In the last few weeks when booting my MacBookPro I've had it display a folder icon with a question mark in it. Now I don't know what that means, but it got me on my toes about getting a proper backup solution up and running. This is especially important as the MBP is my one and only work computer. Since I recently bought myself a QNAP TS-409Pro and have it running with 4 750GB hard disc in a RAID 5, I thought that'd be the perfect place for my backup. It's where the backup was before but I had to remeber to copy it there via the Finder. I knew the QNAP has rsync support. While googling for a rsync backup script or HOWTO, I stumbled upon rdiff-backup. A quick check in the ipkg package list turned up rdiff-backup and a MacPorts version is available as well.

So here is the install guide to get you going.

Prerequisites and required Know-How

Use this guide at your own risk. Because it worked for me it doesn't mean it's going to work for you. If you don't understand something read up on it, or leave it be.

This guide also assumes a view things:

• You a fairly firm using the shell/Terminal. You know...
• how to change directories.
• what file permissions.
• how to edit and save a file in vi.
• You know what SSH is.
• You have MacPorts installed.

I will use the IP 10.0.0.1 as IP for the QNAP, so replace that IP address with the correct IP for your QNAP and wherever necessary replace values to fit your needs.

Let's get going.

Create a backup user

In the QNAP Administration create a backup user. I called mine backup which I'll use through out this document.

I also created a group backup which all the users that use this backup solution are members of, though this isn't necessary for this to work.

Create a backup share

Since we are already in the QNAP Administration, you might as well create a backup share. The hare is also called backup, I know not very imaginative.

You only need the share if you want to access the backup via the Finder/Path Finder.

IMPORTANT: If you don't create the share, you need to think a little more when following this document.

Install Optware-iPKG

If Optware-iPKG isn't yet installed on your QNAP then this is the next thing to do.

You install Optware-iPKG in the Admin under System Tools/QPKG. Click on QPKG in the top right corner. Download the correct "Optware IPKG (Itsy Package Management System)" package for your QNAP system and unzip the file. Then you need to go to System Tools/System Update. Select the QPKG using the Browse... button and click on Update System.

If you have problems installing "Optware IPKG (Itsy Package Management System)" check the QNAP [forums][qnap-forums] and wiki.

Enable SSH server in config

The last thing that needs to be done in the QNAP Administration is enabling the standard SSH server.

You do that under System Tools/Remote Login. Make sure that the checkbox Allow SSH connection is enabled, then save the setting by clicking on Apply.

Open a SSH session to qnap

Now we start installing and configuring stuff on the QNAP. Log into the QNAP using SSH.

QNAP $ ssh admin@10.0.01

Enter your password.

IMPORTANT: The QNAP SSH server only allows too login with the user admin. So you can't use any of other users.

Install openSSH on the QNAP

Since the QNAP SSH only allows admin logins and I didn't want to do the backups with the admin user I installed a standard openSSH.

Installing openSSH is dead simple using the ipkg system.

QNAP $ ipkg install openssh

We still need to configure some things, but we'll get to that later.

Install rdiff-backup on the QNAP

As we are at the installing stuff via ipkg stage, we can also install our backup tool of choice rdiff-backup.

QNAP $ ipkg install py25-rdiff-backup

That's all there is to it and that is also the last time we see rdiff-backup on the QNAP.

Edit the openSSH config

The QNAP is already running an SSH server on the standard port. So we need to tell openSSH to use a different port. Todo that we need to edit it's config file.

QNAP $ vi /opt/etc/openssh/sshd_config

Find the line containing the variable Port and change it to what ever port number you want. Take into account to use a port above 1024 and below 65000 (plus a few). I used 19672, and will use that through out the rest of the document.

Port 19672

To make sure that thing are secure as can be, I also made the following changes to the sshd_config.

DenyUsers !backup

This denies login access to all users but the backup user.

Make openSSH server start automatically

There is 2 parts to this step. First we need a start script for the server and then we need to make sure that a link to the start script is created when the system boots.

start the editor creating the new script.

QNAP $ vi /opt/sbin/sshd-start.sh

now because I'm lazy I didn't create a fully fledged script, I just start the server.

This is what my script looks like

#!/bin/sh

/opt/sbin/sshd

save the file and exit the editor. For those who are still reading but don't know vi. Press ESC a couple of times, this makes sure you are in command mode and then type :wq + RETURN. Also to start editing press "i" without quotes.

When you are back in the shell, it's time to make sure that the new script can actually be executed

chmod u+x /opt/sbin/sshd-start.sh

Ok, so far so good. Next we need to edit the QNAP autorun script so that a link in the init systems startup directory is created.

