Configuration of AF's backup system =================================== The parameters for the client side can be found in a file named afclient.conf and for the server side in afserver.conf, that resides in the directory /etc/afbackup or /etc/afbackup, respectively. Comments in those files are lines starting with the pound symbol # as the first non-blank character. These two files need not be edited by hand with an editor, instead the programs /usr/sbin/afserverconfig [ configfile ] and /usr/sbin/afclientconfig [ configfile ] can be used. If you are running X, the programs are the same, but start with an 'x'; (Tcl/Tk must be installed): /usr/sbin/xafserverconfig [ configfile ] and /usr/sbin/xafclientconfig [ configfile ] . The parameters described below are the same for both versions. Server configuration parameters ------------------------------- ServerIdentifier The identifier for the server. Default: The official hostname, followed by a colon and the full path to the configuration file. The server identifier can be used to become independent of the server machine name. This might be helpful, if the backup server should move to another machine. Whitespace characters may be used in this identifier, but they are replaced with asterisks * before comparing, so they are not significant Backup-Device This is the device the backup is written to. It can be any tape device with the capability to distinguish between several files on the media. It is mandatory to supply the no-rewind device here, otherwise this package won't work properly. Suitable device names for some OS-es: AIX: /dev/rmt0.1 Solaris: /dev/rmt/0bn IRIX: /dev/rmt/tps0d4nr HP-UX: /dev/rmt/0hn Linux: /dev/nst0 Digital UNIX: /dev/nrmt0h FreeBSD: /dev/nsa0 If the drive has a media handler attached, a specifier for this may follow the device name. The format for this is =<drive-count>@<device>#<num-slots>^<num-loadbays> , for example =1@/dev/sg0#6^2 . Whitespace before and following the special characters = @ and # is allowed for readability. The example means: The drive is number 1 in the changer, /dev/sg0 is the changer device, that has 6 media slots and 2 loadbays. The parts =<drive-count> and ^<num-loadbays> are optional. If the server is only used for remote start and no real backup device should be accessed, a dash - should be configured here as device, so a respective warning to the server log will be suppressed Tape-Blocksize The blocksize of the tape device. This value specifies how many bytes are written to tape or read from it with one system call. Usually this value is at least 512 or a multiple of it. It is not very important if the blocksize is set to 2048 or 1024. The main thing to keep in mind is that if there is a minimum, it should be respected (e.g. 1024 on AIX), otherwise media space is wasted. Tape-Buffer Three numbers and a filename can be given here. The first number is the desired size of the tape buffer in bytes. The optional second number is the high-watermark while writing in percent (default: 67), the optional third number is the low watermark, also in percent (default: 0). As long as the buffer fill rate does not reach the high watermark, nothing is written, but when it is reached, writing does not stop until the buffer fill rate is equal or below the low watermark. This procedure hopefully reduces tape wear and increases average writing speed, because excessive tape stops/starts are avoided. If the optional filename is given, buffering is done in the given file, which is mapped into the server's address space for that purpose. In the filename, patterns are replaced like with Changer-Configuration-File. Cartridge-Handler This value must be 1 or 0, which means, that you either have a cartridge handling system (i.e. some kind of robot) (1) or not (0). If you don't have a robot, you may nonetheless maintain a set of cartridges, that you will have to manually number. The backup server side will inform you via email or console output, whenever another cartridge has to be inserted into the drive and what number it requires it is. Number Of Cartridges This number specifies, how many cartridges you are maintaining. If you have a cartridge handling system (some kind of robot), this is usually the number of cartridges, your system is juggling. Cartridge-Sets Several cartridge sets can be used. Here they can be specified. The specifiers for the cartridge sets must be separated by whitespace. Each specifier may consist of digits, commas and dashes. Examples for cartridge set specifiers: 1-5 7-9,12 6,10,11 This example shows how to specify three cartridge sets. If the access to a cartridge set should be allowed only for certain clients, this may specified with a colon immediately following the set specifier without whitespace, followed by one of three forms: Either a list of hostnames, separated by commas and no whitespace inbetween, or the full path to a file containing the hostnames one per line, or by a command to be executed. The command must start with a bar | and must be enclosed in double quotes, if it is containing whitespace. If %H occurres in the command it will be replaced with the client name, who wants to gain access to the cartridge set. The command must exit with a status of 0, if access is to be granted, otherwise with an exit status unequal to 0. The name of the host to be checked is also written to standard input of this