[Box Backup-commit] COMMIT r1901 - in box: . boxbackup-web boxbackup-web/images
boxbackup-dev@fluffy.co.uk
boxbackup-dev@fluffy.co.uk
Tue, 23 Oct 2007 12:11:06 +0100
Author: ben
Date: 2007-10-23 12:11:05 +0100 (Tue, 23 Oct 2007)
New Revision: 1901
Added:
box/boxbackup-web/
box/boxbackup-web/004-005.html
box/boxbackup-web/005-006.html
box/boxbackup-web/006-007.html
box/boxbackup-web/accounts.html
box/boxbackup-web/bbackupctl.html
box/boxbackup-web/bbstyles.css
box/boxbackup-web/client.html
box/boxbackup-web/comparison.html
box/boxbackup-web/description.html
box/boxbackup-web/images/
box/boxbackup-web/images/arrow.png
box/boxbackup-web/images/bblogo.png
box/boxbackup-web/images/stepahead.png
box/boxbackup-web/index.html
box/boxbackup-web/install.html
box/boxbackup-web/license.html
box/boxbackup-web/nonroot.html
box/boxbackup-web/openssl.html
box/boxbackup-web/restore.html
box/boxbackup-web/retrieve.html
box/boxbackup-web/server.html
box/boxbackup-web/serverfix.html
box/boxbackup-web/space.html
box/boxbackup-web/trouble.html
Log:
Make box backup web site available.
Added: box/boxbackup-web/004-005.html
===================================================================
--- box/boxbackup-web/004-005.html (rev 0)
+++ box/boxbackup-web/004-005.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Changing configuration from 0.04 to 0.05</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Changing configuration from 0.04 to 0.05</h1>
+
+<p>When upgrading from 0.04 to 0.05, you can either rename the 0.04 configuration
+directory, run <tt>bbackup-config</tt> again, and copy the keys and certificates
+to the new directory, or follow the instructions below to modify your configuration files.</p>
+
+<p>Edit <tt>bbackup.conf</tt>. Change <tt>StoreFullNotifyScript</tt> to just
+<tt>NotifyScript</tt>, so it looks like this:</p>
+
+<pre>
+# This script is run whenever bbackupd encounters a problem which requires
+# the system administrator to assist:
+# 1) The store is full, and no more data can be uploaded.
+# 2) Some files or directories were not readable.
+# The default script emails the system administrator.
+
+NotifyScript = /etc/box/bbackupd/NotifySysadmin.sh
+</pre>
+
+<p>This script now takes an argument which specifies what is to be reported, so
+you may wish to edit the script to reflect this. (An example is at the end of this
+page.)</p>
+
+<p>Add this section:</p>
+
+<pre>
+# The limit on how much time is spent diffing files. Most files shouldn't take very long,
+# but if you have really big files you can use this to limit the time spent diffing them.
+# * Reduce if you are having problems with processor usage.
+# * Increase if you have large files, and think the upload of changes is too large and want
+# to spend more time searching for unchanged blocks.
+
+MaximumDiffingTime = 20
+</pre>
+
+<p>Make any changes to the notify script requried. This is an example script
+generated by <tt>bbackupd-config</tt></p>
+
+
+<pre>
+#!/bin/sh
+
+SUBJECT="BACKUP PROBLEM on host boxdevel.fluffy.co.uk"
+SENDTO="ben"
+
+if [ $1 = store-full ]
+then
+/usr/sbin/sendmail $SENDTO <<EOM
+Subject: $SUBJECT (store full)
+To: $SENDTO
+
+
+The store account for boxdevel.fluffy.co.uk is full.
+
+=============================
+FILES ARE NOT BEING BACKED UP
+=============================
+
+Please adjust the limits on account 45 on server localhost.
+
+EOM
+elif [ $1 = read-error ]
+then
+/usr/sbin/sendmail $SENDTO <<EOM
+Subject: $SUBJECT (read errors)
+To: $SENDTO
+
+
+Errors occured reading some files or directories for backup on boxdevel.fluffy.co.uk.
+
+===================================
+THESE FILES ARE NOT BEING BACKED UP
+===================================
+
+Check the logs on boxdevel.fluffy.co.uk for the files and directories which caused
+these errors, and take appropraite action.
+
+Other files are being backed up.
+
+EOM
+else
+/usr/sbin/sendmail $SENDTO <<EOM
+Subject: $SUBJECT (unknown)
+To: $SENDTO
+
+
+The backup daemon on boxdevel.fluffy.co.uk reported an unknown error.
+
+==========================
+FILES MAY NOT BE BACKED UP
+==========================
+
+Please check the logs on boxdevel.fluffy.co.uk.
+
+EOM
+fi
+</pre>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/005-006.html
===================================================================
--- box/boxbackup-web/005-006.html (rev 0)
+++ box/boxbackup-web/005-006.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Changing configuration from 0.05 to 0.06</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Upgrading from 0.05 to 0.06</h1>
+
+<p><b>A 0.06 server requires all clients to be version 0.06 too.</b> Existing backup store accounts
+are compatible with 0.06, and do not require conversion.</p>
+
+<p>Once a 0.06 client has made changes to a store, it can no longer be read by a previous version, since
+new files will be encrypted using AES. In addition, there has been a format change which is incompatible.
+0.06 clients can read both old and new formats.</p>
+
+<p>The first time a 0.06 client connects to a store previously written by an older version, attribute data
+must be updated. This will result in a comparatively large amount of data transfer, about 120 bytes per file.
+This is because of a change in the way that attribute changes are detected, which is more
+efficient than the old version (after the initial conversion).</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/006-007.html
===================================================================
--- box/boxbackup-web/006-007.html (rev 0)
+++ box/boxbackup-web/006-007.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Changing configuration from 0.06 to 0.07</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Upgrading from 0.06 to 0.07</h1>
+
+<h2>Client</h2>
+
+<p>The following command has been added to the <tt>bbackupd.conf</tt> configuration file:</p>
+
+<pre>
+ SyncAllowScript = /path/to/intepreter/or/exe script-name parameters etc
+</pre>
+<p>Use this to temporarily stop bbackupd from syncronising or connecting to the store.
+This specifies a program or script script which is run just before each sync, and ideally
+the full path to the interpreter. It will be run as the same user bbackupd is running as,
+usually root.</p>
+<p>The script prints either "now" or a number to STDOUT (and a terminating newline, no quotes).
+If the result was "now", then the sync will happen. If it's a number, then the script will
+be asked again in that number of seconds.</p>
+<p>For example, you could use this on a laptop to only backup when on a specific network.</p>
+
+
+<h2>Server -- non-RAID configurations only</h2>
+
+<p>Version 0.06 and below had a bug where the space used on the server was incorrect if (and only
+if) you were running it in non-userland RAID mode (that is, only specify one directory to
+<tt>raidfile-config</tt>). Space used would be 50% greater than actually used, meaning that housekeeping would trim files from the accounts prematurely.</p>
+
+<p>This bug has been fixed, but you need to correct the store accounts on the server to get the storage spaced, and hence the housekeeping, working correctly.</p>
+
+<p>Firstly, upgrade the server. Make sure the bbstored daemon is stopped, then for each account do</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts check 12345 fix
+</pre>
+
+<p>where 12345 is the account number. Then, start the server again. After housekeeping has run, which will take a few minutes, the accounts should be corrected, and <tt>bbstoreaccounts</tt> and the <tt>usage</tt> command within <tt>bbackupquery</tt> will report the correct size.</p>
+
+<p>RAID disc sets don't need to do this as the bug only affected non-RAID configurations.</p>
+
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/accounts.html
===================================================================
--- box/boxbackup-web/accounts.html (rev 0)
+++ box/boxbackup-web/accounts.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup certificates and accounts</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+
+<h1>Box Backup certificates and accounts</h1>
+
+<p>There are two steps involved to create an account. You need to create the account on the
+server, and sign a certificate to give the client permission to connect to the server.</p>
+
+<p>Running a Certification Authority for TLS (SSL) connections is not trivial. However,
+I have written a script to do most of the work in a way which is good enough for most
+deployments.</p>
+
+<h2>Warning about clock times</h2>
+
+<p>SSL certificates contain validity dates, including a "valid from" time. If the clock on the
+machine which signs the certificates is not syncronised to the clocks of the machines using these
+certificates, you will probably get strange errors until the start time is reached on all
+machines.</p>
+
+<p>If you get strange errors when attempting to use new certificates, check the clocks! You will
+probably just need to wait a while until the certificates become valid, rather than having to
+regenerate them.</p>
+
+<h2>Set up CA</h2>
+
+<p>It's best to do this on a machine other than your server, probably without direct network access.
+The contents of this directory control who can access your backup store server.</p>
+
+<p>To setup the basic key structure, do</p>
+
+<pre>
+/usr/local/bin/bbstored-certs ca init
+</pre>
+
+<p>(See <a href="openssl.html">OpenSSL notes</a> if you get an OpenSSL error)</p>
+
+<p>This creates the directory 'ca' in the current directory, and initialises it with basic keys.</p>
+
+<h2>Sign a server certificate</h2>
+
+<p>When you use the <tt>bbstored-config</tt> script to set up a config file for a server, it will
+generate a certificate request (CSR) for you. Transfer it to the machine with your CA, then do</p>
+
+<pre>
+/usr/local/bin/bbstored-certs ca sign-server hostname-csr.pem
+</pre>
+
+<p>which signs the certificate for the server. Follow the instructions in the output on which files to install
+on the server. The CSR file is now no longer needed. Make sure you run this command from the directory above
+the directory 'ca'.</p>
+
+<h2>Setting up an account.</h2>
+
+<p>Choose an account number for the user. This must be unique on the server, and is presented as a 31 bit
+number in hex greater than 0, for example, 1 or 75AB23C. Then on the backup store server, create the account
+with</p>
+
+<pre>
+/usr/local/bin/bbstoreaccounts create 75AB23C 0 4096M 4505M
+</pre>
+
+<p>This looks complicated. The numbers are, in order...</p>
+<ul>
+<li>The account number allocated (hex)
+<li>The RAID disc set (0 if you use raidfile-config and don't add a new set)
+<li>Soft limit (size)
+<li>Hard limit (size)
+</ul>
+
+<p>The sizes are are specified in Mb, Gb, or blocks, depending on the suffix. <tt>1M</tt> specifies 1 Mb,
+<tt>1G</tt> specifies 1 Gb, and <tt>1B</tt> specifies 1 block, the size of which depends on how you have
+configured the raidfile system with <tt>raidfile-config</tt>.</p>
+
+<p>In this example, I have allocated 4Gb (assuming you use 2048 byte blocks as per my example) as the soft limit,
+and 4Gb + 10% as the hard limit.</p>
+
+<p><b>NOTE</b> The sizes specified here are pre-RAID. So if you are using userland RAID, you are
+actually allocating two-thirds of this amount. This means that, when you take compression into account, that
+if you allocate 2Gb on the server, it'll probably hold about 2Gb of backed up files (depending on the
+compressability of those files).</p>
+
+<p>The backup client will (voluntarily) try not to upload more data than is allowed by the soft limit.