First mount the config ramblock. Depending on which QNAP system you have, the mount command is slightly different. On my TS-409 it's:

QNAP $ mount -t ext2 /dev/mtdblock5 /tmp/config

Check this page in the QNAP wiki, to find out how to mount your config ramblock, Autrun.sh QNAPedia.

Next open the autorun.sh file in the editor:

QNAP $ vi /tmp/config/autorun.sh

and add the following line:

#!/bin/sh

/bin/ln -sf /opt/sbin/sshd-start.sh /etc/rcS.d/QS9000sshd

You only need to add the #! /bin/sh part if it's not already there. Save and exit (remember ESC, ESC, :wq and i to start editing).

also check to make sure that the autorun.sh is executable

QNAP $ ls -l /tmp/config/autorun.sh
-rwxr--r--    1 admin    administ       69 Dec 27 22:52 /tmp/config/autorun.sh*
QNAP $

If the fourth character isn't an x it's not executable and you need to run:

QNAP $ chmod u+x /tmp/config/autorun.sh

Now umount the config ramblock

QNAP $ umount /tmp/config

Start openSSH server and test a remote login.

For now let's start the server manually.

QNAP $ /opt/sbin/sshd

if there is no output, the server should be running fine.

On your Mac open a Terminal and run:

Mac $ ssh -p19672 backup@10.0.0.1

You will be prompted for the backup users password, enter it. You'll probably get a Warning about "No xauth data", which you can safely ignore. You should now be presented with the shell prompt on the QNAP, it looks a little weird on my system. To make sure that really are on the QNAP run whoami.

ÄßÜ $ whoami
backup

This paragraph is only for those who have successfully logged in to the QNAP. Pat yourself on the back, the first big step is done.

Everybody else will probably have gotten some error or another. Your best bet is to google for the error, somebody else has probably had the same problem and might have found a solution. Also recheck all the steps above to make sure you didn't miss anything. If things still don't work go too sleep and recheck

Ohh, and you can exit the SSH session with exit or CTRL+D.

Find the directory of the backup share

Next in the process we need to find where the backup share was created. I have a RAID5 setup, and that put's my backup share in /share/MD0_DATA/backup, I'll use this directory name for the rest of the document, please replace it with whatever works on your end. I found my share using the find command

QNAP $ find / -type d -name backup

This finds, starting at the root directory /, all directories with the name of backup. Simple ehh.

OK, once you got that on to the next step.

Create a home directory for the backup user

We need a home directory for the backup user and a .ssh directory to store his public SSH key. Since sshd wants pretty restrictive file permissions on the home and .ssh directory which contains the public key we can't just use the new backup share.

So for the puropse of the home and .ssh directory I created a directory home in the backup dir, with a subdirectory .ssh.

QNAP $ mkdir /share/MD0_DATA/backup/home
QNAP $ mkdir /share/MD0_DATA/backup/home/.ssh

Then we need to set permissions.

QNAP $ chown backup.everyone /share/MD0_DATA/backup
QNAP $ chown backup.everyone /share/MD0_DATA/backup/.ssh
QNAP $ chmod 0700 /share/MD0_DATA/backup
QNAP $ chmod 0700 /share/MD0_DATA/backup/.ssh

The home directory is now ready to be used.

Edit /etc/passwd change the home directory of the backup user to /home

Make the system use the new home directory when login in as the backup.

IMPORTANT: we are now modifying a system file, which could break your system.

We need to the /etc/passwd. This file contains all users available on the system. It also specifies each users home dir.

Load it up in the editor:

QNAP $ vi /etc/passwd

Now find the line that starts with backup and replace the current home directory / with the new one /share/MD0_DATA/backup/home.

It looked like this:

backup:503:101:backup:/:/bin/bash

and should now look something like this:

backup:503:101:backup:/share/MD0_DATA/backup/home:/bin/bash

Save the changes and exit the editor.

Now login to the QNAP via SSH again to make sure that the new home directory is used. To check which directory you are in execute pwd just after login in.

Mac $ ssh -p19672 backup@10.0.0.1
No xauth ........
QNAP $ pwd
/share/MD0_DATA/backup
QNAP $ exit

If the pwd command returns the correct directory then on to the next section, if not go back and recheck everything.

Passwordless login to the QNAP

Currently we still need to enter our password when login in to the QNAP and that isn't very helpful if we want to automate our backup. To correct this problem we will create a SSH key without a password, copy the public key to the QNAP and then we can login without a password.

First step, create SSH key. On your Mac in a Terminal run ssh-keygen to create the key and follow the instructions. Make sure you don't supply a pasword here otherwise you will still have to supply a password when login in. I also gave the file the name article-pl to correctly identify it (I already have a few others).