command, so %H needs not to be used. Examples specifying cartridge sets with restricted access: 1-5:apollo,localhost,taurus 6-8,16:/usr/local/backup/etc/set2clients 9-15:"| fgrep .my.domain.com" Remember, that grep will exit with 0, if a match has been found, otherwise 1. Note, that localhost and the network name of the machine should be both given, if the server is also a client. The names to be supplied here are not the client IDs configured on the client side, but the network names of the machines. If this parameter is not given, there is only the default set number 1 with all available cartridges, access is permitted to any client. Not all cartridges need to be included in a set and sets must not overlap. PrintServerMessages By default the server sends messages about current problems or required actions to a maintainer or, if determinable and configured, to the user on the client side. They cannot be seen as output on the client side. When this parameter is set, these messages are also output on the client side. The first word must consist of the letters b, v, r and c, that means: messages are output during backup, verify, restore, and/or copy-tape depending on what letters appear. The next fields must name the respective single stream server ports or service names according to the configured ports in BackupPorts, i.e. wherever a multi stream port appears in the configuration in BackupPorts, here the respective single stream service must be named. If not given the values default to the ones configured in BackupPorts. If this parameter is not properly configured, the messages might not be seen on the client side for technical reasons. Max Bytes Per File The stream of data, that represents your backup, is divided into pieces (files on tape). This is done to find the files faster during a restore. This value determines, how large the pieces on tape may be in bytes. Some good values for a few tape technologies: QIC: 20000000 DAT: 30000000 Exabyte: 50000000 DLT: 100000000 Max Bytes Per Tape With this entry the number of bytes written to a single tape can be limited. Serveral entries with a leading range specifier allow to handle certain tapes differently. The range specifier must end in a colon : and may contain lists of ranges and numbers. A given number without a leading range specifier will be valid for all tapes not explicitly described. Default is use of full tape capacity. Several entries must be separated by whitespace and may look like the following examples: 4000000000 1,3-5:3500000000 7,9-:5000000000 This means: 3.5 GB for cartridges 1 and 3 through 5, 5 GB for cartridges 7 and 9 up to the last cartridge, 4 GB for the rest Full Append Mode Normally, when the insert (writing) position is forced to another tape with the cartis command or with the clientside option -G, the rest of the current tape remains unused. When this option is set to 1, it will nonetheless be used to write data on, if there is no free tape left Variable Append Mode In default mode, the place (tape and tapefile), where the next data will be written, is fix and can only manipulated using the command cartis or the clientside option -G. When the server wants to write with variable append mode enabled, any cartridge, that is in the drive, is belonging to the right cartridge set and is allowed to be written, will be accepted and appended to. Note, that this will also override the settings of cartis or option -G. Reject Unlabeled Tapes Default is to accept an unlabeled tape as the requested one and to label it automatically. If this behaviour is unwanted and only tapes with a recognized label should be permitted for writing, this parameter should be set. PreferCartInChanger When a tape gets full and another one must be chosen to continue writing, the server does not make a difference, whether a tape is available in a changer or not, if this flag is not set. This is the default. If this parameter is set, the next cartridge is chosen from those, that are available in the slots of a changer, if present and configured. If there is no tape found inside the changer, that is allowed to be overwritten, manual administrator interaction is nonetheless required. Cart-Insert-Gracetime This is the time in seconds, the program waits after another cartridge has been put into the drive. Normal devices need a certain time span to mount the tape to get it ready for use. Normally this value is not critical. If you estimate it too low, the ioctl-system-call will wait until the device becomes available. This time is sometimes longer than two minutes, so if you want to proceed quickly after a cartridge change, you may measure the maximum time your system needs. Some tried values for a few tape technologies: QIC: 20 DAT: 30 Exabyte: 70 DLT: 70 Device-Unavailable-Send-Mail-After-Min If the streaming device is not accessible (i.e. an open or a tape handling command fails) or another backup server process is still running, the server process re-tries his attempts regularly. If it fails longer than the time in minutes supplied here, an e-mail is sent to the configured user in charge (see: User To Inform). Supplying 0 means: never send mail. Device-Unavailable-Give-Up-After-Min Same as Device-Unavailable-Send-Mail-After-Min, but this time not an e-mail is sent, but the server process exits silently leaving a warning in the log file. Supplying 0 means: try forever, never