Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Offsite daily encrypted backup via Dropbox Storage Devices
Using some shell scripting + crontab + Dropbox, I've created a method for doing a daily encrypted backup of folders, lasting for 31 days.

Why bother? It's important to back up data because eventually all drives will die. Incremental backups are important because it allows you to track changes from day to day. The solution I have here isn't perfect, but it allows for a few folders to be saved for 30 days before they are overwritten. The benefit of this is that if a huge error is caught 5 days after it was made, then you can revert to the file that was saved 6 days ago.

Following is the script that does the job. I named this file backup.sh and had it run every day at 3am, when nobody is likely to be editing or messing with files. The result of the code is a disk image (.dmg) that will be password protected, and will have the name of backup[1-31].dmg (based on the current date). You'll need to edit the first few variable to match your setup.
# Dropbox as incremental backup.
# Justin Schwalbe
# http://finishtherace.net/wp/?p=622

password="trickypassword"
dropboxdir="~/Dropbox/backups/" #change this as needed, make sure it exists
backupfolders="/path/to/folder /path/to/second/folder /and/so/on"

##############################
# No need to edit below this #
##############################

datestring=`date +%d`
thisyear=`date +%y`
thismonth=`date +%m`
today=`date +%m.%d.%y | sed -e s/^0//`

dir="Daily"

#seems dumb and redundant, but it is sorta needed 
mkdir /tmp/Backups; cd /tmp/Backups
tar -czf backup$datestring.tgz $backupfolders
tar -zxf backup$datestring.tgz
rm backup$datestring.tgz

# hdiutil won't overwrite files, so if it exists, delete it.
if [ -f $dropboxdir/backup$datestring.dmg ]
then
	rm $dropboxdir/backup$datestring.dmg
fi

# create the .dmg file
hdiutil create -srcfolder '/tmp/Backups' -encryption -passphrase $password -fs HFS+ -volname Backup$thismonth.$datestring.$thisyear 
$dropboxdir/backup$datestring

# clean up our mess so tomorrow we can start fresh
rm -rf /tmp/Backups
Just put that file somewhere, make the necessary edits at the top of the file: set a password, your dropbox backup folder location, and the folders you'd like to backup. Then make sure the bash script can run (chmod +x backup.sh), and then set crontab to make it run once a day.

See entire post and instructions at my blog, and download the script here.

[crarko adds: I haven't tested this one.]
    •    
  • Currently 3.17 / 5
  You rated: 1 / 5 (6 votes cast)
 
[8,054 views]  

Offsite daily encrypted backup via Dropbox | 9 comments | Create New Account
Click here to return to the 'Offsite daily encrypted backup via Dropbox' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Offsite daily encrypted backup via Dropbox
Authored by: bcamp1973 on Nov 23, '10 08:03:27AM

Anyone have an idea of how to do this with amazon S3? That would provide a MUCH cheaper solution for larger backups. Currently, I'm using Arq (http://www.haystacksoftware.com/arq/) I'm backing up my 50Gb iphoto library for around $5 a month. I use dropbox too, but don't feel it's monthly cost is worth upgrade at this point (for me anyway)...



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: leamanc on Nov 23, '10 11:50:16AM

I don't have an S3 account to test with, but I imagine it would be very similar, as Dropbox actually uses S3 as its storage. That's why Dropbox is more expensive--they give away 2GB free to anyone who wants it, so therefore they have to up-sell the higher-end storage.



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: mmnw on Nov 23, '10 08:21:20AM
There are some things with this hint I'd like to point out, some which concern security.
This hint will only be effective as long as you are logged on. Since Dropbox will only sync with the server while you are loogged on. So, if you are on a multiuser system, the sync will undergo next time you log on, which can be pretty annoying.
Being on a multiuser system brings other caveats regarding the image password. First, you should make sure the script is readable only by you (i.e. chmod 700), or you shouldn't store the password in the script at all (see man security for how to store the password in the keychain). Second, you should not call hdiutil with -p $password, since while the command is running every other user on the computer can retrieve your password with a simple ps aux from the list of running processes. You can fix this by using the −stdinpass option of hdiutil.
Last, there's a cosmetic issue. cron has been marked as depreciated by Apple since at least 10.5 (I think 10.4). What you "should" use instead is a launchd object, either a demon or an agent (see man launchd, launchctl and launchd.plist). Working as an agent would also make sure the script is only executed while you are logged in and therefore Dropbox running.

[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: leamanc on Nov 23, '10 12:04:30PM

I gotta second the notion that this script be moved from cron to launchd, so that you can take advantage of having the script only run at user login. There will be errors with Dropbox not up and running (syncing to its server), and I don't see much facility for error handling in the script.

EDIT: Well, now that I think about it, Dropbox won't actually produce any errors, but there is still the net result of the dmg file not getting synced. The script should somehow check to see that the file was uploaded to Dropbox; perhaps this could be done by intercepting Dropbox's Growl notification about changed files?

Edited on Nov 23, '10 12:07:02PM by leamanc


[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: MikeEvangelist on Nov 23, '10 02:54:14PM

Another suggestion. If you've got one or more friends who are willing to share, you can use CrashPlan for free remote backup to each others' computers. All encrypted, secure and easy.

Mike (from Code 42, aka CrashPlan)



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: david-bo on Nov 23, '10 03:25:52PM

Why not just make a rsync backup of a Time Machine volume? With the right switches to rsync (can not be bothered to lookup the man page now) it makes identical copies including removing files Time Machine removes when it thins out its destination volume.

This way you are not limited to 30 days or any other arbitrary retention but only to the destination volumes actual volume. Place an external drive at a friends place (=offsite), enable file sharing on it and create an encrypted disk image. Then at your own computer, mount this disk image and rsync to it. Very simple.

---
link



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: asmeurer on Nov 24, '10 07:58:05PM

Well, for one thing, it wouldn't be secure.



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: david-bo on Nov 25, '10 12:59:56AM

Eeh, what are you talking about? Rsync over ssh to an encrypted disk image must be one of the most secure solutions available at a reasonable cost.

---
link



[ Reply to This | # ]
Offsite daily encrypted backup via Dropbox
Authored by: felix-fi on Nov 30, '10 12:59:07AM

tar -czf backup$datestring.tgz $backupfolders
tar -zxf backup$datestring.tgz
rm backup$datestring.tgz

Can probably be replaced with

tar -cf - $backupfolders | tar -xf -

my 2 cents



[ Reply to This | # ]