Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Remote Backup of Windows Boxes w/o Samba?

Cliff posted more than 10 years ago | from the data-dumps-over-a-secure-tunnel dept.

Security 100

reezle asks: "I'm looking for a good (free as in beer) method to have my Debian server back up some remote Windows machines. There is no Samba in the mix; this is supposed to be a strictly secure internet thing. I've been toying with OpenSSH on the windows computers as a good tunnel, thought of simple tools like ntbackup initiated from a script on the Linux box, but not all of the pieces have come together yet. I need to have the Linux box make the connection, back up data (full and incremental backups) and have that backup data get back to the Linux machine in an encrypted format (across the wild internet). Has anyone done something like this?"

cancel ×

100 comments

Sorry! There are no comments related to the filter you selected.

Idea, (3, Interesting)

MoOsEb0y (2177) | more than 10 years ago | (#9884868)

Install an SSH Server on the windows machine, use SHFS [sf.net] to mount the remote filesystem to a directory, then use rsync to copy it.

Re:Idea, (1)

cookd (72933) | more than 10 years ago | (#9885272)

Don't do this. You lose all the benefits of rsync this way. In fact, it will use 2X the network.

Source -1- rsync1 -2- rsync2 -3- Destination

RSync works assuming that paths #1 and #3 are fast (local) and that #2 is slow (network). So it does extra reads over #1 and #3 to minimize #2.

Your suggestion puts #2 and #3 local and #1 on the network.

Re:Idea, (3, Interesting)

nocomment (239368) | more than 10 years ago | (#9885533)

I do this [oreilly.com] on my linux boxes and it works really well. A quick google talks about people doing this between *nix and windows.

Why not just... (2, Informative)

Gudlyf (544445) | more than 10 years ago | (#9893186)

Why not just install the ssh server and rsync (via Cygwin [cygwin.com] ), then:

rsync -avz -e ssh winbox:/cygdrive/c/ /path/to/backup

Or one thing I use, to keep incremental backups, is rdiff-backup [stanford.edu] .

ignorate question (1)

astar (203020) | more than 10 years ago | (#9944707)

I wonder what the pros and cons are of using a version control system for backup, such as subversion.

Three letters: SCP. (4, Interesting)

GregChant (305127) | more than 10 years ago | (#9884869)

Your best bet, in a cheap and dirty solution, is to use SCP. Set up a cron job to securely copy the files you need. No muss, no fuss, no samba, and all encrypted.

Re:Three letters: SCP. (3, Informative)

cookd (72933) | more than 10 years ago | (#9885296)

If you are copying 400 GB, you'll use 400 GB of bandwidth (less with compression, perhaps 200GB) each time you back up, whether or not anything has actually changed. That's very bad.

The advantage of stuff like rsync is that it only sends the deltas over the network. I have a daily backup of my 400 GB over the net. If nothing changes, it only uses 100k of bandwidth.

Re:Three letters: SCP. (2, Informative)

Drakon (414580) | more than 10 years ago | (#9885636)

WinRAR can create archives of files that were modified after a certain timestamp

Re:Three letters: SCP. (1)

jrockway (229604) | more than 10 years ago | (#9888337)

Yes but rsync only copies the differences between old and new. So if you changed onle line in a 10M file, it only copies that one line. Winrar would compress that whole file again.

Re:Three letters: SCP. (1)

cdrudge (68377) | more than 10 years ago | (#9899014)

Does rsync work that way? I assumed that it basically looked at blocks of a file, and if a block didn't match up, it transmitted that block. I didn't think it would only transmit JUST the changed line(s).

Re:Three letters: SCP. (1)

cookd (72933) | more than 10 years ago | (#9943506)

Well, yeah, it works on a block. I don't think the previous poster meant to have the comment taken literally. To sum it up, if you only change a small portion of a huge file, rsync and other similar algorithms are definitely going to save a lot of bandwidth over even the best compression schemes in all but the most contrived cases.

Re:Three letters: SCP. (1)

reezle (239894) | more than 10 years ago | (#9885837)

It looked good, but I looked at the manual, and didn't see an option for incremental. (I don't want to be copying all 200GB every night from the box that only modified a 2k text file)

Am I missing the option, or should I be wrapping SCP in something else that figures that part out?

Re:Three letters: SCP. (2, Informative)

Zocalo (252965) | more than 10 years ago | (#9887684)

Nope, you didn't miss anything as SCP has no incremental option. You could work around that by using a data compression tool to create an archive of just the files that have been changed, then SCPing that and uncompressing over the data mirror on the remote server. That doesn't help much if part of your data set is a big database file of which only a couple of records have changed though.

A far more efficient method would be to look at using RSYNC with SSH as a few others have pointed out. There's a pretty good HOWTO for Windows here [unimelb.edu.au] , which avoids the overhead of a full Cygwin install. You'll probably want to check out the link to cwRSYNC [itefix.no] at the top of that page too.

Re:Three letters: SCP. (1)

dublin (31215) | more than 10 years ago | (#9902142)

Nope, you didn't miss anything as SCP has no incremental option. You could work around that by using a data compression tool to create an archive of just the files that have been changed, then SCPing that and uncompressing over the data mirror on the remote server. That doesn't help much if part of your data set is a big database file of which only a couple of records have changed though.

A far better option would be Unison [upenn.edu] , which does 90% of what you're looking for, and can be made to work across an SSH tunnel. (Although, as always with SSH tunnels, the setup is a PITA.)

cron+scp (1, Interesting)

Cranx (456394) | more than 10 years ago | (#9884870)

Have cron create a .tgz backup regularly, and download it through scp on your Windows machine.