exit. Device-Probe Interval This is the interval in seconds, after that regularly the device is probed to be ready for reading. Thus after having ejected a cartridge it is automatically recognized, if a new cartridge has been inserted. For other media (e.g. exchangeable disks) this may not be suitable. Supply a 0 in these cases for no probing. SetFile-Command This is the (shell-) command to run to position the tape to a certain file. Usually this is something like a combination of: mt -f <device> rewind and mt -f <device> fsf <number>. If the command you are supplying here starts to count with 1 for the first file on tape, you should insert %n for the <number>. If it starts with 0, replace <number> with %m. If you don't want to type the devicename again here, you may write %d instead. For more pattern replacements see: Status-file SkipFile-Command This is the (shell-) command to run to skip over to a file later on tape. Usually this is something like mt -f <device> fsf <number> Insert %n, where the number of files to skip over must be supplied in the command, in the example instead of <number>, and %d, where the device should appear (here: <device>). For more pattern replacements see: Status-file Setcart-Command This is the (shell-) command to run to put a certain cartridge into the device. If the command you are supplying here starts to count with 1 for the first cartridge, you should insert %n in the place, where the cartridge number must appear. If it starts with 0, replace it with %m. If you don't want to type the devicename again here, you may write %d instead. If you don't have a command to perform this task, don't supply anything here. In this case you must set your cartridge handling system to sequential mode (automatically putting the next cartridge in, when the current one is ejected). For pattern replacements see: Status-file Changecart-Command This is the (shell-) command to run to eject a cartridge currently placed inside the streamer device. This is normally something like mt -f <device> rewoffl (but better consult your man-pages). You have to supply this either if you have no cartridge handling system (robot) or if you have no command to set the cartridge directly by number. In the latter case this package tries to maintain the number of the current cartridge in a file and to (hopefully) keep it consistent with the reality. In this case the cartridge handling system must be configured to sequential mode (automatically putting the next cartridge in, when the current one is ejected). The pattern %c, if used in this command, will be replaced with number of the current cartridge, %n with the number of the next one, that is expected to be put into the streamer by a robot in sequential mode. %b can be used instead of %c if counting of cartridges starts with 0 and not with 1. The same applies for %m, what means %n minus 1. %d is replaced with the device name. Init-Media-Command The (shell-) command, the server runs before accessing the storage media for the first time or after changing it. %d will be replaced with the device. This command can be used e.g. to automatically mount a removable disk after inserting. This command might be called several times on the same media, this has to kept in mind when configuring it. %n is replaced with the number of the cartridge, that is expected to in the drive, when the next media access operation will take place. %m is replaced with %n - 1 i.e. assuming that the cartridge numbering starts with zero, not one. Note, that the cartridge, that will really be in the drive is not necessarily known at the time, the Init-Media-Command is running. Thus the term "expected". For more pattern replacements see: Status-file Erasetape-Command The (shell-) command to run, if the tape must be erased. (currently not needed). For pattern replacements see: Status-file Tape-Full-Command The (shell-) command to run, when a tape is full. %d is replaced with the device name, %c with the number of the cartridge, that became full, %n with the number of cycles, the cartridge has become full until now and %C with the full path to the configuration file. For more pattern replacements see: Status-file User To Inform If you don't have a cartridge handling system (robot), a human maintainer must put the appropriate cartridge into the tape device. If you supply a mail program, an e-mail is sent to the user given here, which informs him, that and which cartridge (by number) must be put into the tape device. If a timespan is configured, after that an automatic e-mail should be sent due to an unaccessible tape device, it is directed to this user (see Device-unavail-send-mail-after-min) Mail-Program The mail program used to send messages to a human maintainer. This is done, whenever another cartridge must be put into the tape device and it can't be done automatically (by a robot or whatever). If you don't want to type the username again here, you can instead write %u . The pattern %U will be replaced with the login name of a current user on the client side, %H with the name of the client host. If none could be figured out, the entire word containing %U or %H is deleted from the command. If you don't want mails to be sent, you may instead supply any other command, that reads the standard input and does something reasonable with it, e.g. redirects it to the console: cat > /dev/console For more pattern