+The store server will refuse to accept a file if it would take it over the hard limit, and when doing
+housekeeping for this account, try and delete old versions and deleted files to reduce the space taken
+to below the soft limit.</p>
+
+<p>This command will create some files on disc in the raid file directories (if you run as root, the utility will
+change to the user specified in the bbstored.conf file to write them) and update the accounts file. A server
+restart is not required.</p>
+
+<p><b>NOTE</b> If you get a message saying '<tt>Exception: RaidFile (2/8)</tt>', the directories you specified
+in the raidfile.conf are not writable by the _bbstored user -- fix it, and try again.</p>
+
+<p>Finally, tell the user their account number, and the hostname of your server. They will use this to
+set up the backup client, and send you a CSR. This has the account number embedded in it, and you should
+be sure that it has the right account number in it.</p>
+
+<p>Sign this CSR with</p>
+
+<pre>
+/usr/local/bin/bbstored-certs ca sign 75AB23C-csr.pem
+</pre>
+
+<p>Don't forget to check that the embedded account number is correct! Then send the two files back to the user,
+as instructed by the script.</p>
+
+<p>Please read the <a href="trouble.html">Troubleshooting</a> page if you have problems.</p>
+
+
+<h2>Finding disc space used, and changing limits.</h2>
+
+<p>To display the space used on the server for an account, use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts info 75AB23C
+</pre>
+
+<p>To adjust the soft and hard limits on an account, use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts setlimit 75AB23C new-soft-limit new-hard-limit
+</pre>
+
+<p>You do not need to restart the server if the limits are changed.</p>
+
+
+<h2>Deleting an account</h2>
+
+<p>To remove an account, deleting all the stored files on the server and removing
+the account information which allows a client to log in, use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts delete 75AB23C
+</pre>
+
+<p>This will ask for confirmation. Append <tt>yes</tt> to the command to delete
+without confirmation.</p>
+
+
+<h2>Verifying a store account</h2>
+
+<p>To check that a store account is not corrupt, and optionally fix any errors,
+use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts check 75AB23C
+ /usr/local/bin/bbstoreaccounts check 75AB23C fix
+</pre>
+
+<p>The second command will fix errors it finds, the first will merely report them.</p>
+
+<p>Append <tt>quiet</tt> to reduce the amount of output, although errors are always reported.</p>
+
+<p>See <a href="serverfix.html">fixing problems with corruption on the server</a> for more information.</p>
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
+
+
Added: box/boxbackup-web/bbackupctl.html
===================================================================
--- box/boxbackup-web/bbackupctl.html (rev 0)
+++ box/boxbackup-web/bbackupctl.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Controlling a backup client</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Controlling a backup client</h1>
+
+<p>The <tt>bbackupctl</tt> program sends control commands to the <tt>bbackupd</tt>
+daemon. It must be run as the same user as the daemon, and there is no exception for
+root.</p>
+
+<p>The command line syntax is</p>
+
+<pre>
+ /usr/local/bin/bbackupctl [-q] [-c config-file] command
+</pre>
+
+<p>The <tt>-q</tt> option reduces the amount of output the program emits, and
+<tt>-c</tt> allows an alternative configuration file to be specified.</p>
+
+<p>Valid commands are</p>
+
+<dl>
+<dt>terminate
+<dd>Stop the <tt>bbackupd</tt> daemon now (equivalent to <tt>kill</tt>)
+
+<dt>reload
+<dd>Reload the configuration file (equivalent to <tt>kill -HUP</tt>)
+
+<dt>sync
+<dd>Connect to the server and syncronise files now. (See below)
+</dl>
+
+<p>It communicates with the server via a UNIX domain socket, specified in
+<tt>bbackupd.conf</tt> with the <tt>CommandSocket</tt> directive. This does not
+need to be specified, and <tt>bbackupd</tt> will run without the command socket,
+but in this case <tt>bbackupctl</tt> will not be able to communicate with the daemon.</p>
+
+<p>Some platforms cannot check the user id of the connecting process, so this
+command socket becomes a denial of service security risk. <tt>bbackupd</tt> will
+warn you when it starts up if this is the case on your platform, and you should
+consider removing the <tt>CommandSocket</tt> directive on these platforms.</p>
+
+
+<h2>Using bbackupctl to perform snapshots</h2>
+
+<p><tt>bbackupctl</tt>'s main purpose is to implement snapshot based backups,
+emulating the behaviour of traditional backup software.</p>
+
+<p>Use <tt>bbackupd-config</tt> to write a configuration file in <tt>snapshot</tt>
+mode, and then run the following command as a cron job.</p>
+
+<pre>
+ /usr/local/bin/bbackupctl -q sync
+</pre>
+
+<p>This will cause the backup daemon to upload all changed files immediately.
+<tt>bbackupctl</tt> will exit almost immediately, and will not output anything
+unless there is an error.</p>
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/bbstyles.css
===================================================================
--- box/boxbackup-web/bbstyles.css (rev 0)
+++ box/boxbackup-web/bbstyles.css 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,79 @@
+body {
+ font-family: Verdana, Geneva, Arial, sans-serif;
+ background-color: #edeef3;
+ margin: 0 }
+
+#header {
+ background-color: #e4e6ed;
+ text-align: left;
+ padding-top: 10px;
+ position: relative;
+ top: 20px;
+ width: 100%;
+ border-top: 1px solid #c4c4d5;
+ border-bottom: 1px solid white }
+
+#logo {
+ position: relative;
+ margin-left: 180px }
+
+
+#page {
+ font-size: .75em;
+ line-height: 180%;
+ text-align: left;
+ margin-top: 50px;
+ margin-right: 100px;
+ margin-left: 250px;
+ position: relative;
+ width: auto }
+
+tr,td {font-size: 1em;
+ line-height: 180%;
+ text-align: left;
+ background-color: #e4e6ed;
+ padding: 4px }
+
+pre, tt { font-size: 1.3em;
+ color: #088;
+ letter-spacing: 1px;
+ word-spacing: 2px}
+
+h1 {
+ color: #c00;
+ font-size: medium;
+ margin-bottom: 2em;
+ margin-left: -4em }
+
+h2 {
+ color: #324e95;
+ font-size: small;
+ margin-top: 2em;
+ margin-left: -4em }
+
+dt { font-weight: bold }
+
+ul {
+ list-style-image: url(images/arrow.png) }
+
+ul li {
+ background-color: #e4e6ed;
+ margin: 1em 6em 1em -2em;
+ padding: 0.2em 0.5em 0.2em 1em;
+ border-style: solid;
+ border-width: 1px;
+ border-color: #c4c4d5 #fff #fff #c4c4d5 }
+
+a:link {
+ color: #324e95;
+ text-decoration: none;
+ background-color: transparent }
+
+a:visited {
+ color: #90c;
+ text-decoration: none }
+
+a:hover {
+ color: #c00;
+ text-decoration: underline;
+ background-color: transparent }
\ No newline at end of file
Added: box/boxbackup-web/client.html
===================================================================
--- box/boxbackup-web/client.html (rev 0)
+++ box/boxbackup-web/client.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,270 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup client configuration</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+
+<h1>Box Backup client configuration</h1>
+
+<h2>Before you start</h2>
+
+<p>Before you can do any configuration, you need to know the hostname of the server
+you will be using, and your account number on that server.</p>
+
+<p>Later in the process, you will need to send a certificate request to the administrator
+of that server for it to be signed.</p>
+
+<p>Installation is covered in the <a href="install.html">compiling and installing</a> section.
+You only need the backup-client parcel.</p>
+
+<p><b>It is important that you read all the output of the config scripts.</b> See the end
+of this page for an example.</p>
+
+<p>The backup client has to be run as root, because it needs to read all your files to
+back them up, although it is possible to back up a single user's files by running it as that user.
+(Tip: specify a directory other than /etc/box, and then give the alternate config file
+as the first argument to bbackupd). However, it will fall over if you don't give yourself
+read access to one of your files.</p>
+
+<h2>Step 1</h2>
+
+<p>Run the <tt>bbackupd-config</tt> script to generate the configuration files
+and generate a private key and certificate request.</p>
+
+<pre>
+/usr/local/bin/bbackupd-config /etc/box lazy <b>999</b> <b>hostname</b> /var/bbackupd <b>/home</b>
+</pre>
+
+<p>(See <a href="openssl.html">OpenSSL notes</a> if you get an OpenSSL error)</p>
+
+<p>The items in bold need to be changed. In order, they are the account number, the hostname
+of the server you're using, and finally, the directories you want backed up. You can include as
+many you want here.</p>
+
+<p>However, the directories you specify <b>must not</b> contain other mounted file systems within them
+at any depth. Specify them separately, one per mount point. No checks are currently made to
+catch bad configuration of this nature!</p>
+
+<p>You may also want to consider changing the mode from <i>lazy</i> to <i>snapshot</i>, depending on
+what your system is used for.</p>
+
+<dl>
+<dt>lazy
+<dd>This mode regularly scans the files, with only a rough schedule. It uploads files as and
+when they are changed, if the latest version is more than a set age. This is good for backing up
+user's documents stored on a server, and spreads the load out over the day.
+<dt>snapshot
+<dd>This mode emulates the traditional backup behaviour of taking a snapshot of the filesystem.
+The backup daemon does absolutely nothing until it is instructed to make a backup using the
+<tt>bbackupctl</tt> utility (probably as a cron job), at which point it uploads all files which
+have been changed since the last time it uploaded.
+</dl>
+
+<p>When you run the config script, it will tell you what you need to do next. Don't forget to read
+all the output. An example is shown at the end of this page, but the instructions for your installation
+may be different.</p>
+
+<h2>Step 2</h2>
+
+<p>After you have sent your certificate request off to the server administrator and received your
+certificate and CA root back, install them where instructed by the <tt>bbackupd-config</tt> script in step 1.</p>
+
+<p>You can then run the daemon (as root) by typing <tt>/usr/local/bin/bbackupd</tt>, and of course, adding
+it to your system's startup scripts. The first time it's run it will upload everything. Interrupting
+it and restarting it will only upload files which were not uploaded before - it's very tolerant.</p>
+
+<p>If you run in snapshot mode, you will need to add a cron job to schedule backups. The config
+script will tell you the exact command to use for your system.</p>
+
+<p>Please read the <a href="trouble.html">Troubleshooting</a> page if you have problems.</p>
+
+
+<p><b>Remember</b> to make a traditional backup of the keys file, as instructed. You cannot restore
+files without it.</p>
+
+<p>It is recommended that you backup up all of <tt>/etc/box</tt> as it will make things easier if you
+need to restore files. But only the keys are absolutely essential.</p>
+
+<p>If you want to see what it's doing in more detail (probably a good idea), follow the instructions in the server setup
+to create new log files with syslog.</p>
+
+
+<h2>Adding and removing backed up locations</h2>
+
+<p>By editing the <tt>/etc/box/bbackupd.conf</tt> file, you can add and remove directories
+to back up -- see comments in this file for help. Send <tt>bbackupd</tt> a HUP signal after you modify it.</p>
+
+<p>When you remove a location, it will not be marked as deleted immediately. Instead,
+<tt>bbackupd</tt> waits about two days before doing so, just in case you change your mind.
