After reading about the malware / Trojan Horse business that has been flying around lately, I realized that there is a fairly easy way to protect against this kind of thing. I wrote a script which duplicates a folder (like a user's Home directory) using hard links. The result is a complete backup of your home directory that takes up very very little additional space, because it is actually pointing to the contents of your original files. The practical upshot of running the script is that if you accidentally run (or some unfriendly software runs for you)
rm -rf ~, then it will still remove the contents of your home directory ... but you will have a full backup of your files exactly as they were before running the command. I've called the script
shadowmirror, and it works like this. You run it periodically to keep all the files in backup directory in sync:
shadowmirror /Users/yourUserName /Users/backups/yourBackupName
This will make sure everything in your home directory is backed up. It does not remove any files you might have deleted, though, unless you run it like this:
shadowmirror -d /Users/yourUserName /Users/backups/yourBackupName
This will remove any files that are in the backup that you have removed from your home directory. So, if you run the first version nightly, and the second version weekly, or monthly, you will always have a fairly up-to-date backup of your home directory with very little cost in disk space. For example, a 20GB home directory required about 58M of drive space. Using this has the added benefit of giving you a way to recover files that you yourself may have accidentally deleted. Some things to note:
- Hard links work in such a way that files will not be removed from the disk until all links to them have been removed. This means that you will NOT recover disk space by emptying the trash until you run the -d version of this command. But it's also what makes it possible to recover from that rm -rf on your home directory.
- Files WILL stay in sync between the backup and your home directory in real time, as long as the app editing them does not delete and recreate the file, which many apps do. Which means that this does not let you recover from mangling the contents of your files in all cases.
- The first time you run it, it will take a long time, as it is initially creating the backup. Subsequent runs will be faster, as only new files will need to be relinked
- You should NOT edit things inside your backup directory. First, any new files created there will be removed upon the next time you run with -d. Also, in many cases it will do exactly the same as editing the file in your home directory, so it is of very questionable usefulness.
- You can not make your backup within your source directory. It must be in a completely separate location.
- The source and backup directories MUST live on the same disk. Hard links do not function across volumes. This also means that currently this will not work if you are using File Vault.
[
robg adds: Due to the length of this script, I have uploaded it to the macosxhints' file collection;
click here to view and copy the source. Remember to make the file executable (
chmod +x shadowmirror) and store it somewhere on your path. I have not tested this script, but the idea of using hard links for a live backup is a good one, I think...]