Re:cron+scp (1)

cookd (72933) | more than 10 years ago | (#9885310)

That requires a lot of empty disk space, and wastes a whole lotta network bandwidth. Remote nightly backups of a 100 GB drive this way is a surefire way to go bankrupt when you get the network bill...

Re:cron+scp (0, Troll)

Cranx (456394) | more than 10 years ago | (#9885862)

Great suggestion, I think people with large volumes can really benefit from that advice.

I'm glad to see not EVERYONE makes useless posts to Slashdot just to hear themselves harrumph around acting like know-it-alls who run around rebuffing everyone who tries to help others with a little advice, but never offer any advice themselves.

+1 Insightful to you, my friend.

Re:cron+scp (0, Troll)

Cranx (456394) | more than 10 years ago | (#9890033)

I'll see your +1 Troll and raise you a point for posting absolutely nothing of value. Dumbass.

Re:cron+scp (0, Redundant)

Cranx (456394) | more than 10 years ago | (#9910765)

I'll see your +1 Troll and raise you a point for posting absolutely nothing of value. Dumbass.

Re:cron+scp (1)

Cranx (456394) | about 10 years ago | (#10008290)

I'll see your +1 Redundant and raise you a point for posting absolutely nothing of value. Dumbass.

Why not samba? (1, Interesting)

Anonymous Coward | more than 10 years ago | (#9884897)

Can't you set up a vpn between the two pc's with OpenVPN, and use samba over the VPN?

Re:Why not samba? (1)

MarkusQ (450076) | more than 10 years ago | (#9885526)


For that matter, just tunnel to port 139 via ssh. So port 9139 (for example) on the linux box gets forwarded over ssh to port 139 on the ms/win box, and then you start samba with port=9139...dirt simple, no?

-- MarkusQ

Re:Why not samba? (1)

codeguy007 (179016) | more than 10 years ago | (#9899446)

Save for the fact he's looking to pull the backups from Linux not push them from Windows.

The Rsync solution is definitely the best suggested for what he asked for.

However personally, I would setup a fileserver for the machines and make everyone use that for stuff they want backed up. Centralized storage is always a cleaner solution.

Push vs. Pull? (1)

MarkusQ (450076) | more than 10 years ago | (#9900455)


Save for the fact he's looking to pull the backups from Linux not push them from Windows.

So he does a

sudo mount -t smbfs //mswinmachine/c /mnt/mswinmachine -o ...
on the linux box and then runs whatever backup solution he likes on the linux box (against the mount point). You can't get much more "pull from linux" than that.

-- MarkusQ

Re:Push vs. Pull? (1)

codeguy007 (179016) | more than 10 years ago | (#9902244)

So he wants to be secure and you are suggesting that he turns file sharing on on the windows boxes. Yeah that will really work.

Re:Push vs. Pull? (1)

MarkusQ (450076) | more than 10 years ago | (#9906382)


So he wants to be secure and you are suggesting that he turns file sharing on on the windows boxes. Yeah that will really work.

I don't think you are understanding what I'm suggesting. It isn't all that complicated:

  1. Use ssh to set up a TCP/IP tunnel between the boxes.
  2. Route smb trafic over the tunnel
  3. Allow smb connections over the tunnel (not to the world, obviously).
  4. Use this to mount the mswin box on the linux box
  5. Backup to your hearts content
Using rsync over an unecrypted channel would be just about as insecure as using file sharing. I wouldn't advise any backup system over an unencrypted channel.

-- MarkusQ

Re:Push vs. Pull? (1)

codeguy007 (179016) | more than 10 years ago | (#9923360)

1) Fine that will work
2) How are you going to get the windows boxes to do this without openning up SMB to the world unencrypted. (Hint you pretty much can't without a firewall box extern to windows)
3) See previous point. Windows doesn't support this.
4) See previous points.
5) See previous points.

The rsync was to be done over a ssh tunnel. Read the other posts. Either way you don't know what you are talking about so I suggest you clam up.

Re:Push vs. Pull? (1)

MarkusQ (450076) | more than 10 years ago | (#9926805)


How are you going to get the windows boxes to do this without openning up SMB to the world unencrypted. (Hint you pretty much can't without a firewall box extern to windows)
I don't see why not. I've done it under NT4, and I can't imagine (well, I can imagine, but I don't think it's true) that the newer mswin versions are less functional in this regard. A quick peek at google seems to support [vandyke.com] the idea that it's possible (I haven't used an msbox for several years, but from what I see on google it appears the filtering, etc. seems to have gotten a little easier, if anything). You simply filter (block) external traffic to the port in question, so that the only access is through the tunnel.

Either way you don't know what you are talking about so I suggest you clam up.
Gosh, I was thinking the same thing.

-- MarkusQ

Re:Push vs. Pull? (1)

codeguy007 (179016) | more than 10 years ago | (#9929768)


A quick peek at google seems to support the idea that it's possible.

Apparently you didn't read this. This is for setuping secure access to an smb server from Windows. Which by the way is the exact opposite of what you are suggesting. They tell you to turn off file and printer sharing in the article for a good reason.

And Like Windows packet filter is secure.

Re:Why not samba? (1)

reezle (239894) | more than 10 years ago | (#9885848)

Probably my bias from too much microsoft networking causes me to look for any other solution than microsoft style networking. haha

Cygwin + rsync (1)

molo (94384) | more than 10 years ago | (#9884912)

Cygwin [cygwin.com] and rsync [anu.edu.au] . That should do it.

-molo

Re:Cygwin + rsync (2, Interesting)

Filoseta (519421) | more than 10 years ago | (#9885117)

To expand on this slightly, I have had good success with duplicity [nongnu.org] .