+After this, it will be eventually removed from the store by the housekeeping process.</p>
+
+
+<h2>Run as root</h2>
+
+<p>The backup client is designed to be run as root. It is possible to
+<a href="nonroot.html">run without root</a>, but this is not recommended.</p>
+
+
+<h2>Clock synchronisation for file servers</h2>
+
+<p>If you are using the backup client to backup a filesystem served from a fileserver,
+you should ideally ensure that the fileserver clocks are synchronised with the fileserver.</p>
+
+<p><tt>bbackupd</tt> will cope perfectly well if the clocks are not synchronised. Errors up
+to about half an hour cause no problems. Larger discrepancies cause a loss of efficiency
+and the potential to back up a file during a write process.</p>
+
+<p>There is a configuration parameter <tt>MaxFileTimeInFuture</tt>, which specifies how far
+in the future a file must be for it to be uploaded as soon as it is seen. You should not need
+to adjust this (default is 2 days). Instead, get those clocks synchronised.</p>
+
+
+<h2>Excluding files and directories from the backup</h2>
+
+<p>Within the <tt>bbackupd.conf</tt> file, there is a section named
+<tt>BackupLocations</tt> which specifies which locations on disc should be backed up.
+It has subsections, each of which is in the format</p>
+
+<pre>
+ <i>name</i>
+ {
+ Path = <i>/path/of/directory</i>
+ <i>(optional exclude directives)</i>
+ }
+</pre>
+
+<p><i>name</i> is derived from the Path by the config script, but should merely be
+unique.</p>
+
+<p>The exclude directives are of the form</p>
+
+<pre>
+ [Exclude|AlwaysInclude][File|Dir][|sRegex] = regex or full pathname
+</pre>
+
+<p>(The regex suffix is shown as 'sRegex' to make File or Dir plural)</p>
+
+<p>For example:</p>
+
+<pre>
+ ExcludeDir = /home/guest-user
+ ExcludeFilesRegex = *.(mp3|MP3)\$
+ AlwaysIncludeFile = /home/username/veryimportant.mp3
+</pre>
+
+<p>This excludes the directory /home/guest-user from the backup along with all mp3
+files, except one MP3 file in particular.</p>
+
+<p>In general, Exclude excludes a file or directory, unless the directory is
+explicitly mentioned in a AlwaysInclude directive.</p>
+
+<p>If a directive ends in Regex, then it is a regular expression rather than a
+explicit full pathname. See</p>
+
+<pre>
+ man 7 re_format
+</pre>
+
+<p>for the regex syntax on your platform.</p>
+
+
+
+
+<h2>Example configuration output</h2>
+
+<p>This is an example of output from the bbstored-config script. <b>Important:</b>
+Follow the instructions output by your script, not the ones here -- they may be different
+for your system.</p>
+
+<pre>
+# /usr/local/bin/bbackupd-config /etc/box lazy 51 server.example.com /var/bbackupd /home /etc/samba
+
+Setup bbackupd config utility.
+
+Configuration:
+ Writing configuration file: /etc/box/bbackupd.conf
+ Account: 51
+ Server hostname: server.example.com
+ Directories to back up:
+ /home
+ /etc/samba
+
+Note: If other file systems are mounted inside these directories, then problems may occur
+with files on the store server being renamed incorrectly. This will cause efficiency
+problems, but not affect the integrity of the backups.
+
+WARNING: Directories not checked against mountpoints. Check mounted filesystems manually.
+
+Creating /etc/box...
+Creating /etc/box/bbackupd
+Generating private key...
+ [OpenSSL output omitted]
+
+Generating keys for file backup
+Writing notify script /etc/box/bbackupd/NotifyStoreFull.sh
+Writing configuration file /etc/box/bbackupd.conf
+
+===================================================================
+
+bbackupd basic configuration complete.
+
+What you need to do now...
+
+1) Make a backup of /etc/box/bbackupd/51-FileEncKeys.raw
+ This should be a secure offsite backup.
+ Without it, you cannot restore backups. Everything else can
+ be replaced. But this cannot.
+ KEEP IT IN A SAFE PLACE, OTHERWISE YOUR BACKUPS ARE USELESS.
+
+2) Send /etc/box/bbackupd/51-csr.pem
+ to the administrator of the backup server, and ask for it to
+ be signed.
+
+3) The administrator will send you two files. Install them as
+ /etc/box/bbackupd/51-cert.pem
+ /etc/box/bbackupd/serverCA.pem
+ after checking their authenticity.
+
+4) You may wish to read the configuration file
+ /etc/box/bbackupd.conf
+ and adjust as appropraite.
+
+ There are some notes in it on excluding files you do not
+ wish to be backed up.
+
+5) Review the script
+ /etc/box/bbackupd/NotifyStoreFull.sh
+ and check that it will email the right person when the store
+ becomes full. This is important -- when the store is full, no
+ more files will be backed up. You want to know about this.
+
+6) Start the backup daemon with the command
+ /usr/local/bin/bbackupd
+ in /etc/rc.local, or your local equivalent.
+ Note that bbackupd must run as root.
+
+===================================================================
+
+Remember to make a secure, offsite backup of your backup keys,
+as described in step 1 above. If you do not, you have no backups.
+</pre>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
+
Added: box/boxbackup-web/comparison.html
===================================================================
--- box/boxbackup-web/comparison.html (rev 0)
+++ box/boxbackup-web/comparison.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,186 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Comparisons to other backup systems</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Comparisons to other backup systems</h1>
+
+<p>Within this document, <i>encrypted</i> and <i>on-line</i> are used in very specific ways to describe backup systems.</p>
+
+<dl>
+<dt>encrypted</dt>
+<dd>The data to be backed up is transmitted and stored on the server so that the data can only be recovered if secret encryption keys are available.</dd>
+
+<dt>on-line</dt>
+<dd>The backup server does not use tape or any other removable archive media. All data is stored within the server file system on conventional hard discs, and every (current) file is always available.</dd>
+</dl>
+
+<p>Only backup systems which are both encrypted and on-line are compared in depth. Other systems have brief notes at the end of this document.</p>
+
+<p>Please email me with any systems I have missed, or corrections to my analysis. This is not intended to promote Box Backup, but as an objective comparison to allow you to decide which system to adopt.</p>
+
+<h2>Encrypted, on-line systems</h2>
+
+<table border="0" cellspacing="4" cellpadding="1">
+<tr><td></td><td><b>Box Backup</b></td>
+<td><b><a href="http://www.nongnu.org/duplicity/">duplicity</a></b></td>
+<td><b><a href="http://miek.nl/projects/hdup16/hdup16.html">hdup</a></b></td>
+</tr>
+
+<tr><td>Development status
+</td><td>stable, under development, not feature complete</td>
+<td>"not stable yet" <a href="http://www.nongnu.org/duplicity/#ToC4">(details)</a></td>
+<td>stable, maintainance only</td>
+</tr>
+
+<tr><td>Changes only when uploading new versions of existing files (like rsync)
+</td><td>yes</td>
+<td>yes</td>
+<td>no</td>
+</tr>
+
+<tr><td>Connects to server using
+</td><td>TLS (SSL)</td>
+<td>ssh/scp, local file access, rsync, ftp</td>
+<td>ssh, local files</td>
+</tr>
+
+<tr><td>Authentication
+</td><td>SSL certificates (client and server)</td>
+<td>Traditional file storage accounts on server (eg unix username,
+virtual FTP etc)</td>
+<td>Traditional file storage accounts on server (eg unix username,
+virtual FTP etc)</td>
+</tr>
+
+<tr><td>Dependencies
+</td><td>OpenSSL</td>
+<td>Python installation, librsync, GnuPG, remote shell</td>
+<td>ssh, mcrypt/GPG, GNU tar</td>
+</tr>
+
+<tr><td>Signed data storage
+</td><td>Implicit</td>
+<td>Explicit with GnuPG</td>
+<td>Implicit/Explicit with GnuPG</td>
+</tr>
+
+<tr><td>Scheduling
+</td><td>Self-contained with randomised element to avoid cyclic server loading, or cron job</td>
+<td>cron job</td>
+<td>cron job</td>
+</tr>
+
+<tr><td>Continuous backup
+</td><td>Yes -- backs up files a configured time after being changed, or...<br>No -- in snapshot mode</td>
+<td>No -- takes a snapshot of the filesystem when it is run</td>
+<td>No -- takes a snapshot of the filesystem when it is run</td>
+</tr>
+
+<tr><td>Handling of old versions and deleted files
+</td><td>Old and deleted files remain on server until store reaches a set limit, after which they are removed. No particular limits on availiability apart from this size limit.</td>
+<td>Full and incremental backups, deletion by user scripts</td>
+<td>Monthly full backups, weekly and daily incremental, deletion of archives by user scripts</td>
+</tr>
+
+<tr><td>Resources used on client
+</td><td>Few Mb of memory, very small amount of disc space</td>
+<td>Status and checksums for all files backed up, plus potentially large temporary files. (however, disc space is cheap, so this is not an issue unless the clients are older machines with small hard drives)</td>
+<td>Minimal (latest versions can stream archives directly to server)</td>
+</tr>
+
+<tr><td>Resources used on server
+</td><td>Disc space</td>
+<td>Disc space, remote shell server, UNIX accounts</td>
+<td>Disc space, ssh, UNIX accounts</td>
+</tr>
+
+<tr><td>Redundant storage on server
+</td><td>Optional built in userland RAID storage</td>
+<td>Relies on OS to provide RAID</td>
+<td>Relies on OS to provide RAID</td>
+</tr>
+
+<tr><td>Restore
+</td><td>FTP-like client, or simple command to restore entire directories</td>
+<td>Simple command to restore entire directories, fetch files or directories by name.</td>
+<td>Simple command to restore entire directories, fetch files or directories by name, will fetch entire archives for single files.</td>
+</tr>
+
+</table>
+
+
+<h2>Other systems</h2>
+
+<table border="0" cellspacing="4" cellpadding="1">
+
+<tr><td></td><td>Encrypted?</td><td>On-line?</td><td>Network</td><td>Notes</td></tr>
+
+<tr><td><a href="http://www.amanda.org/">Amanda</a></td>
+<td>no</td>
+<td>no</td>
+<td>LAN</td>
+<td>The classic network backup system</td>
+</tr>
+
+<tr><td><a href="http://www.bacula.org/">Bacula</a></td>
+<td>no</td>
+<td>yes</td>
+<td>LAN</td>
+<td>Comprehensive job control. Stores lists of backed up files in a database for faster retrieval.