replacements see: Status-file Var-Directory The directory, where varying files should be put in. These files should not be deleted. The information they contain is necessary for the server to work properly Tape-Pos-File In this file some values are stored, e.g. the number of the cartridge currently placed inside the streamer device. For pattern replacements see: Status-file Logging-file Logging information concerning errors or other notable events is redirected to this file. If the first word of this entry is starting with @, then logging is directed to the syslog as well. If there are characters immediately following the @, this word is used as the syslog identifier, otherwise the identifier is afbackup. If writing to the syslog is configured, the rest of the entry is used as additional logging file, if present. For more pattern replacements see: Status-file Status-file The current status of the server is written to this file. If it starts with >>, then the file is created and status messages will be appended to it. Otherwise the file is removed before writing. %L will be replaced with the full path of the lib-directory of the server, %B with the bin-directory, %C with the config directory and %V with the var-directory. Lock-file To prevent the server program from being started several times a lock file is created and this is it's name. For pattern replacements see: Status-file Encryption-Key-Files Entries specifying files, that contain encryption keys for authenticating backup clients to the server. Each entry consists of a filename, optionally followed by a colon : and a specifier for client selection. If an entry lacks a client selector, this one will apply for all clients, that are not matched by any other entry. The client selector is either a list of comma-separated hostnames, a filename starting with a slash / containing hostnames one per line, or a command starting with a bar, that is stripped off before starting the command. The command gets the current client name as input on stdin, aside from arguments containing patterns (see below). If the command returns an exit status of 0, the client name will match the entry. Entries are separated by whitespace. If an entry must contain whitespace, it must be enclosed by double quotes. If colons are needed within the filenames, they must be escaped using a backslash. Each key file must contain at least 5 characters and must not have read permission for group or world. The pattern %H is replaced with the client name resolved from the IP-address. %h is similar to %H, but everything from and including the first dot is stripped off. For more pattern replacements see: Status-file. Program-Directory If you are using the remote start option for backing up clients, this is the directory, where programs must reside, that can be started remotely. No other programs can be started remotely (for security reasons). For pattern replacements see: Status-file Init-Command Here you may supply a (shell-) command to be run, when the backup server side wakes up, i.e. the server process starts. A %p appearing in this command is replaced with the name of the client, that connected the backup service. For more pattern replacements see: Status-file Exit-Command Here you may supply a (shell-) command to be run, when the backup server side goes to sleep, i.e. the server process ends. A %p appearing in this command is replaced with the name of the client, that connected the backup service. For more pattern replacements see: Status-file Client configuration parameters ------------------------------- BackupHosts These are the hostnames of the machines where a server side of the backup service resides. Some kind of streamer device must be connected to these machines. The files and directories, that should be saved, are packed, eventually processed somehow, and then sent to the named machines, who writes them to the connected device. The named machines are tested for service availability. If a server is busy, the next one is tried. BackupPorts can be configured in the same order as the host entries supplied here. The servers in this list may be separated by whitespace and/or commas. If a backup server is the same host as the client, the use of the name localhost is encouraged. BackupPorts These are the port numbers on the backup server machines, where the backup server processes listen. The default is 2988 or the number found in the file /etc/services (or in NIS if it is configured). Several ports can be supplied, positionally according to the backup server hosts supplied in the BackupHosts parameter. The numbers can be separated by whitespace and/or commas. If fewer numbers are supplied than backup servers, the default port 2988 applies for the rest. If more port numbers are given, the superfluous ones are ignored. CartridgeSets The cartridge sets on the server side to use for backups. They must bes legal number between 1 and the number of cartridge sets configured on the appropriate server side. Several sets can be supplied, positionally according to the backup server hosts supplied in the BackupHosts parameter. The numbers can be separated by whitespace and/or commas. If fewer numbers are supplied than backup servers, the default set # 1 applies for the rest. If more cartridge set numbers are given, the superfluous ones are ignored. RootDirectory This is the directory, the backup client changes to before packing the files and directories. Their names should be supplied relative to this directory, e.g. ./home . DirsToBackup These are the names of files and directories, that should be saved. Wildcards in the usual manner are allowed (shell- style or glob-style). They should be supplied relative to the working directory, the client changes to when starting. Descending into directories can be limited to the current filesystem by preceding the filename with the four characters .