Maser Posted January 22, 2010 Report Share Posted January 22, 2010 I ask because I'm too busy to test this today (and I'm sure somebody has done this already...) If I turn FileVault on for a client that is currently being backed up. Will the *subsequent* post-FileVault-setup -- backup *everything* again? Or does turning FileVault on make no difference to Retrospect? Quote Link to comment Share on other sites More sharing options...
chrs Posted January 27, 2010 Report Share Posted January 27, 2010 I'm also wondering about this. I'm currently backing up my whole system and the backup happens whether I'm logged in or not. I want to file vault my home directory and understand that Retrospect is fine with that as long as I'm logged in. What would it do then, if another user is logged in or if no one is logged in but the machine is on? Does it just skip my file vaulted home directory in that case? Also, if the answer to the above question involves some setting to tell Retrospect not to backup sparse image files or bundles, what if I have a few encrypted sparse image files or bundles inside my home directory that I do want backed up when I'm logged in? Quote Link to comment Share on other sites More sharing options...
CallMeDave Posted January 27, 2010 Report Share Posted January 27, 2010 What would it do then, if another user is logged in or if no one is logged in but the machine is on? If you have configured Retrospect to access a specific volume (say /Users/foo_vault_user/) and are successfully backing it up when the user is logged in, that volume will not exist when the user is logged out; Retrospect should just throw up a "Volume not found" error and continue with its next activity. Does it just skip my file vaulted home directory in that case? The un-vaulted directory doesn't exist, so it's skipped. The "file-vaulted" disk image is there, but it's problematic. If the File Vault user is not logged in, Retrospect could theoretically backup (and restore) the encrypted sparse image bundle. Since the files inside the bundle are all closed there shouldn't be any problem with corruption. But if the user _is_ logged in, the disk image is mounted and is actively being read/written/encrypted on the fly. Tests have shown that if Retrospect backs up those bundle files while they're active, attempts to restore will result in a corrupted and unusable disk image. Retrospect isn't smart enough to check to see if a specific user is logged in before attempting to backup a specific file (that doesn't make it stupid, its just a missing complicated feature). That's why Retrospect 6.0 included the "don't backup sparse image bundles" option. what if I have a few encrypted sparse image files or bundles inside my home directory that I do want backed up when I'm logged in? Apple does not provide a way for other processes to tell a difference between a File Vault image and other images. EMC asked them for a way and they refused, citing security concerns. There are probably ways to use Favorite Folders as Sources and to simply avoid the File Vault bundles entirely; that way you could enable the program to backup all bundles and still be ok (as long as _they_ weren't mounted while the backup was running). I wonder if you could give the File Vault bundle a Finder label and then use a Rule to exclude it? Be worth a try. Dave Quote Link to comment Share on other sites More sharing options...
chrs Posted January 27, 2010 Report Share Posted January 27, 2010 Thanks for your reply. I'm really amazed that this isn't a more common question and that EMC hasn't put up very specific instructions and scenarios on how to deal with file vault (yes, I've read what little they do have). The whole reason I'm using Retrospect instead of FV is that my backups are secure (encrypted). Seems like now I need to decide between two options: having my backups secure and my laptop open to data theft or using Time Machine for backups (not secure) and keeping my laptop secure. It seems I can't have both. If you have configured Retrospect to access a specific volume (say /Users/foo_vault_user/) and are successfully backing it up when the user is logged in, that volume will not exist when the user is logged out; Retrospect should just throw up a "Volume not found" error and continue with its next activity. So in my case, I'm backing up the entire volume. This includes the system, users' home directories, other stuff at the root of the volume. I'm not sure what the quote above refers to other than maybe having Retrospect set up to point to and backup a specific user's home directory. If that's the case, I could potentially set up Retro to backup everything except my home directory and then have another Retro process that backed up just my home directory. The way I read your reply seems to imply that when I'm not logged in, my home directory won't exist. But won't it exist and just be full of the file vault sparse image files? I'm not sure how this helps. If I'm not logged in, it'll backup a bunch of sparse bundles and if I am logged in, it'll think everything has changed and will backup everything again since the files aren't file vaulted again. Quote Link to comment Share on other sites More sharing options...
CallMeDave Posted January 27, 2010 Report Share Posted January 27, 2010 Seems like now I need to decide between two options: having my backups secure and my laptop open to data theft or using Time Machine for backups (not secure) and keeping my laptop secure. It seems I can't have both. I'm not clear on what you are basing all of your decisions, but I will note that Time Machine will run a backup of a Time Machine volume when the user logs out. Happens automatically. in my case, I'm backing up the entire volume Then you would want to enable the exclusion of sparse image bundles to avoid backing up data that may not yield a valid restore. I'm not sure what the quote above refers to other than maybe having Retrospect set up to point to and backup a specific user's home directory Yep. If that's the case, I could potentially set up Retro to backup everything except my home directory and then have another Retro process that backed up just my home directory. Sigh; yet another demonstration of how helpful my most asked-for missing feature would be. In order to "backup everything except (your) home directory" you still have to have Retrospect _scan the contents_ of everything, including your home directory. You can't just tell Retrospect to "skip" any directories in a volume. Works, but takes the extra time to crawl the files. The way I read your reply seems to imply that when I'm not logged in, my home directory won't exist. OK, I just took the time to actually make a FV user (never had before!). I thought the bundle was stored outside of /Users/ but no, it does store the bundle inside /Users/FooUser/. So my idea about Favorite Folders holds less usefulness. Still wonder about Finder Labels; if you labeled the .sparsebundle file with a color and then had a rule to exclude it (assuming label rules worked, which they don't) could you then retain the backup of your other important disk images. I'm not logged in, it'll backup a bunch of sparse bundles Unless you take steps to prevent that if I am logged in, it'll think everything has changed and will backup everything again since the files aren't file vaulted again. No, Retrospect will match the unchanged files in the mounted/decrypted disk image; it won't back them up again if they haven't been changed by the logged in user. I'm not so sure I got all of this accurately; I have iPad on the brain... Dave Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.