CrashPlan on Linux

It’s taken me six months since my last server failure, but I’m finally implementing an offsite backup for my home Linux server. I use rsnapshot for local backups which is great for recovering from mistakes. But it does no good if your server box dies in a fire, need offsite backups for that. I like CrashPlan on my Mac, so I thought I’d try it on Linux.

The first hurdle is installation. The default install location is /usr/local/crashplan. The supplied shell script is quite nice and they even gave thought to letting you run the backups as some user other than root! I think if you don’t install it as root the /etc/init scripts don’t get linked in. Worse, those scripts don’t seem to have any provision for non-root users.

The second hurdle is setting it up. CrashPlan is only configurable via a GUI tool that assumes it’s running on the computer that’s being backed up. Weak! Fortunately there’s a workaround; the GUI client really just talks over a socket to the backup daemon and you can fake it out with to talk to a remote host via an ssh tunnel. The Mac client stores the port number in an awkward place, but then I found that instead of editing the .app config file I could edit /Users/nelson/Library/Application Support/CrashPlan/ and add the line servicePort=4200. Still, shame the GUI client doesn’t allow this setting.

One extra Linux challenge is that the real time backups feature uses the inotify kernel module which by default only allows watching 8192 files. The docs cheerfully suggest just upping this number, but then I read this post that suggests it costs 200 bytes per file monitored (or maybe it’s only 40). Either way I don’t want to bump this up to 100,000+ or whatever it’d take (one per directory?) so I simply disabled real time backups in the Advanced settings. I’d actually prefer it just ran a nightly backup anyway, to manage bandwidth.

The backup daemon is reasonably well behaved. It’s a java process (!) that’s using less than 5% of one CPU. The bandwidth throttle actually works.

I’m annoyed CrashPlan is listening on port 4243 on the LAN port, not just localhost. You can’t actually use this for remote administration, at least setting serverHost instead of serverPort in the client didn’t work out for me. I wonder how secure the daemon really is; the security FAQ only addresses file encryption. Update: if you disable listening for remote backups, then it only listens on localhost:4243, much more secure.