//. or the option -m (and a space). The prefix .//. is stripped off the name before saving. Supplying a filename preceded with the four characters /../ (what makes no sense normally) or the option -r (and a space) forces the file contents to be saved regardless of the file type. This way raw partitions or similar things can be saved. The prefix /../ is stripped off the name before saving. These file contents are by default never processed for safety reasons. If you want to force processing nonetheless, use //../ as prefix or precede the name with the option -R (and a space). To save the output of a command, supply (in double quotes) a triple bar |||, followed by a space and the command. Another triple bar must follow, after that another command doing the opposite of the first one. This command gets the data written by the first one as input at restore time. A triple sharp ### and a comment may follow. A command can be supplied here, whose output is read and used as if it were written here literally. If this is desired, the entry must start with a bar |, followed by a mandatory space and the shell-command to execute. If the pattern %T appears in this command, it is replaced with a specifier for the type of backup: F, if it's a full backup; F<N>, if the full backup is split into several parts with <N> being the part number, e.g. F2; I, if it's an incremental backup; L<N> for a level <N> backup e.g. L5 DirsToBackupX These are the names of files and directories, that should be saved as part X. Wildcards in the usual manner are allowed (shell-style or glob-style). They should be supplied relative to the working directory the client changes to when starting (See: RootDirectory). Descending into directories can be limited to the current filesystem by preceding the filename with the four characters .//. or the option -m (and a space). The prefix .//. is stripped off the name before saving. Supplying a filename preceded with the four characters /../ (what makes no sense normally) or the option -r (and a space) forces the file contents to be saved regardless of the file type. This way raw partitions or similar things can be saved. The prefix /../ is stripped off the name before saving. These file contents are by default never processed for safety reasons. If you want to force processing nonetheless, use //../ as prefix or precede the name with the option -R (and a space). To save the output of a command, supply (in double quotes) a triple bar |||, followed by a space and the command. Another triple bar must follow, after that another command doing the opposite of the first one. This command gets the data written by the first one as input at restore time. A triple sharp ### and a comment may follow. A command can be supplied here, whose output is read and used as if it were written here literally. If this is desired, the entry must start with a bar |, followed by a mandatory space and the shell-command to execute. If the pattern %T appears in this command, it is replaced with a specifier for the type of backup: F, if it's a full backup; F<N>, if the full backup is split into several parts with <N> being the part number, e.g. F2; I, if it's an incremental backup; L<N> for a level <N> backup e.g. L5 These parameters may only be supplied if the parameter NumBackupParts is set greater than 1 (!). Otherwise they must be commented out to prevent a mismatch. ReportProgress Write the current progress to the file progress located in the directory with the varying files (see: VarDirectory). The first number in this file is the sum of file sizes currently written to backup plus an estimate for the packer overhead. The second number is the total sum of file sizes to be written to backup plus estimated overhead, determined in advance before doing the real backup. The third number is the percentage of backup volume written up to now. All the numbers do NOT include the volume of any command output to be written to backup, because it would be necessary to run the command(s) twice then, what is normally not desired. Using this option requires the backup client to run over all configured directories to be saved to determine the backup volume in advance before doing the real backup, what might be considered a waste of time and/or fileserver load. FilesToSkip These are the names of files, that should not be saved. Wildcards in the usual manner are allowed (shell-style or glob-style, furthermore path-patterns in the style of GNU's find program with option -path. Note, that e.g. a*d matches ab/cd). E.g. it does not usually make much sense to back up object files, as they can be easily reproduced from existing program sources. DirsToSkip These are the names of directories, that should not be saved. Wildcards in the usual manner are allowed (shell-style or glob-style, furthermore path-patterns in the style of GNU's find program with option -path. Note, that