+Can backup to disk as well as tape. Supports encrypted transfer, but not storage.</td>
+</tr>
+
+<tr><td><a href="http://rdiff-backup.stanford.edu/">rdiff-backup</a></td>
+<td>no</td>
+<td>yes</td>
+<td>Remote</td>
+<td>"The idea is to combine the best features of a mirror and an incremental backup."</td>
+</tr>
+
+<tr><td><a href="http://www.rsnapshot.org/">rsnapshot</a></td>
+<td>no</td>
+<td>yes</td>
+<td>Remote</td>
+<td>Perl script. Pulls files over ssh from the source server to the backup server. Creates efficient
+snapshots of the source filesystem.</td>
+</tr>
+
+<tr><td><a href="http://samba.anu.edu.au/rsync/">rsync</a></td>
+<td>no</td>
+<td>yes</td>
+<td>Remote</td>
+<td>Requires extra scripts for automatic scheduling and old version archival. May be less efficient than Box Backup, as it needs to check for existence of every file on the remote side, whereas Box Backup keeps an efficient record.</td>
+</tr>
+
+<tr><td><a href="http://www.mondorescue.org/">Mondo Rescue</a></td>
+<td>no</td>
+<td>no</td>
+<td>n/a</td>
+<td>Backup to local media, aimed at full system recovery.</td>
+</tr>
+
+
+</table>
+
+<p>"Network" is marked as LAN if the system uses so much bandwidth it can only be used on a LAN, Remote if it uses bandwidth conservation techniques which make it suitable for use over an internet connection.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
+
Added: box/boxbackup-web/description.html
===================================================================
--- box/boxbackup-web/description.html (rev 0)
+++ box/boxbackup-web/description.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Description of Box Backup</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Description of Box Backup</h1>
+
+<p>The backup daemon, <tt>bbackupd</tt>, runs on all machines to be backed up. The store server daemon, <tt>bbstored</tt> runs on a central server. Data is sent to the store server, which stores all data on local filesystems, that is, only on local hard drives. Tape or other archive media is <b>not used.</b></p>
+
+<p>The system is designed to be easy to set up and run, and cheap to use. Once set up, there should be no need for user or administrative intervention, apart from usual system maintenance.</p>
+
+<h2>Client daemon</h2>
+
+<p><tt>bbackupd</tt> is configured with a list of directories to back up. It has a <b>lazy</b> approach to backing up data. Every so often, the directories are scanned, and new data is uploaded to the server. This new data must be over a set age before it is uploaded. This prevents rapid revisions of a file resulting in many uploads of the same file in a short period of time.</p>
+
+<p>It can also operate in a <b>snapshot</b> mode, which behaves like traditional backup software. When instructed by an external <tt>bbackupctl</tt> program, it will upload all changed files to the server.</p>
+
+<p>The daemon is always running, although sleeping most of the time. In lazy mode, it is completely self contained -- scripts running under cron jobs are not used. The objective is to keep files backed up, not to make snapshots of the filesystem at particular points in time available.</p>
+
+<p>If an old version of the file is present on the server, a modified version of the rsync algorithm is used to upload only the changed portions of the file.</p>
+
+<p>After a new version is uploaded, the old version is still available (subject to disc space on the server). Similarly, a deleted file is still available. The only limit to their availability is space allocated to this account on the server.</p>
+
+<p>Future versions will add the ability to mark the current state of files on the server, and restore from this mark. This will emulate the changing of tapes in a tape backup system.</p>
+
+<h2>Restoration</h2>
+
+<p>Restoring files is performed using a query tool, <tt>bbackupquery</tt>. This can be used to restore entire directories, or as an 'FTP-like' tool to list and retrieve individual files. Old versions and deleted files can be retrieved using this tool for as long as they are kept on the server.</p>
+
+<h2>Client resource usage</h2>
+
+<p><tt>bbackupd</tt> uses only a minimal amount of disc space to store records on uploaded files -- less than 32 bytes per directory and file over a set size threshold. However, it minimises the amount of queries it must make to the server by storing, in memory, a data structure which allows it to determine what data is new. It does not need to store a record of all files, essentially just the directory names and last modification times. This is not a huge amount of memory.</p>
+
+<p>If there are no changes to the directories, then the client will not even connect to the server.</p>
+
+<h2>Encryption</h2>
+
+<p>The files, directories, filenames and file attributes are all encrypted. By examining the stored files on the server, it is only possible to determine the approximate sizes of a files and the tree structure of the disc (not names, just number of files and subdirectories in a directory). By monitoring the actions performed by a client, it is possible to determine the frequency and approximate scope of changes to files and directories.</p>
+
+<p>The connections between the server and client are encrypted using TLS (latest version of SSL). Traffic analysis is possible to some degree, but limited in usefulness.</p>
+
+<p>An attacker will not be able to recover the backed up data without the encryption keys. Of course, you won't be able to recover your files without the keys either, so you must make a conventional, secure, backup of these keys.</p>
+
+<h2>Authentication</h2>
+
+<p>SSL certificates are used to authenticate clients. UNIX user accounts are not used to minimise the dependence on the configuration of the operating system hosting the server.</p>
+
+<p>A script is provided to run the necessary certification authority with minimal effort.</p>
+
+<h2>Server daemon</h2>
+
+<p>The server daemon is designed to be simple to deploy, and run on the cheapest hardware possible. To avoid the necessity to use expensive hardware RAID or software RAID with complex setup, it (optionally) stores files using RAID techniques.</p>
+
+<p>It does not need to run as a privileged user.</p>
+
+<p>Each account has a set amount of disc space allocated, with a soft and a hard limit. If the account exceeds the soft limit, a housekeeping process will start deleting old versions and deleted files to reduce the space used to below the soft limit. If the backup client attempts to upload a file which causes the store to exceed the hard limit, the upload will be refused.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/images/arrow.png
===================================================================
(Binary files differ)
Property changes on: box/boxbackup-web/images/arrow.png
___________________________________________________________________
Name: svn:executable
+
Name: svn:mime-type
+ application/octet-stream
Added: box/boxbackup-web/images/bblogo.png
===================================================================
(Binary files differ)
Property changes on: box/boxbackup-web/images/bblogo.png
___________________________________________________________________
Name: svn:executable
+
Name: svn:mime-type
+ application/octet-stream
Added: box/boxbackup-web/images/stepahead.png
===================================================================
(Binary files differ)
Property changes on: box/boxbackup-web/images/stepahead.png
___________________________________________________________________
Name: svn:executable
+
Name: svn:mime-type
+ application/octet-stream
Added: box/boxbackup-web/index.html
===================================================================
--- box/boxbackup-web/index.html (rev 0)
+++ box/boxbackup-web/index.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,302 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup</h1>
+
+<p>An open source, completely automatic on-line backup system for UNIX.
+<ul>
+<li>All backed up data is stored on the server in files on a filesystem -- no tape or archive devices are used
+<li>The server is trusted only to make files available when they are required -- all data is encrypted
+<li>A backup daemon runs on systems to be backed up, and copies encrypted data to the server when it notices changes
+<li>Only changes within files are sent to the server, just like rsync
+<li>Old versions of files on the server are stored as changes from the current version
+<li>Behaves like tape -- old versions and deleted files are available
+<li>Choice of backup behaviour, optimised for document or server backup
+<li>Designed to be easy and cheap to run a server. Portable implementation, and RAID implemented in
+userland for reliability without complex server setup or expensive hardware. (optional)
+</ul>
+</p>
+
+<p>Project status: <b>Stable</b>, but not feature complete</p>
+
+<p><a href="description.html">More information</a>: what it is, and how it works.</p>
+
+<p><a href="comparison.html">Comparisons to other backup systems</a></p>
+
+<p>Distributed under a BSD license. Please read the <a href="license.html">license and commentary</a> now.</p>
+
+<h2>Development team</h2>
+
+<p>Main developers for 0.10: Martin Ebourne, Nick Knight, Jonathan Morton, Gary Niemcewicz, Ben Summers, Chris Wilson</p>
+
+<p>Pre-0.10: Ben Summers, <a href="mailto:ben@fluffy.co.uk">ben@fluffy.co.uk</a></p>
+
+
+<h2>Project status</h2>
+
+<p>This project should be considered as <b>stable, but not feature complete</b>. Over 18 months of testing
+suggests it will be reliable enough to will back up your data, and make it available for restoration.</p>
+
+<p>It has always been possible to <a href="retrieve.html">retrieve old versions</a> of files.
+Planned features will implement marked versions of the store to emulute backing up onto sets of tapes
+in a controlled manner. This will make restoration of old versions much easier, although in the case
+of retrieving a single old file will not make much difference to the usability as the FTP-like utility
+is already effective.</p>
+
+<p>Given that this is a backup system, I am being very conservative about when I consider it
+ready for production use. That said, I trust my data to it!
+However, as this is quite a young system compared to the alternatives, and operates in a slightly
+different manner, for production use I must recommend that you regularly
+<a href="restore.html">verify your backups</a>.</p>
+
+<p>The documentation is not yet complete, and the error messages you get when things
+go wrong are not as clear as they should be. (see the <a href="trouble.html">troubleshooting</a> page.)
+Please <b>follow the instructions</b> carefully and read everything to avoid problems -- following the
+instructions on this web site will result in a working installation.</p>
+
+
+<h2>Why online backup?</h2>
+
+<p>Because tape is not a reliable solution, unless you...</p>
+<ul>
+<li>spend lots of money on hardware and tapes (cheap hardware is not reliable)
+<li>change the tape daily
+<li>store the tapes off-site
+</ul>
+<p>which is hardly likely to happen in real life.</p>
+
+<p>Backing up to media such as CDROMs is not really a solution either. It needs to be something which
+just happens without user intervention, and without media which is liable to be corrupted.</p>
+
+<p>So, for the same price as a decent tape backup system, you could buy a server with three big hard discs.
+And for the money you spend on tapes per year (you do replace them regularly, don't you?), you could host
+it in a nice data centre somewhere.</p>
+
+<p>We all have internet connections these days, so connectivity isn't really a problem.
