Lesson 6 · System Administration

Backup & Recovery

Implement backup strategies using tar, rsync, and automated solutions.

Creating Backups with tar

tar is great for creating portable archives (configs, home folders, app bundles). It’s not a complete backup system by itself, but it’s a foundational tool every Linux admin should know.

# Create compressed archive
$ tar -czvf backup.tar.gz /home/pranav

# Extract archive
$ tar -xzvf backup.tar.gz

# List contents without extracting
$ tar -tzvf backup.tar.gz

Tip: Add exclusions to avoid copying caches/build outputs: --exclude=node_modules, --exclude=.cache, etc.

Syncing with rsync

rsync is the workhorse for file-level backups. It’s incremental by default: it only transfers changes and can preserve permissions, timestamps, symlinks, and ownership.

# Local sync
$ rsync -avz /source/ /backup/

# Remote sync
$ rsync -avz /local/ user@server:/remote/

# Dry run (preview changes)
$ rsync -avzn /source/ /backup/

Backup Strategy: 3‑2‑1, RPO, RTO

  • 3‑2‑1: 3 copies of data, on 2 different media, with 1 copy offsite
  • RPO: maximum tolerable data loss (e.g., “up to 1 hour”)
  • RTO: maximum tolerable downtime (e.g., “restore within 30 minutes”)

Without RPO/RTO, “we have backups” is meaningless—your restore might take days or lose a week of data.

Verification: a backup isn’t real until it restores

Many teams discover backups don’t work only during an incident. Make restore testing a habit.

# Verify tar archive integrity
$ gzip -t backup.tar.gz && echo OK

# Verify rsync destination matches (dry-run + checksum when needed)
$ rsync -avnc /source/ /backup/ | head

Encryption (recommended for offsite)

Backups often contain secrets. Encrypt before storing in object storage or sending to third-party providers.

# Example: encrypt a tarball with gpg (symmetric)
$ gpg --symmetric --cipher-algo AES256 backup.tar.gz
$ gpg --decrypt backup.tar.gz.gpg > backup.tar.gz

Modern Backup Tools (worth knowing)

Tools like restic and borg provide encryption, deduplication, snapshots, and retention policies out of the box. If you manage serious production data, these are often better than hand-rolled scripts.

Scheduling Backups

Choose one scheduler (cron or systemd timers) and keep backups predictable. Add logging and alerting so failures aren’t silent.

# Simple cron example (daily at 02:30)
30 2 * * * /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1

✅ Practice (15–20 minutes)

  • Create a tar backup of /etc (or a test folder) and restore a single file from it.
  • Use rsync -avzn to preview what would change in a backup run.
  • Define RPO/RTO for a sample project and pick a backup frequency that matches it.