It supports gpg signing and encrypting of archives and provides direct support for scp/ssh as a transport while handling full and incremental backups very nicely (well, after I wrote a few wrapper scripts just to make my life easier).

I have not used it on windows with cygwin, but I know people who are.

Re:Cygwin + rsync (2, Informative)

cookd (72933) | more than 10 years ago | (#9885143)

Cygwin is not secure for daemons -- if user A is running a Cygwin program, you should assume that any user on the system can execute code as user A. This is due to the global shared memory that Cygwin uses to keep track of things -- it is accessible to all users and is assumed to be safe.

If you're going to use rsync, use Interix/SFU. That's what I currently use, though I might switch to Unison. Works great, though sometimes the permissions are a pain (the Posix permissions don't always translate nicely to Windows ACLs)...

Re:Cygwin + rsync (1)

molo (94384) | more than 10 years ago | (#9885170)

I didn't know about cygwin's security issues. Thanks for the tip. Windows is so odd, how can a program have global shared memory on a multiuser system? Sounds like a broken security model.

-molo

Re:Cygwin + rsync (1)

cookd (72933) | more than 10 years ago | (#9885193)

When you create shared memory, you can put whatever permissions you want on it.

You wouldn't say that Linux is broken because you can make a file world-writable, would you?

Re:Cygwin + rsync (1)

molo (94384) | more than 10 years ago | (#9885269)

Ah, that makes more sense, it at least follows the rest of the windows model. Thanks.

-molo

Backup (3, Interesting)

m0rph3us0 (549631) | more than 10 years ago | (#9884940)

Use the windows backup program to have windows make the backups then have Windows copy them to the debian box via scp.

Or.... put Samba on the Debian box, use port forwarding and the loopback adapter to create a tunnel to the samba box and have the windows backup program write to the samba share which is only listens on 127.0.1.1

setup on windows box:
Loopback IP: 172.168.254.1
Real IP: XX.XX.XX.XX
SSH port forward from Local 172.168.254.1:139 to remote 127.0.0.1:139

Create an account for each machine on the debian box.

Windows backs up to \\172.168.254.1\MACHINENAME

A solution: Acronis TrueImage (2, Informative)

Futurepower(R) (558542) | more than 10 years ago | (#9885570)


NTBackup that comes with Windows can NOT backup all the Windows system drive, only part of it. Windows XP and 2000 (not Windows 98) have crippled file systems, apparently to implement copy protection.

NTBackup presumes that you are a peon whose time is worth nothing, and you don't mind loading all of your programs again. Some people restore a backup over a working Windows XP installation, but this is said by Microsoft technical support people to be unstable.

The ONLY way to back up a Windows XP and 2000 system drive is to do a sector by sector copy. See my Slashdot story and a discussion of this: Experiences w/ Drive Imaging Software? [slashdot.org] . The story gives a method of copying under Linux.

However, most sector by sector copies require that you have complete control over the drive.

The only solution I've found is Acronis TrueImage [acronis.com] . It costs $50, and it works, although there are some small flakinesses. You can backup a Windows XP or 2000 system drive while Windows is running and being used. You can send the backup over a network to a local Linux machine.

To send the backups over the Internet, you would encrypt the Acronis files with GNU Privacy Guard [gnupg.org] first. There is a way to submit the password to GPG in a batch file. Since anyone who has access to the password has access to the backup files, this is not a security risk.

Google has more links [google.com] to GPG.

I'm interested in hearing about any experiences anyone has with this.

Microsoft enthusiasts: Please don't disagree with the facts here, they have been verified many times by Microsoft articles and technical support people. Specifically, the NTFS file system is crippled, and NTBackup cannot back up the working system partition.

Re:A solution: Acronis TrueImage (1)

zog karndon (309839) | more than 10 years ago | (#9885976)

You didn't understand the KB article the first time you read it, and you don't understand it now.

The article *clearly* talks about cloning hard disks for distribution (i.e., building a corporate master image for distributing across an organization), and has nothing to do with backing up your hard disk and restoring it *on the same machine*.

NTFS is *not* crippled, and I've restored backups several times.

It's a pain in the butt, because you have to have a running version of NT to run ntbackup, but it works *just fine*.

Re:A solution: Acronis TrueImage (0, Troll)

Futurepower(R) (558542) | more than 10 years ago | (#9886251)


Every time I try to talk about this issue, someone tells me I'm wrong! I even put a warning paragraph at the end of my (grandparent) comment, and still it happened.

For example: A backup that must be restored to the same computer is not a backup! Suppose something fails on that motherboard and you don't have any other motherboards exactly like it?

A backup backs you up! If there are situations in which you won't get all your work back, you don't have a backup. This is not an isolated situation. The commercial life of motherboard models is about 9 months now. Try buying an Intel 845GB motherboard now. Yes, I saw the one listing on Froogle; it is a mistake.

Over and over again I have said that Microsoft technical support representatives have verified my statements, and over and over again someone has other ideas.

NTFS is crippled! Any file system that is designed not to copy all of its own files is crippled! If you think it is not crippled, try using COPY, XCOPY, or ROBOCOPY to copy all system files. You will get error messages. Windows 98 is not crippled; XCOPY32 will copy all system files to another drive and that other drive will be bootable. Yes there may be minor problems with programs that use DOS file names. In my experience, they are easy to fix.

Microsoft says: NOTHING that comes with Windows can backup all of a Windows XP or 2000 system partition, so that it can be a reliable operating system when restored. Yes, people do it, but there are problems. Yes, people live with the problems, or don't notice them.

Microsoft employees recommend Ghost. My personal opinion is that Ghost is very poor quality software with poor support from Symantec.