Mac $ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/adi/.ssh/id_rsa): /Users/adi/.ssh/article-pl         
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/adi/.ssh/article-pl.
Your public key has been saved in /Users/adi/.ssh/article-pl.pub.
The key fingerprint is:
3b:e9:2d:0f:2e:0e:ee:92:8a:24:f3:a9:9a:6c:ac:90 adi@Mac.local
Mac #

We now need to make the public key available on the QNAP in the backup users authorized keys, which resides in the .ssh directory in the backup users home directory. It's the file with the .pub extension, in my case article-pl.pub. I copied the public key to the backup share using the Finder, since I couldn't figure out how to show hidden directories in the Finder I first copied the file to my Desktop. Then logged in to the QNAP using the backup user and moved the file.

In the Terminal:

Mac $ cp ~/.ssh/article-pl.pub ~/Desktop

Now using the Finder copy the file to the backup share on the QNAP. Then:

Mac $ ssh -p19672 backup@10.0.0.1
No xauth data ......
Enter Password:
QNAP $ pwd
/share/MD0_DATA/backup/home
QNAP $ cd ..
QNAP $ ls -l
.
..
article-pl.pub
home

QNAP $ mv article-pl.pub home/.ssh/authorized_keys
QNAP $ chmod 0600 home/.ssh/authorized_keys

Make sure you the the access rights. If anyone but the owner has read or write permissions on the file SSH won't accept it.

We can now test login with the new keys and hopefully passwordless.

Mac $ ssh -p19672 backup@10.0.0.1
No xauth ......
QNAP $

You should hopefully be logged in now without having specified a password.

If you have problems a good debug option is starting the SSH server with the -d parameter directly in the console. sshd will then not detach from the console and display debugging information in the console. You can supply the -d up to 3 times for more verbose information. Make sure to kill the running sshd first.

BTW, it's /opt/sbin/sshd which needs to be killed, not the other one. :)

Add qnap backup to .shh/config

Since I have multiple SSH keys, I want to be certain that SSH uses the correct one when connecting. So I create a host section in my SSH config. Since I added a host section to the config I also went ahead and told SSH which Port to connect toand which user to use.

On the Mac open the file ~/.ssh/config in your favorite editor. If it doesn't exist create it. Then add the following:

Host = qnap-backup
HostName = 10.0.0.1
Port = 19672
User = backup
IdentityFile = ~/.ssh/article-pl

Add the above allows me to just use ssh qnap-backup to login to the QNAP. If you've made and saved the changes to the SSH config, go ahead and try it. Open a Terminal and execute ssh qnap-backup. You should now be logged in to the QNAP, no password and nothing.

Installing rdiff-backup on the Mac

At the time of writing this article the rdiff port was still using python 2.4 where as the standard python in MacPorts is already at 2.5. If you just go ahead and install rdiff it'll also install a complete python 2.4 setup, which I didn't want. Luckily someone has submitted a patch to the MacPorts ticket system. First download the patch and then comeback.

Hi. So now that you are back. Time to apply the patch. In a Terminal change to the directory /opt/local/var/macports/sources/rsync.macports.org/release/ports/python/rdiff-backup. I guess if you are not using rsync.macports.org the directory might be a different one, well if so time to think.

Mac $ cd /opt/local/var/macports/sources/rsync.macports.org/release/ports/python/rdiff-backup

Once you are there it's time to apply the patch.

Mac $ sudo patch < /Users/adi/Downloads/rdiffbackup.patch 
Password: 
patching file Portfile
Hunk #1 succeeded at 1 with fuzz 2.
Mac $

Once the Portfile is patched it's time to install rdiff-backup.

Mac $ sudo port install rdiff-backup
lot's of install messages
Mac $

Well that's it. You can now use rdiff. To make sure things are actually working rdiff has a test-server option. Since we created Host in the SSH config in the last step. We can just use that host string.

Mac $ rdiff-backup --test-server qnap-backup::.
Testing server started by:  ssh -C qnap-backup rdiff-backup --server
Server OK
Mac $

Finish

Well that should be it. Time to read the rdiff-backup docs.

One important thing to note: When login in with the backup user, the current directory is the backup users home directory which only he has read and write permissions to. So when you specify the remote backup directory for rdiff. Make sure it's relative to the home directory. I use qnap-backup::../MacBookPro which creates the backups in a directory next to the home directory of the backup user. This directory I can access on the backup share.

I hope this guide was helpful and understandable. It too me more time to write the post than it took me get things setup.. :)