+Although it might be best to archive those
+static files, like MP3s and images, to CDROM or something.</p>
+
+<p>The costs are even less if you pool resources amongst a group of friends. Remember, you don't have
+to trust the server admin to not look at your files as they're encrypted. You just have to trust them to
+make the files available when you need them.</p>
+
+<h2>Mailing list</h2>
+
+<p>Please join the project mailing list, boxbackup@fluffy.co.uk, for announcements of new versions
+and discussion of the system. Join at the <a href="http://lists.warhead.org.uk/mailman/listinfo/boxbackup">sign up page</a>.</p>
+
+<p>Many thanks to <a href="http://www.warhead.org.uk">Alaric</a> for hosting this list.</p>
+
+<h2>Implementation</h2>
+
+<p>There are three main elements</p>
+<ul>
+<li>bbstored -- backup store server.
+<li>bbackupd -- backup client daemon, which scans for changes and uploads them to the server.
+<li>bbackupquery -- backup query and restore tool.
+</ul>
+<p>Running the store server is a multi-step process, but the backup client is easy.</p>
+
+<p>TLS (SSL revised) is used to encrypt connections, and more importantly, to authenticate servers
+and clients with both server and client side certificates. Scripts are provided to generate and
+manage these certificates.</p>
+
+<p>Stored files are encrypted using AES for file data and Blowfish for metadata. This does mean that the one thing you do need to
+back up off-site and look after is a 1k file containing your keys -- the data on the server is useless
+without it. But it never changes, so that's OK.</p>
+
+<h2>Platforms</h2>
+
+<p>I develop under Darwin and deploy on OpenBSD. The software is designed to take advantage of BSD features
+where useful, but not to rely on them. It should be easily portable to other UNIX like operating
+systems. Ports are available for the following platforms:</p>
+<ul>
+<li><b>OpenBSD</b> (primary platform)
+<li><b>Linux</b>
+<li><b>NetBSD</b> (minor issues with dates on symlinks)
+<li><b>FreeBSD</b>
+<li><b>Darwin</b> / Mac OS X 10.5
+<li><b>Cygwin (Windows)</b> (client only)
+<li><b>Native Windows</b> (client only, not complete)
+<li><b>Solaris</b>
+</ul>
+<p>On these platforms, the software compiles and the tests pass. I do all my deployment on OpenBSD, but I know of
+several people who have had good results under Linux.</p>
+
+<p>More platforms will arrive over time. It takes in general a couple of hours to get it compiling on a BSD-like
+UNIX, and a bit longer on something like Linux which deviates from the BSD way of doing things.</p>
+
+<p>I welcome patches for other platforms, and volunteers to look after ports for a particular platform.
+Programmers notes describing how everything works are included
+in the <tt>notes</tt> directory within the distribution archive.</p>
+
+<h2>Related projects</h2>
+
+<p>There are a number of separate projects which are related to Box Backup. These include:</p>
+
+<p><b><a href="http://boxi.sourceforge.net/">Boxi</a></b> -- a cross platform GUI front end
+for Box Backup.</p>
+
+<h2>Download</h2>
+
+<p>Source only distribution. See documentation on this web site for compilation and installation notes.
+See <tt>notes</tt> directory inside distribution archive for programmers notes.</p>
+
+<p><tt><a href="http://prdownloads.sourceforge.net/boxbackup/boxbackup-0.10.tgz?download">boxbackup-0.10.tgz</a></tt> (823k, MD5=2dc02d87932fdb222ed019443ddcf444, released 23 February 2006)<br>
+(download via SourceForge)</p>
+
+<!--<p><tt><a href="bin/boxbackup-0.04.tgz">boxbackup-0.04.tgz</a></tt> (417k, released 16 Mar 2004)</p>-->
+
+<p><a href="006-007.html">Notes on upgrading from 0.06 to 0.07</a>,
+<a href="005-006.html">0.05 to 0.06</a>,
+<a href="004-005.html">0.04 to 0.05</a></p>
+
+<p><b>A 0.10 or later server requires all clients to be version 0.10 or later too.</b> Existing backup store accounts
+are compatible with 0.10, and do not require conversion.</p>
+
+<p><b>Changes:</b></p>
+<dl>
+<dt>0.10 (23 February 2006)
+<dd>Optimised diffing algorithm -- massive speed improvements<br>
+Improved diff timeout<br>
+Bug fixes<br>
+Solaris support<br>
+Portability improvements, including new autoconf based build<br>
+xattr support (on Linux and Darwin -- backs up resource forks under Mac OS X)<br>
+Readline usage clarified for licensing.<br>
+<i>Experimental</i>: Keep-alive on long diffing operations<br>
+<i>Experimental</i>: Save state for non-server use, speeds up first sync after bbackupd starts (not enabled by default)<br>
+<i>Experimental</i>: Native win32 port integrated into main source tree, fixes and improved build<br>
+<i>Experimental</i>: Support for MinGW and MSVC under Win32<br>
+<b>NOTE</b> Features are marked as experimental if no automated test exists. However, the developers have
+been running them on live systems. Win32 support is not totally complete.
+
+<dt>0.09 (06 December 2004)
+<dd>Maintenance release<br>
+Bug fixes and reliability changes<br>
+Add support for large files under Linux<br>
+Compile on new platforms<br>
+Solaris and Win32 ports for testing
+
+<dt>0.08 (23 September 2004)
+<dd>Minor bug fixes<br>
+Server stores old versions of files as patches from the current version<br>
+Adjust behaviour of client<br>
+Works under 64bit systems<br>
+Client recovers cleanly from corruption of its working files<br>
+Improvements to build system<br>
+Add contributed code for building RPMs
+
+<dt>0.07 (28 June 2004)
+<dd>Minor bug fixes<br>
+Improvements to build process, including better detection of environment on Linux, especially SuSE 9.x<br>
+Fix wrong space used sizes on store with non-RAID (<a href="006-007.html">see notes</a>)<br>
+Be more paranoid about crypto startup<br>
+Extra checking for file modifications<br>
+SyncAllowScript to allow temporary disabling of syncs, eg only backup from a laptop on certain network connections<br>
+Add force-sync command to bbackupctl, like sync but ignores AllowSyncScript
+
+<dt>0.06 (21 May 2004)
+<dd>Bug fixes<br>
+Use AES for file data<br>
+Cygwin port of client<br>
+Add usage command to bbackupquery<br>
+Add delete [yes] command to bbstoreaccounts<br>
+Add check [fix] [quiet] command to bbstoreaccounts<br>
+Deleted locations in conf file get deleted from server
+
+<dt>0.05 (10 Apr 2004)
+<dd>Bug fixes<br>
+Added configurable "max diffing time" parameter, improved speed of diffing algorithm in edge cases<br>
+Added support for old versions of OpenSSL -- experimental only (but appears to work fine)<br>
+Read errors on files and directories are reported neatly, and no longer abort the backup scan<br>
+NetBSD port fixed<br>
+Server more tolerant of being unexpectedly aborted
+
+<dt>0.04 (16 Mar 2004)
+<dd>Bug fixes and code clean up<br>
+Change to standard BSD license<br>
+Expanded error messages<br>
+Improved flexibility with backup timing, including the ability to do snapshot backups<br>
+Exclude files explictly or with regular expressions<br>
+More work arounds for memory issues with STL in gcc 2.95.x (the gcc 3 version is fine)<br>
+In bbackupquery, add a 'ls' alias, and include 'help' command to document all commands<br>
+The *-config programs are improved and validates options and the configuration more to catch common problems<br>
+bbackupd-config excludes keys file if it might be backed up<br>
+Add bbackupctl program for controlling bbackupd daemon<br>
+bbstoreaccounts takes sizes in blocks, Mb or Gb with unit suffix<br>
+Start and end of last sync recorded in bbackupd working dir<br>
+bbackupquery compares check last modification time to see if this explains any difference<br>
+bbackupd will run a script run to alert administator that store is full (the default script sends an email)
+
+<dt>0.03 (27 Jan 2004)
+<dd>Improvements to the build system, especially configuring for random Linux systems.<br>
+Worked round an issue with the gcc 2.95.x libraries which meant that the backup daemon
+slowly used more and more memory.<br>
+Efficiency improvements.
+
+<dt>0.02 (22 Jan 2004)
+<dd>First public release
+</dl>
+
+<h2>Documentation</h2>
+
+<div style="border:2px solid gray; padding:4px">
+The <a href="http://bbdev.fluffy.co.uk/trac/wiki">Box Backup wiki</a> contains user contributed
+documentation, based on the documents below. Please use it for up to date information about
+Box Backup.
+</div>
+
+<p>This is basic documentation, which will be improved. Note that configuration uses a number
+of scripts to do the hard work -- these all output a lot of detailed instructions on exactly
+what to do. Please read it.</p>
+<ul>
+<li><a href="license.html">License and commentary</a> -- please read
+<li><a href="install.html">Compilation and installation</a>
+<li><a href="client.html">Configuring a client</a>
+<li><a href="server.html">Configuring a server</a>
+<li><a href="accounts.html">Certificates and accounts management</a>
+<li><a href="restore.html">Verify and restore backups</a>
+<li><a href="retrieve.html">Retrieving deleted and old files</a>
+<li><a href="bbackupctl.html">Controlling a backup client</a>
+<li><a href="space.html">Checking the storage space used on the server</a>
+<li><a href="serverfix.html">Fixing problems with corruption on the server</a>
+<li><a href="nonroot.html">Running without root</a>
+<li><b><a href="trouble.html">Troubleshooting</a></b>
+</ul>
+
+
+<p>Programmers notes on how the system works can be found within the notes directory inside the
+distribution archive. In particular, read <tt>notes/backup_encryption.txt</tt> for details of how
+the encryption scheme works, and where to look in the code to verify it.</p>
+
+<h2>Planned future work</h2>
+
+<ul>
+<li>Mark state (marks the current state of the filesystem, to emulate a tape change and restoring from that tape later)
+<li>Bandwidth throttling with timed limits
+<li>Make a OpenBSD "port" for easy installation, when the system is stable enough for general use
+</ul>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004, 2006</p>
+<p> </p>
+<p>Web design by <a href="http://www.wpdfd.com">Joe Gillespie</a></p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/install.html
===================================================================
--- box/boxbackup-web/install.html (rev 0)
+++ box/boxbackup-web/install.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup compile and install</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup compile and install</h1>
+
+<p>In the following instructions, replace <tt>0.00</tt> with the actual version number
+of the archive you have downloaded.</p>
+
+<p>You need the latest version of OpenSSL, as some of the extra APIs it provides are required.
+You should have this anyway, as earlier versions have security flaws. (If you have an earlier
+version installed, the configuration script will give you instructions on enabling experimental
+support for older versions.)</p>
+
+<p>See <a href="openssl.html">OpenSSL notes</a> for more information on OpenSSL issues.</p>
+
+<p>There are some notes in the archive about compiling on various platforms within the
+<tt>boxbackup-0.00</tt> directory -- <b>read them first</b>. For example, if you are compiling under Linux,
+look for <tt>LINUX.txt</tt> as <tt>boxbackup-0.00/LINUX.txt</tt> after untaring the archive.</p>
+
+<p>Download the archive, then in that directory type</p>
+
+<pre>
+tar xvzf boxbackup-0.00.tgz
+cd boxbackup-0.00
+./configure
+make
+</pre>
+
+<p>The server and client will be built and packaged up for installation on this machine,
+or ready to be transferred as tar files to another machine for installation.</p>
+
+<p>This builds two parcels of binaries and scripts, 'backup-client' and 'backup-server'.