Re:A solution: Acronis TrueImage (1)

zog karndon (309839) | more than 10 years ago | (#9886370)

In any case, it is NOT NTFS that is at issue here. If you install XP/2K on a FAT32 partition, you'll have the same problem.

The issue, if you had actually understood the knowledgebase article, is that XP/2K has per-machine IDs, and that cloning the hard drive *clones the machine IDs*. When you put the cloned image on two new machines, domain servers get confused.

If your machine doesn't need to talk to an NT domain controller, the problems won't arise.

If you need to generate OS installation images (say, for a corporate rollout), Microsoft has a different set of tools that does that. I'm not terribly familiar with these tools, because I've never needed to do such things.

Personally, I've had good results with Drive Image 2002. NTBackup, as I've said before, requires that you have a working installation of Windows before it runs; Drive Image 2002 has a bootable floppy.

The SID must be changed anyway. (0)

Futurepower(R) (558542) | more than 10 years ago | (#9886927)


The SID must be changed anyway. That is an entirely separate issue.

I was told by a senior Microsoft technical support engineer last week, and I have been told before, that duplicate SIDs also confuse peer-to-peer networks.

XCOPY32.EXE can copy ALL files on a FAT32 partition. I stand by what I said. ALL the information in Windows XP and Windows 2000 is in files.

DriveImage, and all of PowerQuest, is now owned by Symantec, which, in my opinion, is legendary for bad technical support. Acronis is way better than DI.

An OS installation image is another term for a real backup.

Sysprep, even the Windows Server 2003 version, is buggy.

It amazes me how willingly people accept Microsoft's adversarial behavior.

Re:The SID must be changed anyway. (1)

zog karndon (309839) | more than 10 years ago | (#9896365)

No, an OS Installation image is designed to (gasp) be installed on a variety of different hardware. You need one of those for bulk installs, and, as I've said before, MS has a different set of tools (outside of Sysprep) that does that sort of thing. More importantly, every single communication from Microsoft that you've cited assumes that you're doing bulk installs, and, given that context, what they're saying is true.

You, on the other hand, have overgeneralized what they've told you into places that are clearly false. I know it's false, because I've done what you've claimed to be impossible.

For doing personal backups, you do not need an OS Installation Image. You at worst need a disk image.

NT Backup works tolerably well for doing personal backups. If you need a disk image utility, then Acronis or Drive Image 2002 are perfectly good options.

Re:The SID must be changed anyway. (0)

Anonymous Coward | more than 10 years ago | (#9926774)

For doing personal backups, you do not need an OS Installation Image. You at worst need a disk image.
At worst? Sounds to me like you don't know what you're talking about. Needing a full disk image is exactly the reason why the previous poster was saying NTFS is intentionally crippled. It's impossible to use XCOPY or similar utility to copy the a NTFS filesystem. What was your point again?
NT Backup works tolerably well for doing personal backups. If you need a disk image utility, then Acronis or Drive Image 2002 are perfectly good options.
I'd like to backup my system without purchasing additional software. Hm? Seems to me like NTFS is broken in this respect, and your post sheds no light on this problem.

Re:A solution: Acronis TrueImage (1)

afidel (530433) | more than 10 years ago | (#9898033)

The problem is that the SID gets copied. However in a domain environment you are going to be renaming the machine and joining it to the domain. Which coincidently changes the SID for the machine, hench a complete lack of a problem. As anyone who has used Norton Ghost to clone machines in a corp environment can tell you. Personally I like TrueImage because it can backup a server while it is live, great for those times when you have a dying HDD and you don't dare shut the machine down =)

Re:A solution: Acronis TrueImage (0)

Anonymous Coward | more than 10 years ago | (#9939756)

I have to weigh in with Zog on this one. NTFS is not broken, it's a perfectly fine, enterprise-quality file system that supports a rich array of protections and other good features. What is complicated is the whole Microsoft SID concept that the OS uses to maintain identities and permissions. These sit on top of the file system and need special treatment when being copied or backed up.

For personal backups NTBackup works just fine. I've been using it for years professionally. I've also used Ghost, Drive Copy, MaxBlast, and others and each of these can have their own problems. In my UNIX life I have used tar, DD, UFSDump, shell scripts, and others.

The sad fact of the matter is that any system can be a little more complicated than one person has time to invest. This is true for Windnows, Linux, VMS, etc

Regarding Acronis, I have heard 2nd hand that its stability makes it less than suitable for mission critical operations. Test before using.

- AndrewZ

Re:A solution: Acronis TrueImage (0)

Anonymous Coward | more than 10 years ago | (#9889106)

Every time I try to talk about this issue, someone tells me I'm wrong! I even put a warning paragraph at the end of my (grandparent) comment, and still it happened.

... and yet you still don't draw the obvious conclusion.

A lot of people think they know... (0)

Anonymous Coward | more than 10 years ago | (#9889300)

A lot of people think they know a lot about Microsoft Windows, and are mistaken.

Re:A solution: Acronis TrueImage (1)

ostiguy (63618) | more than 10 years ago | (#9892201)

On many systems you cannot do a *.* or * (depending on your OS preference) for a full system backup due to open files (think databases) and expect consistency. Due to the binary windows registry, among other such creations, you cannot expect to be able to copy it from a live box. There are tools and APIs to do so - windows own backup app, etc.

ostiguy

Re:A solution: Acronis TrueImage (0)

Anonymous Coward | more than 10 years ago | (#9886275)

NTBackup CAN restore an entire drive -- if you aren't an idiot and actually read how to do it. (hint: do a base Windows install first)

Microsoft and I stand by the facts. (0, Troll)

Futurepower(R) (558542) | more than 10 years ago | (#9886883)


As I said in my original post, all the facts in it have been reviewed many times by Microsoft technical support people.

