Hi Lucas,
Thanks for the very complete explanation. I am only backing up
manually as I frequently take my laptop with me. I also have an
extensive exclusion list, although I missed the virtual memory. For
specific directory names that occur in multiple places, I've used the
following command to exclude them all wherever they are.
EXCLUDE.DIR "/.../(name)"
Do you know if the INCLUDE.DIR command works in the newer version of
TSM? It's not listed as a Backup Type selection in the
Include/Exclude Define Options GUI.
For the FileVault user backup, it still isn't working for me. When
logged in to the encrypted user account and showing hidden files, I
can see both the "Users/.username" and "Users/username" directories,
but only the "Users/.username" directory is shown in the file list in
TSM Backup. Are you actually able to see all of your encrypted user
account folders in the TSM file list?
What type of iMac are you using and what version of TSM? Is it an
Intel iMac or an earlier model?
Thanks,
Erol
At 9:23 AM -0800 12/19/07, Lucas Rockwell wrote:
>Hi Erol,
>
>I know a lot of people have responded to this post, but I wanted to
>go back to your original post and follow-up from there.
>
>On Dec 11, 2007, at 4:20 PM, Erol Kepkep wrote:
>
>>I'm concerned about having file encryption on a MacBook Pro. I
>>activated FileVault on my User Account which is fine. But, I just
>>discovered that a FileVault protected User Account causes the User
>>folder contents to be unavailable for backup by TSM (UCBackup
>>Service).
>>
>
>This is not 100% correct.
>
>I have FileVault turned on on my iMac, and I use UCBackup, and with
>some extra work on my part, it backs up up my files just fine. So,
>the question is, how is this possible?
>
>When a user has FileVault enabled, it does indeed change the
>standard setup of the user's home directory under the /Users
>directory. In my case (my username is lr), if I did not have
>FileVault enabled, the contents of /Users would look like this (at
>all times, whether I am logged in or not):
>
> /Users/Shared
> /Users/lr/<all of my files>
>
>Now that I have FileVault enabled, the contents of /Users looks like
>this when I am not logged in:
>
> /Users/Shared
> /Users/lr/lr.sparseimage
>
>And this when I am logged in:
>
> /Users/.lr/lr.sparseimage
> /Users/Shared
> /Users/lr/<all of my files>
>
>So, when I am logged in, my files are where they normally are, but
>OS X creates a new directory called .lr and puts my sparseimage in
>there. Actually, what happens when you log in (if you have FileVault
>enabled) is OS X moves your home directory (in my case) from
>/Users/lr to /Users/.lr and then mounts the user's sparseimage and
>makes it link to (again, in my case) /Users/lr.
>
>Ok, so, it is becoming clear that UCBackup (TSM) can backup the
>contents of a user's home directory, but... only when the user is
>logged in! This is very important to understand. In other words, if
>you use UCBackup and do a backup while you are logged in, UCBackup
>will backup:
>
> /Users/username/<all user files>
>
>If you then log out, and UCBackup comes along and does a backup, it
>will now backup:
>
> /Users/username/username.sparseimage
>
>Hmmm, that seems bad. And, it is!
>
>So, to make a very long story short, you can use UCBackup when you
>have FileVault enabled, but you have to do 3 things:
>
> 1) Request that the backup happen during the day
> 2) Exclude /Users/.username from the list of things to backup
> 3) TURN YOUR COMPUTER OFF WHEN YOU ARE NOT LOGGED IN
>
>Sorry for the all caps, but number 3 is extremely important.
>Actually, so is number 2.
>
>Alternatively, (and this is what I recommend):
>
> 1) Disable your TSM agent
> 2) Exclude /Users/.username from the list of things to backup
> 3) Do manual backups
>
>I highly recommend this approach (however, it does require admin
>access to your computer, and you have to remember to do your
>backups!).
>
>Also, because the standard TSM client does not come with a list of
>things to not backup, I recommend, at the minimum, excluding the
>following items (these come directly out of my
>"/Library/Preferences/Tivoli\ Storage\ Manager/dsm.sys" file:
>
>EXCLUDE.DIR "/Users/.lr"
>EXCLUDE.DIR "/Users/Shared"
>EXCLUDE.DIR "/Users/lr/.Trash"
>EXCLUDE.DIR "/Users/lr/downloads"
>EXCLUDE.DIR "/Users/lr/.Spotlight-V100"
>EXCLUDE.DIR "/Users/lr/src"
>EXCLUDE.DIR "/Users/lr/Movies"
>EXCLUDE.DIR "/Users/lr/Music"
>EXCLUDE.DIR "/Users/lr/Pictures"
>EXCLUDE.DIR "/Applications"
>EXCLUDE.DIR "/.Spotlight-V100"
>EXCLUDE.DIR "/.Trashes"
>EXCLUDE.DIR "/private/var/vm"
>EXCLUDE.DIR "/var/vm"
>
>If you use this list, make sure you change all instances of "lr" to
>your username.
>
>As noted as step 2 above, the first thing on the list is my sparseimage!
>
>I also exclude /Users/Shared because I put my iTunes music in there
>-- no need for UCBackup to backup my music. I also have excluded my
>.Spotlight-V100 directory, and the one for the system, too, as those
>two directories alone are over 500MB . I also don't see a need to
>backup the Applications directory, but feel free to choose
>otherwise. Oh, don't backup virtual memory (/private/var/vm, and I
>added the symlink, too: /var/vm). If you have a downloads directory,
>or a source directory (where you compile software -- src for me),
>you probably don't want to back those things up, either. And for
>good measure, I skip Movies, Music, and Pictures (even though I
>don't have anything in these directories).
>
>This is just a partial list for me, as I exclude a lot of other
>things that I feel just waste space on the backup server (like
>Garage Band and iDVD files that Apple installs under
>"/Library/Application Support").
>
>Anyway, good luck!
>
>-lucas
>
>>Can anyone recommend File/Folder level encryption software that
>>hopefully would work with TSM Backup?
>>
>>Thanks,
>>
>>Erol Kepkep
>>Molecular & Cell Biology
>>
>>
>>-------------------------------------------------------------------------
>>The following was automatically added to this message by the list server:
>>
>>To learn more about MAGNet, including how to subscribe to or
>>unsubscribe from its mailing list, please visit the MAGNet Web site:
>>
>>http://magnet.berkeley.edu
>>
>>Messages you send to this mailing list are public and
>>world-viewable, and the list's archives can be browsed and searched
>>on the Internet. This means these messages can be viewed by (among
>>others) your bosses, prospective employers, and people who have
>>known you in the past.
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about MAGNet, including how to subscribe to or unsubscribe from its mailing list, please visit the MAGNet Web site:
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Received on Wed Dec 19 2007 - 14:55:32 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 19 2007 - 14:55:33 PST