e.g. a*d matches ab/cd). E.g. it does not usually make much sense to back up the lost+found directory or such only containing object files, as they can be easily reproduced from existing program sources. FilesystemTypes A list of filesystem types, separated by whitespace and/or commas. The type names can be prefixed with a plus, what is identical with no prefix, with a dash - or a slash / . No prefix or a plus means, that only files in filesystems of the given type are saved, no others. A minus means, files in a filesystem of the named type are not saved, nonetheless such filesystems are traversed to search for filesystems of other types probably mounted underneath. The slash means, that such filesystems are not even entered or traversed ExcludeListFile A file with the name supplied here can be present in any directory. It should contain a list of file-/directory-names (or glob-style patterns), that should be skipped during backup. Each entry must be in an own line. The given names/patterns are valid only in the same directory, where the file resides. Thus each directory can have it's individual exclusion list. WriteChecksums This flag specifies whether CRC32 checksums are written to the backup or not. Checksumming costs performance but might be desired to achieve additional safety, that recovered the files are intact UseCTime When this flag is set, not only a filesystem entry's modification time (mtime) is evaluated when selecting objects to store during incremental or a level X backup, but also the inode change time (ctime). In this mode the filesystem entries access time (atime) is not restored to the value it had before saving it, because that would again change the ctime, thus each incremental backup would result in a full backup NumBackupParts If you have to backup a large amount of files and the full backup can't be done during one run (e.g. over a weekend), you can divide the full backup into pieces. This number determines how many pieces you need. If this number is not equal to 1, you have to supply which files and directories you want to save in which piece. You do so by setting the parameters DirsToBackupX with X equal to the number of the backup part the files belong to. ProcessCmd If you want your files to be processed during save (e.g. compressed), you can supply the name of the program that should perform the desired processing here. If you do so, you MUST also supply the appropriate unprocess- program. Note that this program may be specified with options but no shell-like constructions such as pipes, variables or wildcards. This program must read standard input and write to standard output. For pattern replacements see Logging File UnprocessCmd The counterpart to the processing program. You must either supply both process- and unprocess-program or neither of them. Like the process program, the unprocess-program must read standard input and write to standard output. For pattern replacements see Logging File. BuiltinCompressLevel A number, that specifies the level of built-in compression, if present, otherwise no built-in compression will be performed. If a process program is also specified, the order of processing is: First the data is piped through the external program and then built-in compression is done. Uncompressing works the other way round. IndexFilePart The name of the file where the names of the saved files are stored. The current number is appended to this filename. The number is incremented each time a full backup starts. For pattern replacements see LoggingFile. IndexProcessCmd The program to preprocess the index file, in most cases some kind of compression. If this parameter is not set, it defaults to the setting of the ProcessCmd. If you set it, you MUST also supply the appropriate unprocess- program. Note that this program may be specified with options but no shell-like constructions such as pipes, variables or wildcards. This program must read standard input and write to standard output. For pattern replacements see LoggingFile IndexUnprocessCmd The counterpart to the index processing program. If not given, it defaults to the setting of the UnprocessCmd. You must either supply both process- and unprocess-program or neither of them. Like the index process program, the unprocess-program must read standard input and write to standard output. For pattern replacements see LoggingFile ProcessBackupedFiles This flag specifies whether the files that are saved, should be processed by the configured program. ProcessLogfiles This flag specifies whether the filename logging files should be processed by the configured program. DoNotProcess These patterns or filenames specify files, that no processing is attempted on. Normally this is done for all files. This might be inefficient, e.g. compressing files, that are already compressed, so their compression can be suppressed with this parameter. The value of this parameter must be a list separated by whitespace. Double quotes may enclose list elements. NumIndexesToStore This number determines how many log files of previous full backups are saved. These files may serve for the restore of older files than those present in the current backup. Of course there must be sufficient space to hold all the data for the backups. It doesn't help to save all the saved filenames but not to have them available on tape. DaysToStoreIndexes Instead of the number of