I specifically said in my original post: "Some people restore a backup over a working Windows XP installation, but this is said by Microsoft technical support people to be unstable."

Re:Microsoft and I stand by the facts. (1)

Dibblah (645750) | more than 10 years ago | (#9886978)

Only if you do something dumb like install your 'restore system' into the same directory as you will be restoring to. Otherwise, the only 'overlayed' stuff is stuff in Program Files, which you WANT to come from the backup.

Part of the issue here may be that NTbackup (at least on XP / 2k) DOES backup everything (as long as you select system state). You'd need to sysprep your real system to force a hardware redetect on next boot to get the functionality you appear to want.

Re:Microsoft and I stand by the facts. (1)

ostiguy (63618) | more than 10 years ago | (#9892162)

How do you think you restore a windows backup folder without running windows backup from a running windows install?

ostiguy

Might give Unison a Try (5, Interesting)

namtro (22488) | more than 10 years ago | (#9884960)

I've had fairly good experiences with the Unison [upenn.edu] product. It works similarly to rsync [anu.edu.au] but with a few enhanced features. And I quote...

  • Unison runs on both Windows (95, 98, NT, and 2k) and Unix (Solaris, Linux, etc.) systems. Moreover, Unison works across platforms, allowing you to synchronize a Windows laptop with a Unix server, for example.
  • Unlike a distributed filesystem, Unison is a user-level program: there is no need to hack (or own!) the kernel, or to have superuser privileges on either host.
  • Unlike simple mirroring or backup utilities, Unison can deal with updates to both replicas of a distributed directory structure. Updates that do not conflict are propagated automatically. Conflicting updates are detected and displayed.
  • Unison works between any pair of machines connected to the internet, communicating over either a direct socket link or tunneling over an rsh or an encrypted ssh connection. It is careful with network bandwidth, and runs well over slow links such as PPP connections. Transfers of small updates to large files are optimized using a compression protocol similar to rsync.
  • Unison has a clear and precise specification.
  • Unison is resilient to failure. It is careful to leave the replicas and its own private structures in a sensible state at all times, even in case of abnormal termination or communication failures.
  • Unison is free; full source code is available under the GNU Public License.

Anyway, you might give it a look...

Re:Might give Unison a Try (0)

Anonymous Coward | more than 10 years ago | (#9885055)

Unlike a distributed filesystem, Unison is a user-level program: there is no need to hack (or own!) the kernel, or to have superuser privileges on either host.

And how does it copy files owned by other users then?

Re:Might give Unison a Try (1)

Foolhardy (664051) | more than 10 years ago | (#9885204)

On the Windows end, make the user that the backup program runs as a member of the 'Backup Operators' group.
Backup operators can ignore security to read all files for backup.
Since backup operators (anyone with SeBackupPrivilege [microsoft.com] ) can read all files (regardless of ACL), it can be a security risk; use it carefully.

Re:Might give Unison a Try (0)

Anonymous Coward | more than 10 years ago | (#9885376)

That seems like a funny definition of " there is no need to hack (or own!) the kernel, or to have superuser privileges on either host."

Re:Might give Unison a Try (3, Informative)

cookd (72933) | more than 10 years ago | (#9885449)

You're taking it out of context, or maybe misunderstanding the feature. Some backup systems require OS support, so you have to install something setuid, set up a service, or hack the kernel to even get it to work. The idea is that this runs as a user (as do other programs like rsync or scp) and not as a kernel component (like a filesystem driver).

Your interpretation: This program magically allows any user to read any file on the system without admin privileges.

Correct interpretation: This program does not require admin privileges to install or run, and can run as any user. (Of course, the files that the program can access are limited by the user it runs as.)

Re:Might give Unison a Try (1)

astrojetsonjr (601602) | more than 10 years ago | (#9885101)

I use Unison to back up Windows and Linux servers and have been very happy with it. I also use Unison to keep our development file systems in sync.

Highly recommended!!

Re:Might give Unison a Try (2, Informative)

FrenZon (65408) | more than 10 years ago | (#9885138)

I've had fairly good experiences with the Unison product.

I am a huge fan of Unison, and I use it to sync all files, bookmarks and settings between my windows laptops and desktops. But it is NOT a backup utility - if you have it set to run at set intervals, and one set of files becomes corrupted, deleted or otherwise changed, Unison will then do the same to all the other files. It does not have rollback.

It's handy for total machine or disk failures, but not so handy if, say, a virus trashes your files and you don't realise until after you've synced those files with everywhere else, or for work situations where someone deleted the wrong directory, renamed the files incorrectly etc etc.

Re:Might give Unison a Try (2, Informative)

Vlad_Drak (20809) | more than 10 years ago | (#9885528)

You would clearly want to have LVM (or some other) snapshotting enabled on the destination Linux host's volume. If you did want to export the snapshots for user restoration, you could then share out the point in time (12hr, yesterday, DOW, M,..) as well.

Rsync with cygwin would be another option, my experience with OpenSSH/scp on Windows has been poor when it's under pressure.

-Chris

Re:Might give Unison a Try (2, Informative)

Sarunas (34509) | more than 10 years ago | (#9886260)

that's incorrect. you can have it keep multiple copies\revisions of your backups.

A few solutions (3, Informative)

moosesocks (264553) | more than 10 years ago | (#9884971)

As mentioned earlier here, there are numerous SSH/SCP implementations for Win32. Search around. They're somewhat hard to find, but there's quite a few (make sure you choose one in active development. There are quite a few abandoned projects with security holes and other bugs). Honestly, I don't remember what one I use on my windows machine :) As a word of advice, do not use a cygwin distribution. They're somewhat buggy and need to run inside cygwin. The 'native' servers which link against some cygwin libraries seem to be allright though.

