Basically what it says in the title: do you pull your backups a backup-manager host, or push them from each machine individually?
My initial inclination is to do it all from one machine, with one unprivileged user and a single cron file. That means, though, that there needs to be a remote user on each machine with g+r to everything, in order for ssh+rsync to do its thing.
Or, would it be simpler for each server to manage its own backups, probably as root, which means not having to change group permissions or identity?
You must log in or # to comment.
Push means: if your Server gets compromised, your backup is, too.
So I prefer pull. To not have the same effect I use a restricted ssh account that can only call rrsync.
I do both.
I push from all my machines to my local backup server and in the middle of the night my remote backup server (in another location) pulls a copy from the local backup server. I don’t think push vs pull really matters though.
You have many options to choose from…
- rsync over ssh+key, maybe pull from the central backup host is better
- Borgbackup, restic and alike, so push
- Syncthing, push or pull I can’t say for sure
both: pull for servers that are on 24/7. push for laptops (for example at login time, or other)
Same here.
Pulling doesn’t work if you don’t know when a system will be online, so it only makes sense for my laptop to push.
I don’t trust my VPS with access to my backup box, so I pull.
I do push only, as I’m using cloud-based object storage, so I know the destination is online 24/7. I do encrypt them before uploading, so couldn’t care less about privacy or security. Only availability, but if one uses multiple different cheap storage providers and replicates the backups, it doesn’t matter either.
It’s also easier and more secure to automate push if you don’t fully own the destination.