+The generated installation scripts assumes you want everything installed in
+<tt>/usr/local/bin</tt></p>
+
+<p>Optionally, type <tt>make test</tt> to run all the tests.</p>
+
+<h2>Local installation</h2>
+
+<p>Type <tt>make install-backup-client</tt> to install the backup client.</p>
+
+<h2>Remote installation</h2>
+
+<p>In the <tt>parcels</tt> directory, there are tar files for each parcel. The name reflects
+the version and platform you have built it for.</p>
+
+<p>Transfer this tar file to the remote server, and unpack it, then run the install script.
+For example:</p>
+
+<pre>
+tar xvzf boxbackup-0.00-backup-server-OpenBSD.tgz
+cd boxbackup-0.00-backup-server-OpenBSD
+./install-backup-server
+</pre>
+
+<h2>Configure options</h2>
+
+<p>You can use arguments to the <tt>configure</tt> script to adjust the compile and
+link lines in the generated Makefiles, should this be necessary for your platform.</p>
+
+<p>Arguments of the form <tt>compile:-option</tt> add the text <tt>-option</tt> to all
+compile statements, and arguments of the form <tt>link:-option</tt> add the text
+<tt>-option</tt> to all link statements.</p>
+
+<p>For example, the line</p>
+
+<pre>
+ ./configure compile:-I/usr/local/share/include link:-lspecial
+</pre>
+
+<p>would configure the system to also search the <tt>/usr/local/share/include</tt> path
+for include files and link with the <tt>special</tt> library.</p>
+
+<p>You may include as many arguments as you need, and they are applied in order.</p>
+
+<p>See <a href="openssl.html">OpenSSL notes</a> for the OpenSSL specific options.</p>
+
+<h2>Tests</h2>
+
+<p>There are a number of unit tests provided. To compile and run one type...</p>
+
+<pre>
+./runtest.pl bbackupd release
+./runtest.pl common debug
+./runtest.pl ALL
+</pre>
+
+<p>The runtest.pl script will compile and run the test. The first argument is the test name,
+and the second the type of build. Use ALL as a test name to run all the tests.</p>
+
+<p>The output from the tests is slightly muddled using this script. If you're developing, porting
+or trying out new things, it might be better to use the following scheme:</p>
+
+<pre>
+cd test/bbackupd
+make
+cd ../../debug/test/bbackupd
+./t
+</pre>
+
+<p>or in release mode...</p>
+
+<pre>
+cd test/bbackupd
+make -D RELEASE
+cd ../../release/test/bbackupd
+./t
+</pre>
+
+<p>(use RELEASE=1 with GNU make)</p>
+
+<p>I tend to use two windows, one for compilation, and one for running tests.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/license.html
===================================================================
--- box/boxbackup-web/license.html (rev 0)
+++ box/boxbackup-web/license.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup license</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup license</h1>
+
+<p>This software is licensed to you under the following terms. If you are intending
+to exploit this software commercially, please contact me for information about the additional
+tools available.</p>
+
+<h2>License</h2>
+
+<pre>
+Copyright (c) 2003, 2004
+ Ben Summers. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. All use of this software and associated advertising materials must
+ display the following acknowledgement:
+ This product includes software developed by Ben Summers.
+4. The names of the Authors may not be used to endorse or promote
+ products derived from this software without specific prior written
+ permission.
+
+[Where legally impermissible the Authors do not disclaim liability for
+direct physical injury or death caused solely by defects in the software
+unless it is modified by a third party.]
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+</pre>
+
+<h2>Commentary</h2>
+
+<p>This license is based on a standard BSD license. Some minor changes
+in wording have been made to fit in with English law.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/nonroot.html
===================================================================
--- box/boxbackup-web/nonroot.html (rev 0)
+++ box/boxbackup-web/nonroot.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Running without root</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Running without root</h1>
+
+<p>It is possible to run both the server and client without root privileges.</p>
+
+<h2>Server</h2>
+
+<p>The server, by default, runs as a non-root user. However, it expects to be run as root
+and changes user to a specified user as soon as it can, simply for administrative convenience.
+The server uses a port greater than 1024, so it doesn't need root to start.</p>
+
+<p>To run it entirely as a non-root user, edit the <tt>bbstored.conf</tt> file, and remove the
+<tt>User</tt> directive from the <tt>Server</tt> section. Then simply run the server as your
+desired user.</p>
+
+<h2>Client</h2>
+
+<p>The client requires root for normal operation, since it must be able to access all files
+to back them up. However, it is possible to run the client as a non-root user, with certain
+limitations.</p>
+
+<p>Follow the installation instructions, but install the executable files manually to somewhere
+in your home directory. Then use <tt>bbackupd-config</tt> to configure the daemon, but use a
+directory other than <tt>/etc/box</tt>, probably somewhere in your home directory.</p>
+
+<p>All directories you specify to be backed up must be readable, and all files must be owned
+by the user and readable to that user.</p>
+
+<p><b>Important:</b> If any file or directory is not readable by this user, the backup process
+will skip that file or directory. Keep an eye on the logs for reports of this failure.</p>
+
+<p>Non-root operation of the backup client is recommended only for testing, and should not
+be relied on in a production environment.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/openssl.html
===================================================================
--- box/boxbackup-web/openssl.html (rev 0)
+++ box/boxbackup-web/openssl.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup OpenSSL notes</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup OpenSSL notes</h1>
+
+<p>Ideally, you need to use version 0.9.7 or later of OpenSSL. If this is installed on your system by default (and it is on most recent releases of UNIX like OSes) then everything should just work.</p>
+
+<p>However, if it isn't, you have a few options.</p>
+
+<h2>Upgrade installation</h2>
+
+<p>The best option is to upgrade your installation to use 0.9.7. Hopefully your package manager will make this easy for you. This may require reinstallation of lots of software which depends on OpenSSL, so may not be ideal.</p>
+
+<p>(But as there have been a few security flaws in OpenSSL recently, you probably want to upgrade it anyway.)</p>
+
+
+<h2>Install another OpenSSL</h2>
+
+<p>The second best option is to install another copy. If you download and install from source, it will probably install into <tt>/usr/local/ssl</tt>. You can then configure Box Backup to use it using</p>
+
+<pre>
+./configure openssl:/usr/local/ssl
+</pre>
+
+<p>which will set up the various includes and libraries for you.</p>
+
+<p>The configuration scripts may be a problem, depending on your installation. See below for more information.</p>
+
+
+<h2>Use the old version of OpenSSL</h2>
+
+<p>If you have an old version installed, the configuration script will give you instructions on how to enable support for older versions. Read the warnings, and please, whatever you do, don't release binary packages or ports which enable this option.</p>
+
+<p>You may have issues with the configuration scripts, see below.</p>
+
+<p> </p>
+
+
+<h1>If you have problems with the config scripts...</h1>
+
+<p>If you get OpenSSL related errors with the configuration scripts, there are two things to check.</p>
+
+<ol>
+<li>The <tt>bin</tt> directory within your OpenSSL directory is in the path (if you have installed another version)
+<li>You have an <tt>openssl.cnf</tt> file which works and can be found.
+</ol>
+
+<h2>OpenSSL config file</h2>
+
+<p>You need to have an <tt>openssl.cnf</tt> file. The default will generally work well (see example at end). Make sure the <tt>openssl</tt> utility can find it, either set the <tt>OPENSSL_CONF</tt> environment variable, or install it into the location that is mentioned in the error messages.</p>
+
+<h2>Example OpenSSL config file</h2>
+
+<pre>
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE = /dev/arandom
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+#countryName_default = AU
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+#stateOrProvinceName_default = Some-State
+
+localityName = Locality Name (eg, city)
+
+0.organizationName = Organization Name (eg, company)
+#0.organizationName_default = Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = CryptSoft Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, fully qualified host name)
+commonName_max = 64
+
+emailAddress = Email Address
+emailAddress_max = 64
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ x509v3_extensions ]
+
+nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
+nsComment = "This is a comment"
+
+# under ASN.1, the 0 bit would be encoded as 80
+nsCertType = 0x40
+</pre>
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/restore.html
===================================================================
--- box/boxbackup-web/restore.html (rev 0)
+++ box/boxbackup-web/restore.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup verify and restore files</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup verify and restore files</h1>
+
+<p>Backups are no use unless you can restore them. The <tt>bbackupquery</tt> utility does
+this and more.</p>
+
+<p>You don't provide any login information to it, as it just picks up the data it needs
+from <tt>/etc/box/bbackupd.conf</tt>. You should run it as root so it can find everything
+it needs.</p>
+
+<p>Full documentation can be found in <tt>bin/bbackupquery/documentation.txt</tt> in the distribution
+archive. It follows the model of a command line sftp client quite closely.</p>
+
+<p>On systems where GNU readline is available (by default) it uses that for command line history and
+editing. Otherwise it falls back to very basic UNIX text entry.</p>
+
+
+<h2>Verify backups</h2>
+
+<p>Since this is a development system, you'll be keen to verify that your backups are
+correct. This is easy.</p>
+
+<pre>
+/usr/local/bin/bbackupquery "compare -a" quit
+</pre>
+
+<p>It will report all the differences between the store and the files on disc. It will download
+everything, so may take a while. You should expect to see some differences on a typical compare,
+because files which have recently changed are unlikely to have been uploaded yet. Consider checking the
+timestamps on the files, or keeping a record of these messages and comparing them with a future verification.</p>
+
+<p>If you would like to do a "quick" check which just downloads file
+checksums and compares against that, then do</p>
+
+<pre>
+/usr/local/bin/bbackupquery "compare -aq" quit
+</pre>
+
+<p>However, this does not check that the file attributes are correct, and since the checksums are generated
+on the client they may not reflect the data on the server if there is a problem -- the server cannot check
+the encrypted contents. View this as a good indication, rather than a definite check that your backup
+verifies correctly.</p>
+
+<p>You may wish to run either one as a cron job while testing this system.</p>
+
+
+<h2>Restore backups</h2>
+
+<p>You will need the keys file created when you configured the server. Without it, <b>you cannot
+restore the files</b>; this is the downside of encrypted backups. However, by keeping the small
+keys file safe, you indirectly keep your entire backup safe.</p>
+
+<p>The first step is to recreate the configuration of the backup client. It's probably best
+to have stored the /etc/box directory with your keys. But if you're recreating it, all you really
+need is to have got the login infomation correct (ie the certs and keys).</p>
+
+<p><b>Don't run bbackupd yet!</b> It will mark all your files as deleted if you do, which is not
+hugely bad in terms of losing data, just a major inconvenience. (This assumes that
+you are working from a blank slate. If you want to restore some files to a different location,
+it's fine to restore while bbackupd is running, just do it outside a backed up directory to make
+sure it doesn't start uploading the restored files.)</p>
+
+<p>Type <tt>/usr/local/bin/bbackupquery</tt> to run it in interactive mode.</p>
+
+<p>Type <tt>list</tt> to see a list of the locations stored on the server.</p>
+
+<p>For each location you want to restore, type <tt>restore name-on-server local-dir-name</tt>. The
+directory specified by local-dir-name must not exist yet.</p>
+
+<p>If the restore is interrupted for any reason, repeat the above steps, but add the <tt>-r</tt>
+flag to the restore command to tell it to resume.</p>
+
+
+<h2>Other tricks</h2>
+
+<p>bbackupquery can also...