There's also another easier option. But, it will cost you. Use a "real" backup program such as Retrospect [dantz.com] which will do compression and encryption (very strong encryption if you desire) client side. More often then not, this is what big businesses use. You can then safely use smb, ftp, scp, whatever you wish

Re:A few solutions (2, Informative)

zatz (37585) | more than 10 years ago | (#9885460)

Cygwin has it's shortcomings, but I use it for exactly this task and it works well. Some tips for new Cygwin users:

You will need to run ssh-host-config after you install the ssh package. Under Windows Server 2003, it apparently can't setuid properly unless an actual password is supplied, so change the service to run as the user, instead of local system.

Cygwin is sometimes a little slower than you might expect, especially for I/O, due to the extra layers of indirection. One huge performance problem is that stat() reads the first block of every file. Non-blocking network I/O is also a little iffy; you may have to fiddle with the options to rsync to get things working in both directions.

Don't expect it to preserve NTFS ACLs. It does a decent job of simulating Unix-style file permissions, though. I think it uses the Posix subsystem for some file operations, because you can do strange things like create a file named NUL (which you then won't be able to remove within Windows).

In very rare circumstances, the games Cygwin plays with the filesystem interface will break rsync entirely. For example, if you have a file named SETUP.EXE, rsync will copy it fine. If you later create a directory named SETUP in the same place, rsync will get confused, because it will stat SETUP on the destination and see the file.

The Cygwin terminal is hopelessly non-standard. The supplied terminfo mostly works, but not entirely. This might be fixable, but I haven't tried very hard.

Re:A few solutions (1)

dave420 (699308) | more than 10 years ago | (#9890012)

They're hard to find? Ever heard of google? :)

There's a great port of OpenSSH I use regularly on my windows boxes - perfectly seamless operation with unix machines. very nice.

VPN + Samba (0, Redundant)

Xetrov (267777) | more than 10 years ago | (#9885015)

Why not set up a VPN and tunnel Samba through that? That should take care of your fear of insecurity with SMB. Piss easy + secure.

Not sure what software is available for windows, but there is FreeS/WAN [freeswan.org] for Linux.

netcat (3, Informative)

bergeron76 (176351) | more than 10 years ago | (#9885040)

Use netcat (nc) [atstake.com]

A version exists for Windows (it's what the kiddee's use), but it can be used for legit purposes if done properly.

rsync (2, Informative)

DDumitru (692803) | more than 10 years ago | (#9885080)

You can push the data using rsync. Load the Windows / cygwin version of rsync/ssh on the windows box. Then sync the whole box up to a debian directory over ssh. If you get fancy you can build rotation sets, etc. rsync is very efficient at moving only what changes, handling include/exclude lists, etc. Great for backing up lots of data.

Do a google search on "rsync windows backup".

The only downside is that rync will "kill" your upstream internet connection (it is that efficient). Fortunately, there is a --bwlimit option so you can back off a little.

If you are looking for a commercial hoster with all of the scripts pre-built we are happy to help (sorry for the AD), but it is pretty easy to roll this yourself.

Bacula (3, Informative)

DeathBunny (24311) | more than 10 years ago | (#9885522)

Use Bacula [bacula.org] . It's a GPL'd client/server enterprise backup software. It includes clients for most versions of Unix, OSX, and Windows.


Although the clients do not have built in support for encryption, according to the manual you can run the clients through stunnel [stunnel.org] to encrypt the traffic between the clients and the backup server. Future versions are supposed to support encryption built into the client.

Re:Bacula (1)

gottafixthat (603767) | more than 10 years ago | (#9885861)

I'll second the vote on Bacula. Its good stuff. Very fast and efficient. I haven't done anything with Windows clients yet, though, so I can't vouch for how well that works.

Re:Bacula (2, Interesting)

GLHMarmot (124846) | more than 10 years ago | (#9886436)

I use bacula extensively between various flavours of linux and windows. It just works. You can set your retention period and it will automatically purge old information. It will write to various backup media (tape, disk etc) and create volume sizes of your choice.

I use OpenVpn for encrypted connectivity between the machines as I am backing up a number of them across the net. It also has linux and windows clients.

One caveat is that I don't use it to backup the entire system. I back up the users' data and configuration information as the rest can be easily restored from the original media.

cygwin, bleh (2, Informative)

kayen_telva (676872) | more than 10 years ago | (#9885531)

you dont need cygwin. putty on the windows machine can create a tunnel to your debian machine. do what you like from there

Networker (1)

brsmith4 (567390) | more than 10 years ago | (#9885638)

Legato's [legato.com] Networker Backup is a multi platform, Enterprise level backup solution. It will back up to tape and to disk archives. We use it on all of our production level systems. You should be able to grab a copy from here. [legato.com] . I'm not sure if it's "free" or not since our Purchasing dept. deals with software acquisition but i've not had any problems downloading copies of it.

If you don't care about enterprise features (and if it turns out you have to purchase it and don't want to), use cygwin/rsync like everyone else says.

Re:Legato (1)

reezle (239894) | more than 10 years ago | (#9885897)

Unfortunately, it doesn't look the least bit free (in any sense of the word...) Other than that, it's pretty wonderful stuff.

Re:Legato (1)

afabbro (33948) | more than 10 years ago | (#9896168)

Wonderful? Awful. Legato is the sick man of the distributed systems backup world for some good reasons.

The leaders are Veritas's NetBackup and IBM's TSM. Not that I'm endorsing either...however, having used all three, I'd pick either NBU or TSM over Legato every time.

