mgutt Posted November 3, 2020 Share Posted November 3, 2020 (edited) Requirements Unassigend Devices CA User Scripts rsync Incremental Backup Windows Setup Add a new user like "unraid" through Computer Management > Local Users and Groups, use a strong password, disable password change Right click on a folder like "Documents" and click on "Advanced Share" to enable sharing this folder, delete "Everyone", add "unraid" with "read-only" permissions (this enables sharing the "Documents" folder) Now click on "Share" and again add the user "unraid" with the "read-only" permission (this enables sharing all content and subfolders, ask Microsoft why you need both steps ) Repeat this step for each folder you need to backup Unraid Setup Add Windows SMB Share through Unassigned Devices, skip "Domain" Repeat this step for each shared folder Disable "Share" and enable "Auto-Mount". "Mount" all Shares rsync Setup Add the rsync script through CA User Scripts and set the paths accordingly Set schedule like "Hourly" Example: Notes As long the backup path is not a writable share, this is safe against ransomware as our server has only read permissions on the client and the client has no permission on the server at all. It seems to be easier, but do not share your full user path (C:\Users\USERNAME) as this path contains the hidden "AppData" directory which contains a massive amount of temporary files and thousands of useless files. If you want to backup a specific app, then add a share to its folder like "C:\Users\USERNAME\AppData\Roaming\Thunderbird\Profiles". Edited November 3, 2020 by mgutt Quote Link to comment
kizer Posted November 6, 2020 Share Posted November 6, 2020 Have you tried tinkering with chatter +i on files? That's what I use to keep my files locked. Quote Link to comment
mgutt Posted November 6, 2020 Author Share Posted November 6, 2020 "chattr +i" does not allow incremental rsync backups as it disallows new links to already existing files. This is only something which could be used before an after creating a backup to guard it in the meantime. But I do not really see a benefit as the backup folder is not reachable by usual users and if the attacker gets root access the immutable bit could be easily removed. Quote Link to comment
kizer Posted November 6, 2020 Share Posted November 6, 2020 Ooooops. Sorry didn't catch the fact your running Rsync with this and what you said up above is true. I use chattr myself as a just incase and its saved me a few times when I was cleaning up things and tried to delete something that shouldn't of been deleted. Lol Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.