+<ul>
+<li>List files on the server
+<li>Restore arbitary parts of the file system
+<li><a href="retrieve.html">Recover deleted files</a> (either if the backup daemon hasn't deleted them from the store,
+or if they are marked on the store as deleted but not actually gone yet.)
+<li><a href="retrieve.html">Recover old versions</a> of files which are still on the server.
+</ul>
+</p>
+
+<p>Read <tt>bin/bbackupquery/documentation.txt</tt> for more details.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/retrieve.html
===================================================================
--- box/boxbackup-web/retrieve.html (rev 0)
+++ box/boxbackup-web/retrieve.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Retrieving deleted and old files</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Retrieving deleted and old files</h1>
+
+<p>Box Backup makes old versions of files and files you have deleted available, subject to there
+being enough disc space on the server to hold them.</p>
+
+<p>This is how to retrieve them using <tt>bbackupquery</tt>. Future versions will make this far
+more user-friendly.</p>
+
+<p>Firstly, run <tt>bbackupquery</tt> in interactive mode. It behaves in a similar manner to
+a command line sftp client.</p>
+
+<pre>
+/usr/local/bin/bbackupquery
+</pre>
+
+<p>Then navigate to the directory containing the file you want, using <tt>list</tt>, <tt>cd</tt>
+and <tt>pwd</tt>.</p>
+
+<pre>
+query > cd home/profiles/USERNAME
+</pre>
+
+<p>List the directory, using the "o" option to list the files available without filtering out
+everything apart from the current version. (if you want to see deleted files as well, use
+<tt>list -odt</tt>)</p>
+
+<pre>
+query > list -ot
+00000078 f--o- 2004-01-21T20:17:48 NTUSER.DAT
+00000079 f--o- 2004-01-21T20:17:48 ntuser.dat.LOG
+0000007a f--o- 2004-01-21T17:55:12 ntuser.ini
+0000007b f---- 2004-01-12T15:32:00 ntuser.pol
+0000007c -d--- 1970-01-01T00:00:00 Templates
+00000089 -d--- 1970-01-01T00:00:00 Start Menu
+000000a0 -d--- 1970-01-01T00:00:00 SendTo
+000000a6 -d--- 1970-01-01T00:00:00 Recent
+00000151 -d--- 1970-01-01T00:00:00 PrintHood
+00000152 -d--- 1970-01-01T00:00:00 NetHood
+00000156 -d--- 1970-01-01T00:00:00 My Documents
+0000018d -d--- 1970-01-01T00:00:00 Favorites
+00000215 -d--- 1970-01-01T00:00:00 Desktop
+00000219 -d--- 1970-01-01T00:00:00 Cookies
+0000048b -d--- 1970-01-01T00:00:00 Application Data
+000005da -d--- 1970-01-01T00:00:00 UserData
+0000437e f--o- 2004-01-24T02:45:43 NTUSER.DAT
+0000437f f--o- 2004-01-24T02:45:43 ntuser.dat.LOG
+00004380 f--o- 2004-01-23T17:01:29 ntuser.ini
+00004446 f--o- 2004-01-24T02:45:43 NTUSER.DAT
+00004447 f--o- 2004-01-24T02:45:43 ntuser.dat.LOG
+000045f4 f---- 2004-01-26T15:54:16 NTUSER.DAT
+000045f5 f---- 2004-01-26T15:54:16 ntuser.dat.LOG
+000045f6 f---- 2004-01-26T16:54:31 ntuser.ini
+</pre>
+
+<p>(this is a listing from a server which is used as a Samba server for a network of
+Windows clients.)</p>
+
+<p>You now need to fetch the file using it's ID, rather than it's name. The ID is the
+hex number in the first column. Fetch it like this:</p>
+
+<pre>
+query > get -i 0000437e NTUSER.DAT
+Object ID 0000437e fetched successfully.
+</pre>
+
+<p>The object is now available on your local machine. You can use <tt>lcd</tt> to move
+around, and <tt>sh ls</tt> to list directories on your local machine.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
+
+
Added: box/boxbackup-web/server.html
===================================================================
--- box/boxbackup-web/server.html (rev 0)
+++ box/boxbackup-web/server.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,215 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Box Backup server configuration</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Box Backup server configuration</h1>
+
+<h2>Log files</h2>
+
+<p>You may wish to see what's going on with the server. Edit /etc/syslog.conf, and add</p>
+
+<pre>
+local6.info /var/log/box
+local5.info /var/log/raidfile
+</pre>
+
+<p>Note separators must be tabs, otherwise it ignores you.</p>
+
+<pre>
+touch /var/log/box
+touch /var/log/raidfile
+</pre>
+
+<p>And then get them rotated, by adding in /etc/newsyslog.conf</p>
+
+<pre>
+/var/log/box 644 7 2000 * Z
+/var/log/raidfile 644 7 2000 * Z
+</pre>
+
+<p>Then restart syslogd.</p>
+
+<h2>RAID setup</h2>
+
+<p>The server does RAID in userland for that extra bit of reliability. You need to
+set this up separately from the server. To create <tt>/etc/box/raidfile.conf</tt>,</p>
+
+<pre>
+/usr/local/bin/raidfile-config /etc/box 2048 /raid/0.0 /raid/0.1 /raid/0.2
+</pre>
+
+<p>But adjust it for your system. 2048 is the block size. Under BSD with FFS, set this to
+your filing system's fragment size (most likely an 8th of the block size), otherwise the block size of
+the filing system, for maximum efficiency.</p>
+
+<p>The three directories are the locations of the roots of the raid file directories.
+These are probably the mount points of three big partitions on three <b>separate physical discs</b>.
+If you don't have this, see below on how to disable userland RAID.</p>
+
+<p>Edit <tt>/etc/box/raidfile.conf</tt> if you have another set of three discs you want
+to use -- just add another section for each set.</p>
+
+<h3>Disabling userland RAID</h3>
+
+<p>If you only have one disc, or a hardware RAID array, you probably won't want to use userland
+RAID.</p>
+
+<p>In this case, follow the above instructions, but only specify one directory for the
+<tt>raidfile-config</tt> script. This will generate a raidfile.conf which disables userland
+RAID, and stores files in the single directory you specify.</p>
+
+<p><b>NOTE</b> Running the server in non-RAID mode has not been tested as extensively as
+in RAID file mode.</p>
+
+
+<h2>Server basic setup</h2>
+
+<p>Create a user to run the server under:</p>
+
+<pre>
+useradd _bbstored
+</pre>
+
+<p>Create <tt>/etc/box/bbstored.conf</tt> with:</p>
+
+<pre>
+/usr/local/bin/bbstored-config /etc/box <b>hostname</b> _bbstored
+</pre>
+
+<p>(See <a href="openssl.html">OpenSSL notes</a> if you get an OpenSSL error)</p>
+
+<p>(set hostname to the address the clients
+will use to contact this server) <b>Are you using a NAT device or firewall?</b> See the note below.</p>
+
+<p><b>Read the output</b> for details of what to do next. There is an example at the end of this page,
+but do follow the instructions output when you run the script yourself.</p>
+
+<p>Make sure the user can write to the raid file directories! For more precise control,
+create a <tt>backup</tt> directory within each of the raid root directories, and change
+their permissions accordingly.</p>
+
+<p>If there are other users on this server, you will probably want to stop other users
+reading the certificates.</p>
+
+<pre>
+chown -R _bbstored /etc/box/bbstored
+chmod -R go-rwx /etc/box/bbstored
+</pre>
+
+<h2>Configuration for hosts behind a NAT device or firewall</h2>
+
+<p>The hostname specified is used for 1) the name in the server's certificate and 2) the
+address the server will listen on.</p>
+
+<p>If the IP address of the machine isn't the same as the IP address it appears to have to
+the outside world (because the NAT device or firewall translates it), then this will fail.
+The server will look up the hostname, and then fail to bind to that address since it is not a local
+address.</p>
+
+<p>To get around this, you have two options. Either specify the local IP address with the
+<tt>bbstored-config</tt> command (the name in the certificate won't match the real address, but
+this is not a problem at the moment), or specify the real address, but edit the <tt>bbstored.conf</tt>
+file and correct the <tt>ListenAddresses</tt> directive later to reflect the local address.</p>
+
+<h2>Get certified</h2>
+
+<p>As per the instructions in the <a href="accounts.html">certificates and accounts management</a> page,
+sign your certificate and install it as directed.</p>
+
+<h2>Start the server</h2>
+
+<pre>
+/usr/local/bin/bbstored
+</pre>
+
+<p>Add this to your system startup scripts.</p>
+
+<p>Please read the <a href="trouble.html">Troubleshooting</a> page if you have problems.</p>
+
+<p>If you configured the server so the configuration file is somewhere other than <tt>/etc/box/bbstored.conf</tt>,
+run the server as, for example,<p>
+
+<pre>
+/usr/local/bin/bbstored /some/other/config/dir/bbstored.conf
+</pre>
+
+<h2>root not required</h2>
+
+<p>The backup server is configured to be run as root, but changes user to the user
+you specify as soon as it can -- this is simply for convenience when starting the daemon
+in system start up scripts. However, you can <a href="nonroot.html">run without root</a>
+entirely by making a small change to the configuration file.</p>
+
+
+<h2>Example configuration output</h2>
+
+<p>This is an example of output from the bbstored-config script. <b>Important:</b>
+Follow the instructions output by your script, not the ones here -- they may be different
+for your system.</p>
+
+<pre>
+# /usr/local/bin/bbstored-config /etc/box server.example.com _bbstored
+Checking permissions on /raid/0.0/backup
+Checking permissions on /raid/0.1/backup
+Checking permissions on /raid/0.2/backup
+
+Setup bbstored config utility.
+
+Configuration:
+ Writing configuration file: /etc/box/bbstored.conf
+ Writing empty accounts file: /etc/box/bbstored/accounts.txt
+ Server hostname: server.example.com
+ RaidFile config: /etc/box/raidfile.conf
+
+Creating /etc/box/bbstored
+Creating blank accounts file
+Generating private key...