index files to be kept (previous parameter), their maximum age can be configured in days (floating point number allowed). Older index files will be automatically removed. If this parameter is configured and the previous one at the same time, the longer duration will be applied to avoid accidental removal of indexes on configuration errors. NumIndexesToScan This is the maximum number of index files, that will be scanned during restore. This can be helpful, if it takes too much time to scan through all index files, what is done, if restrictions are given, such as before time, after time or certain tapes. This parameter can be overridden by option -N of afrestore. DaysToScanIndexes Instead of configuring the maximum number of index files to be scanned (previous parameter), their maximum age in days can be configured (floating point number allowed). This parameter can be overridden by option -O of afrestore. CheckRestoreAccessPerms When this flag is set, during restore started by a normal user (not the superuser) it is checked, whether the user has sufficient access permissions in the directory, where the files are recovered. When relocating using option -C this is default behaviour. With this flag set it will be enforced also when not relocating. This has pros and cons. It might be desirable, that users can also restore their own files in directories owned by root (e.g. at-job files or the CDE calendar stuff). On the other side this might be considered a security problem. LoggingFile The name of a file error messages or other notable events are written to. A dash - stands for no logging. The pattern %V will be replaced with the full path to the var-directory, %B with the bin directory, %L with the lib directory, %C with the configuration directory and %I with the logging directory (usually == %V) ClientIdentifier The identifier for the client. Default: The official hostname. This entry is required, it several afbackup clients reside on one host and the multi stream server is used. In this case the multi stream server must be able to distinguish the clients to distribute the pieces of backup data on tape correctly. Otherwise the data would be mixed up and be unusable for the reading client. The multi-stream server writes the data to backup piecewise to tape, each chunk preceded with an identifier. This identifier is by default the official hostname of the connected client. If several client programs are running on the same client host, this procedure must fail. Any data prefixed with the name of the client would be delivered to the client program when reading (restore, verify, ...) and thus be a mixture of data previously sent to the server by both client programs with the same identifier (official hostname by default). For this reason the server denies to serve several connected clients with the same identifier. If several afbackup clients should be installed on one host, different client identifiers must be set in their configuration files. VarDirectory The directory, where varying files should be put in. These files must not be deleted. The information they contain is necessary for restore. Lock-file To prevent client programs from being started several times a lock file is created and this is it's name. For pattern replacements see: LoggingFile EncryptionKeyFile The file containing the encryption key for authenticating the backup client to the server. This file must contain at least 5 characters and must not have read permission for group or world. For pattern replacements see LoggingFile. StartupInfoProgram This is the (shell-) command to run to save the startup information of an incremental or full backup, sometimes called bootstrap information. This program should read the standard input and do something reasonable with it, e.g. append it to some file. The produced information can be used to recover from a hard crash, when the files are lost, that are containing the names of the saved files. Therefore this information should not be saved locally on the client host, but e.g. on an NFS-mounted filesystem, a floppy disc or in a mail-file (then this command should be sth. like: mail someuser). For pattern replacements see LoggingFile. InitProgram A (shell-) command to be run before a backup is attempted. If this program returns an exit status unequal to 0, no backup is performed. This parameter makes only sense when backup is started remotely, cause in that case no shell- command can be supplied. If backup is started locally, there is no problem to run whatever is necessery before the backup explicitly. For pattern replacements see LoggingFile. ExitProgram This parameter may specify a (shell-) command to run at exit time of a full or incremental backup. The following patterns are replaced as explained: %l by the name of the file containing the filelists %r by the name of the file containing statistics (this file is automatically removed after execution of this program) %e by the overall exit status %i with the minimum restore information For more pattern replacements see LoggingFile. Under very troublesome circumstances (e.g. several clients are trying to connect a busy single stream server and timeout, or a client program is killed) it might happen, that the ExitProgram is not executed. If you rely on the actions of the ExitProgram you better implement the desired functionality outside of the afbackup system.