I have been using the excellent backup server Backuppc and if you need a network backup facility which can backup Windows, Unix and Linux systems give it a look.
It does have one flaw in it however and this may catch you out if you get confused by the Backup Operators group.
On every Windows machine there is a group called Backup Operators which if look at the description says:
Backup Operators can override security restrictions for the sole purpose of backing up or restoring files
So you think to yourself, “Great I can put the backuppc user into that group on the Samba PDC and I’ll be able to backup all the files I want”.
Unfortunately it does not work out that way, for two reasons:
- The domain Backup Operators can only be used on domain controllers.
- Backuppc uses smbclient to connect and not Windows Backup API.
A look on technet explains the privileges the Backup Operator group has. So putting the backuppc user into the domain Backup Operators group does not give it privileges to backup all the PCs.
And putting the backuppc user into the Backup Operators group will not solve the problem either because of no. 2. Samba’s smbclient will login as a normal user and the OS will use the file system ACLs to determine rights. Those rights to read all files regardless of the ACL permissions applies only when the Windows Backup API is being used.
So you have two choices really.
- Add read, traverse, list folder contents for the Backup Operators group to the files and folders you want the backup to read. And place the backuppc user into the Backup Operators group on the PC.
- Use the administrator account
The first choice is obviously very tedious and error prone and the second choice has some security risks with it. I chose the latter and I suspect most users will too.
I have read something about Zmanada’s Windows Client for Amanda but I’m not sure if it uses the Backup API or not and would solve this problem. It is something for me to look into.