+ [OpenSSL output omitted]
+
+Writing configuration file /etc/box/bbstored.conf
+
+===================================================================
+
+bbstored basic configuration complete.
+
+What you need to do now...
+
+1) Sign /etc/box/bbstored/server.example.com-csr.pem
+ using the bbstored-certs utility.
+
+2) Install the server certificate and root CA certificate as
+ /etc/box/bbstored/server.example.com-cert.pem
+ /etc/box/bbstored/clientCA.pem
+
+3) You may wish to read the configuration file
+ /etc/box/bbstored.conf
+ and adjust as appropraite.
+
+4) Create accounts with bbstoreaccounts
+
+5) Start the backup store daemon with the command
+ /usr/local/bin/bbstored
+ in /etc/rc.local, or your local equivalent.
+
+===================================================================
+</pre>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
\ No newline at end of file
Added: box/boxbackup-web/serverfix.html
===================================================================
--- box/boxbackup-web/serverfix.html (rev 0)
+++ box/boxbackup-web/serverfix.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Fixing problems with corruption on the server</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Fixing problems with corruption on the server</h1>
+
+<p>This page gives help on what to do if your server has suffered corruption, for example,
+after an unclean shutdown or other OS or hardware problem.</p>
+
+<p>In general, as updates to the store are made in an atomic manner, the most
+likely result is wasted disc space. However, if really bad things happen, or you believe that
+there is a lot of wasted space, then these instructions will help to restore your data.</p>
+
+<p>You know you will need to do something if you get strange errors, and <tt>bbackupd</tt> attempts
+to contact the server every 100 seconds or so. Or if one of the discs in your RAID disc set has failed.</p>
+
+<p>After following these instructions, the end result will be that <tt>bbackupquery</tt> will be able to see all the files which
+were stored on your server, and retrieve them. Some of them may be in <tt>lost+found</tt>
+directories in the root of the store (or in their original position if they have been moved) but they will all
+be able to be retrieved.</p>
+
+<p>After you have retrieved the files you want, <tt>bbackupd</tt> will upload new versions
+where necessary, and after about two days, mark any <tt>lost+found</tt> directories as deleted.
+Finally, those directories will be removed by the housekeeping process on the server.</p>
+
+<p>These instructions assume you're working on account 1234, subsitute this for whatever account
+you're actually working on. These will need to be repeated for all affected accounts.</p>
+
+<h2>1. Stop bbackupd</h2>
+
+<p>First, make sure that <tt>bbackupd</tt> is not running on the client machine for the account
+you are going to recover. Use <tt>kill</tt> to terminate it.</p>
+
+<p>(This step is not strictly necessary, but is recommended. During any checks on the account,
+<tt>bbackupd</tt> will be unable to log in, and after they are complete, the account is marked
+as changed on the server so <tt>bbackupd</tt> will perform a complete scan.)</p>
+
+<h2>2. Are you using RAID on the server?</h2>
+
+<p>At the moment, the raidfile recovery tools have not been written. However, when two out of
+three files are available, the server will run succesfully, even if it complains a lot in the logs.
+So, your best bet here is to fix the accounts, if necessary, and retrieve any files you need. Then move
+the old store directories aside (in case you need them) and start afresh with new accounts, and
+let the clients upload all their data again.</p>
+
+<p>These utilities will be written shortly!</p>
+
+<h2>3. Check and fix the account</h2>
+
+<p>First, run the check utility, and see what errors it reports.</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts check 1234
+</pre>
+
+<p>This will take some time, and use a fair bit of memory (about 16 bytes per file and directory).
+If the output looks plausible and reports errors which need fixing, run it again but with the
+<tt>fix</tt> flag:</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts check 1234 fix
+</pre>
+
+<p>This will fix any errors, and remove unrecoverable files. Directories will be recreated if necessary.</p>
+
+<p><b>NOTE</b>: The utility may adjust the soft and hard limits on the account to make sure that
+housekeeping will not remove anything -- check these afterwards.</p>
+
+<h2>4. Grab any files you need with bbackupquery</h2>
+
+<p>At this point, you will have a working store. Every file which was on the server, and wasn't corrupt,
+will be available.<p>
+
+<p>On the client, use <tt>bbackupquery</tt> to log in and examine the store. (type <tt>help</tt> at the
+prompt for instructions). Retrieve any files you need, paying attention to any <tt>lost+found</tt>
+directories in the root directory of the store.</p>
+
+<p>You can skip this step if you are sure that the client machine is fine -- in this case, <tt>bbackupd</tt>
+will bring the store up to date.</p>
+
+<h2>5. Restart bbackupd</h2>
+
+<p>Restart <tt>bbackupd</tt> on the client machine. The store account will be brought up to date, and
+files in the wrong place will be marked for eventual deletion.</p>
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/space.html
===================================================================
--- box/boxbackup-web/space.html (rev 0)
+++ box/boxbackup-web/space.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Checking the storage space used on the server</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Checking the storage space used on the server</h1>
+
+<h2>From the machine being backed up</h2>
+
+<p><tt>bbackupquery</tt> can tell you how much space is used on the server for this account.</p>
+
+<p>Either use the <tt>usage</tt> command in interactive mode, or type</p>
+
+<pre>
+ /usr/local/bin/bbackupquery -q usage quit
+</pre>
+
+<p>to show the space used as a single command.</p>
+
+
+<h2>On the server</h2>
+
+<p><tt>bbstoreaccounts</tt> allows you to query the space used, and change the limits.
+To display the space used on the server for an account, use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts info 75AB23C
+</pre>
+
+<p>To adjust the soft and hard limits on an account, use</p>
+
+<pre>
+ /usr/local/bin/bbstoreaccounts setlimit 75AB23C new-soft-limit new-hard-limit
+</pre>
+
+<p>You do not need to restart the server.</p>
+
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
Added: box/boxbackup-web/trouble.html
===================================================================
--- box/boxbackup-web/trouble.html (rev 0)
+++ box/boxbackup-web/trouble.html 2007-10-23 11:11:05 UTC (rev 1901)
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title>Troubleshooting Box Backup</title>
+<link rel="stylesheet" href="bbstyles.css" type="text/css" />
+</head>
+<body>
+<div align="center">
+<div id="header">
+<div id="logo">
+<img src="images/bblogo.png" alt="logo" height="65" width="331" border="0" vspace="5" align="middle" /> <img src="images/stepahead.png" alt="a step ahead in data security" width="182" height="11" hspace="10" vspace="20" border="0" align="middle" /></div>
+</div>
+<div id="page">
+
+<h1>Troubleshooting Box Backup</h1>
+
+<p><ul><li><b>Note</b>: If you are trying to fix a store after your disc has been corrupted, see
+<a href="serverfix.html">fixing problems with corruption on the server</a>.</ul></p>
+
+<p>Unfortunately, the error messages are not particularly helpful at the moment. This page lists
+some of the common errors, and the most likely causes of them.</p>
+
+<p>When an error occurs, you will see a message like '<tt>Exception: RaidFile/OSFileError (2/8)</tt>' either
+on the screen or in your log files. (it is recommended you set up another log file as recommended
+in the <a href="server.html">server setup instructions</a>.)</p>
+
+<p>This error may not be particularly helpful, although some do have extra information about probable causes.
+To get further information, check the <tt>ExceptionCodes.txt</tt> file in the root of the distribution.
+This file is generated by the <tt>./configure</tt> script, so you will need to have run that first.</p>
+
+<p>Some common causes of exceptions are listed below.</p>
+
+<p>Please email me with any other codes you get, and I will let you know what they mean, and add
+notes here.</p>
+
+
+<h2>RaidFile (2/8)</h2>
+
+<p>This is found either when running <tt>bbstoreaccounts</tt> or in the <tt>bbstored</tt> logs.</p>
+
+<p><b>Problem:</b> The directories you specified in the raidfile.conf are not writable by the _bbstored user.</p>
+
+<p><b>Resolution:</b> Change permissions appropriately.</p>
+
+
+<h2>Common (1/2)</h2>
+
+<p>This usually occurs when the configuration files can't be opened.</p>
+
+<p><b>Problem:</b> You created your configurations in non-standard locations, and the programs
+cannot find them.</p>
+
+<p><b>Resolution:</b> Explicitly specify configuration file locations to daemons and programs. For example</p>
+<pre>
+/usr/local/bin/bbstored /some/other/dir/bbstored.config
+/usr/local/bin/bbackupquery -c /some/other/dir/bbackupd.config
+</pre>
+<p>(daemons specify the name as the first argument, utility programs with the <tt>-c</tt> option.</p>
+
+<p><b>Problem:</b> <tt>bbstored</tt> can't find the <tt>raidfile.conf</tt> file specified in <tt>bbstored.conf</tt>.</p>
+
+<p><b>Resolution:</b> Edit <tt>bbstored.conf</tt> to point to the correct location of this additional configuration file.</p>
+
+
+<h2>Server (3/16)</h2>
+
+<p>The server can't listen for connections on the IP address specified when you configured it.</p>
+
+<p><b>Problem:</b> This probably means you've specified the wrong hostname to bbstored-config --
+maybe your server is behind a NAT firewall?</p>
+
+<p><b>Resolution:</b> Edit <tt>bbstored.conf</tt> and correct the <tt>ListenAddresses</tt> line. You
+should replace the server address with the IP address of your machine.</p>
+
+
+<h2>Connection (7/x)</h2>
+
+<p>These errors all relate to connections failing -- you may see them during operation if there
+are network failures or other problems between the client and server. The backup system will recover
+from them automatically.</p>
+
+
+<p> </p>
+
+<h1>Advanced troubleshooting</h1>
+
+<p>If this really doesn't help, then using the DEBUG builds of the system will give you much more
+information -- a more descriptive exception message and the file and line number where the error occurred.</p>
+
+<p>For example, if you are having problems with <tt>bbstoreaccounts</tt>, build the debug version with</p>
+
+<pre>
+cd boxbackup-0.0
+cd bin/bbstoreaccounts
+make
+</pre>
+
+<p>(within the module directories, <tt>make</tt> defaults to building the debug version. At the top level,
+it defaults to release.)</p>
+
+<p>This will build an executable in <tt>debug/bin/bbstoreaccounts</tt> which you can then use instead
+of the release version. It will give far more useful error messages.</p>
+
+<p>When you get an error message, use the file and line number to locate where the error occurs in the
+code. There will be comments around that line to explain why the exception happened.</p>
+
+<p>If you are using a debug version of a daemon, these extended messages are found in the log files.</p>
+
+<p>Please get in touch if you need any help.</p>
+
+<p> </p>
+<p>© Ben Summers, 2003, 2004</p>
+<p> </p>
+</div>
+</div>
+</body>
+</html>
+
+
+