Re:Legato (1)

dublin (31215) | more than 10 years ago | (#9902318)

The leaders are Veritas's NetBackup and IBM's TSM. Not that I'm endorsing either...however, having used all three, I'd pick either NBU or TSM over Legato every time.

I agree that Legato is best avoided - in gereral, it leaves a trail of dead bodies behind it...

As far as cpommercial b/u software goes, BakBone's NetVault is a far better (both in functionality and price) option than either Veritas (good but $$$) or TSM (a true power tool, also $$$, but also requiring *way* too much arcane knowledge about its internals to run and effectively.)

Look at rdiff-backup (2, Interesting)

cornice (9801) | more than 10 years ago | (#9886055)

Take a look at rdiff-backup [stanford.edu] . I've been very impressed with it. From the website:

rdiff-backup backs up one directory to another, possibly over a network. The target directory ends up a copy of the source directory, but extra reverse diffs are stored in a special subdirectory of that target directory, so you can still recover files lost some time ago. The idea is to combine the best features of a mirror and an incremental backup. rdiff-backup also preserves subdirectories, hard links, dev files, permissions, uid/gid ownership, and modification times. Also, rdiff-backup can operate in a bandwidth efficient manner over a pipe, like rsync. Thus you can use rdiff-backup and ssh to securely back a hard drive up to a remote location, and only the differences will be transmitted. Finally, rdiff-backup is easy to use and settings have sensical defaults.


I found it to be very fast and reliable. And yes, it aparently does work under Windows [stanford.edu] .

Easy as pie (1)

Curtman (556920) | more than 10 years ago | (#9886299)

tar cvjf - some_directory | ssh somehost cat - \> ~/backups/somearchive.tar.bz2


Oh you said Windows... There's always Cygwin. :)

Bacula (1)

eliphas_levy (68486) | more than 10 years ago | (#9886329)

Bacula [bacula.org] has a binary to work with windows. Of course, there WILL be some system files that you'll not be able to back up while the thing is running, but the majority of windows files should be backed up flawlessly.

Don't know if it goes through the net encrypted, tough. The security I would use is the (not default, heh) hash pass"phrase", compression, and VPN.

Re:Bacula (1)

reezle (239894) | more than 10 years ago | (#9899554)

I've been working with bacula since I've seen it here. It looks like a winner so far. I dropped it on a windows box, opened a port on the router, and have been able to send commands from the linux server across town to it. Thanks for mentioning the encryption part. Perhaps good compression and encryption can go hand-in-hand while it backs up. I haven't fired up a sql engine on that box to get fancy with the backup jobs, but this product looks great. Do a full backup once a week (or month), incrementals between times, and shelve a full backup every so often. (cool)

Arkeia! (2, Insightful)

GoRK (10018) | more than 10 years ago | (#9886400)

Well since you said free as in beer not free as in libre, and since you did not say how many machines you needed to back up exactly, I might as well suggest to you that you try Arkeia. The free version, "Arkeia Light," supports a server with a single tape drive (no changer robots) and up to 2 client machines. So you can use it to back up 3 machines -- If you use more than that or if you have a tape library, you gotta cough up for a license.

Plenty of the solutions people have posted about are fine and dandy hack jobs and while they probably will work -- they would take a lot of time and effort to implement. Arkeia is pretty easy to install on the client end - you basically just install the client and tell it the name of the server - the acutal backup is managed completely by the server. Clients are available for practically every OS under the sun.

Arkeia has served me pretty well over the last few years, so even with the cost (not very much for a comparable solution from any other vendor) you really do get a pretty decent product.

Re:Arkeia! (1)

Skuggan (88681) | more than 10 years ago | (#9887026)

Only problem with Arkeia is its userinterface. It looks like Picasso made it when he was high on crack...

Re:Arkeia! (1)

GoRK (10018) | more than 10 years ago | (#9888777)

Haha yeah it sucks. The current version is a little better than version 4, though you can change the color schemes to something a little more sane in both.

If you really never want to see it you can delve into the hysteria of the arkc command line client with it's ten million options and modes.

rsync (1)

smoon (16873) | more than 10 years ago | (#9886659)

We use rsync to mirror (back up) about 200GB worth of data from a remote office via partial T1 line. Would work well enough over ssh too I suppose.

Our setup actually runs the rsync server on the windows machine. Main problem is that the default one with cygwin dies mysteriously for no apparent reason. Some googling found us a fixed version to use -- 18 months on, no issues.

rsync over ssh (cygwin) (2, Informative)

dimss (457848) | more than 10 years ago | (#9886772)

We use cygwin rsync+ssh as for backup purposes and data exchange between remote offices. This is the best solution we've found so far. Each office runs rsync every minute. Data is transferred via Linux server.

There are drawbacks too. For example, you cannot store SSH key on mapped network drive. And do not use it with Windows 98, bash script and rsync will hang after 1-2 hours.

dual boot to linux (2, Interesting)

kyuso (775087) | more than 10 years ago | (#9886824)

I dual-boot to linux in all the Windows PC (Every PC has linux boot) then use ssh/rsync to backup the whole Windows directory. Of course all windows partition must be FAT32 (even for WinXP) or something read/writable by linux. Then ssh reboot to Windows.

Nothing fancy to do on Windows. It takes 10 to 30 minutes to restore Windows to the way it was exactly when it was backed up, including XP. Without linux, it would have taken a whole day with all the patches, drivers, exact configuration, applications install, more patches, etc. etc.

Re:dual boot to linux (1)

dave420 (699308) | more than 10 years ago | (#9890082)

I don't mean to be rude, but what's the point of what you're doing? Why do you need linux? It's all eminently possible with windows, and without needing an extra partition and two operating sytems to do the job. I know there are lots of linux zealots who'd use it to scrath their ass if they could, but that's just silly.

