backup files.  This saves
space if all the files in a directory have the same attributes across
multiple backups, which is common.

=back

=head2 Optimizations

BackupPC doesn't care about the access time of files in the pool
since it saves attribute metadata separate from the files.  Since
BackupPC mostly does reads from disk, maintaining the access time of
files generates a lot of unnecessary disk writes.  So, provided
BackupPC has a dedicated data disk, you should consider mounting
BackupPC's data directory with the noatime (or, with Linux kernels
>=2.6.20, relatime) attribute (see mount(1)).

=head2 Some Limitations

BackupPC isn't perfect (but it is getting better). Please see
L<http://backuppc.sourceforge.net/faq/limitations.html> for a
discussion of some of BackupPC's limitations.
(Note, this is old and we should move this to the Github Wiki.)

=head2 Security issues

Please see L<http://backuppc.sourceforge.net/faq/security.html> for a
discussion of some of various security issues.
(Note, this is old and we should move this to the Github Wiki.)

=head1 Configuration File

The BackupPC configuration file resides in __CONFDIR__/config.pl.
Optional per-PC configuration files reside in __CONFDIR__/pc/$host.pl
(or __TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC).
This file can be used to override settings just for a particular PC.

=head2 Modifying the main configuration file

The configuration file is a perl script that is executed by BackupPC, so
you should be careful to preserve the file syntax (punctuation, quotes
etc) when you edit it. Specifically, preserving quotes means you should never
use undef for configuration parameters that expect string values. An empty
string ('') should be used in this case.
It is recommended that you use CVS, RCS or some
other method of source control for changing config.pl.

BackupPC reads or re-reads the main configuration file and
the hosts file in three cases:

=over 4

=item *

Upon startup.

=item *

When BackupPC is sent a HUP (-1) signal.  Assuming you installed the
init.d script, you can also do this with "/etc/init.d/backuppc reload".

=item *

When the modification time of config.pl file changes.  BackupPC
checks the modification time once during each regular wakeup.

=back

Whenever you change the configuration file you can either do
a kill -HUP BackupPC_pid or simply wait until the next regular
wakeup period.

Each time the configuration file is re-read a message is reported in the
LOG file, so you can tail it (or view it via the CGI interface) to make
sure your kill -HUP worked. Errors in parsing the configuration file are
also reported in the LOG file.

The optional per-PC configuration file (__CONFDIR__/pc/$host.pl or
__TOPDIR__/pc/$host/config.pl in non-FHS versions of BackupPC)
is read whenever it is needed by BackupPC_dump, BackupPC_restore and others.

=head1 Configuration Parameters

The configuration parameters are divided into five general groups.
The first group (general server configuration) provides general
configuration for BackupPC.  The next two groups describe what to
backup, when to do it, and how long to keep it.  The fourth group
are settings for email reminders, and the final group contains
settings for the CGI interface.

All configuration settings in the second through fifth groups can
be overridden by the per-PC config.pl file.

__CONFIGPOD__

=head1 Version Numbers

BackupPC uses a X.Y.Z version numbering system.  The first digit is for
major new releases, the middle digit is for significant feature releases
and improvements (most of the releases have been in this category).

=head1 Author

Craig Barratt  <cbarratt@users.sourceforge.net>

See L<https://backuppc.github.io/backuppc/BackupPC.html>.

=head1 Copyright

Copyright (C) 2001-2020 Craig Barratt

=head1 Credits

Ryan Kucera contributed the directory navigation code and images
for v1.5.0.  He contributed the first skeleton of BackupPC_restore.
He also added a significant revision to the CGI interface, including
CSS tags, in v2.1.0, and designed the BackupPC logo.

Xavier Nicollet, with additions from Guillaume Filion, added the
internationalization (i18n) support to the CGI interface for v2.0.0.
Xavier provided the French translation fr.pm, with additions from
Guillaume.

Guillaume Filion wrote BackupPC_zipCreate and added the CGI support
for zip download, in addition to some CGI cleanup, for v1.5.0.
Guillaume continues to support fr.pm updates for each new version.

Josh Marshall implemented the Archive feature in v2.1.0.

Ludovic Drolez supports the BackupPC Debian package.

Javier Gonzalez provided the Spanish translation, es.pm for v2.0.0.

Manfred Herrmann provided the German translation, de.pm for v2.0.0.
Manfred continues to support de.pm updates for each new version,
together with some help from Ralph Paßgang.

Lorenzo Cappelletti provided the Italian translation, it.pm for v2.1.0.
Giuseppe Iuculano and Vittorio Macchi updated it for 3.0.0.

Lieven Bridts provided the Dutch translation, nl.pm, for v2.1.0,
with some tweaks from Guus Houtzager, and updates for 3.0.0.

Reginaldo Ferreira provided the Portuguese Brazilian translation
pt_br.pm for v2.2.0.

Rich Duzenbury provided the RSS feed option to the CGI interface.

Jono Woodhouse from CapeSoft Software (www.capesoft.com) provided a
new CSS skin for 3.0.0 with several layout improvements.  Sean Cameron
(also from CapeSoft) designed new and more compact file icons for 3.0.0.

Youlin Feng provided the Chinese translation for 3.1.0.

Karol 'Semper' Stelmaczonek provided the Polish translation for 3.1.0.

Jeremy Tietsort provided the host summary table sorting feature for 3.1.0.

Paul Mantz contributed the ftp Xfer method for 3.2.0.

Petr Pokorny provided the Czech translation for 3.2.1.

Rikiya Yamamoto provided the Japanese translation for 3.3.0.

Yakim provided the Ukrainian translation for 3.3.0.

Sergei Butakov provided the Russian translation for 3.3.0.

Alexander Moisseev provided the rrdtool graphing code in 4.0.0 and has provided
many fixes and improvements in 3.x and 4.x.

Many people have provided user support on the mail lists, reported bugs,
made useful suggestions, and helped with testing; see the ChangeLog
and the mailing lists.

Your name could appear here in the next version!

=head1 License

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.