BackupPC (3, Insightful)

mrph (708925) | more than 10 years ago | (#9887056)

I use BackupPC [sourceforge.net] on a Debian box to backup some laptops and a server at work.
It is highly configurable and easy to set up automatic backup routines and you can monitor operations
using a webbased interface. BackupPC also supports various transfer methods such as rsync, samba, etc.
and makes use of compression and pooling of files to save diskspace.

Of course, getting some scripts using rsync over ssh or something like that won't be that hard,
but anyway, I recommend you to check out BackupPC.

Or, the commercial route: Dantz Retrospect (1)

catscan2000 (211521) | more than 10 years ago | (#9888018)

Dantz Retrospect [dantz.com] lets you back up Linux boxes from a Windows or OS X backup server using its own client. They only support RedHat, but they do have a tar.gz that can probably be made to work with Debian. It's what I use to back up my firewall/email/web/everything server. It uses multicast for discovery, so if you put it onto a firewall, you'll need to set up multicast so that the packets are internal instead of on the default (Internet) route for the backup server to see the Linux box.

Quick and Dirty Secure Win-Lin backup (2, Interesting)

Proteus (1926) | more than 10 years ago | (#9888498)

I've got a quick-and-dirty solution that I use for off-site backups of a relative's Windows network. This may not be exactly what you need, but hopefully it gets you started in the right direction.

First, I create backup files. To do this, I use the Backup utility built into Windows (for better or worse). Of course, this assumes you have enough freespace on your Windows volumes to accomodate the backups...

On the server side, I set up an FTP daemon and an OpenSSH daemon. The FTP daemon is configured to only accept connections from localhost, so one must log in via SSH to transfer via FTP.

Then, I use a simple Win script to
  1. open a key-authenticated SSH session with PuTTY (configured to tunnel FTP connections)
  2. establish an FTP connection with localhost on the Win machine (initiates tunnelled connection)
  3. transfer the files with FTP over the secure link

This has worked fantastically well for me, and the only thing I didn't already have was PuTTY. It's also as secure as any other SSH activity (pretty darn secure), and if you make the SSH session log in as a restricted "backup" user, it becomes very difficult to use this system to escalate privileges on the server.

Yes, I've done this. (2, Informative)

millisa (151093) | more than 10 years ago | (#9888555)

I've put something similar in place which utilized the built in NTBackup as well as a combination of SSH/FTP. Scripting out NTBackup is easy enough; you just create the BKS file it'll use, backup using that file, and then get the file over to your linux system.

To backup the systemstate (you need to do this on your DC's and Exchange boxes), you have to do it locally.

Instead of putting in a directory in your BKS, just put the word: SystemState
on its own line.

Your exchange directory store:
DS \\EXCHANGESERVERNAME

You exchange information store:
IS \\EXCHANGESERVERNAME

Directories and files:
c:\whereever\blah\blah\blah
c:\anotherdir \blah

To exclude:
add a /exclude to the dir/file line in the BKS.

Note: The BKS files are in a sort of unicode format (thanks Microsoft). I was using perl to create the files before every backup so I didn't have to depend on changing static files on each system being backed up. Its not quite unicode . . . open the file in a hex editor and check it out if you want to write them dynamically.

To kick off ntbackup at the commandline and use that BKS, something like this would work:

ntbackup backup "@\\server\backupdir\YOURSERVER_SystemState.bks" /j "Helpful Description SystemState" /f \\server\backupdir\name_of_your_backup.bkf /n "Helpful Description SystemState" /d "Helpful Description SystemState" /v:no /r:no /l:s /m normal /rs:no /hc:off

Or for an incremental:
ntbackup backup "@\\server\backupdir\YOURSERVER_bunchadirs.bks" /j "Helpful Description BunchaDirs" /f \\server\backupdir\name_of_your_backup.bkf /n "Helpful Description BunchaDirs" /d "Helpful Description BunchaDirs" /v:no /r:no /l:s /a /m incremental /rs:no /hc:off

I was planning on exclusively using SCP to transfer the files between the systems, but I ran into problems with the Win32 SSH client and server. Anytime I wanted to move a file bigger than 2G off the Win systems, I'd end up with a corrupt file. (So, I had to resort to using FTP in some cases).

Only semi related, If you are backing up systems at a datacenter and eventually sending them to a repository in the office (or vice versa) and sending them over a limited data line (we only had a couple T1's), you might want to look at the shaper app. I was able to limit the traffic heading over that T1 line after it was conglomerated on a datacenter server so that the users in the office could still do their work.

After adding a few hooks to the various scripts to have it spew its progress to a central server that I monitor for errors, I had a fairly scalable script based backup system using built in backups (NTBackup on 2k/Xp/2k3 and Tar). Oh, and Bzip2 is your friend on the windows systems. Getting around 2GB file size limitations was the biggest pain in the whole setup. Go through some good QA and check every backup that is created for the first week; it sucks finding out your files are corrupted when you need them . . .

Re:Yes, I've done this. (0)

Anonymous Coward | more than 10 years ago | (#9920809)

I'd absolutely agree that using NTBackup is the way to go, unless by "restore" the original question meant "restore a few files that happened not to be in use at the time, and no system settings". The bkf file that is created can be encrypted (for a remote target) using gpg and the resultant file by many of the methods described in the rest of the discussion.

Non-free non-native backup programs such as Retrospect, Legato etc. may not always be available when you need them (months or years from now).

I'm not aware of a way of backing up the current registry with something like Gnu tar (although you can always backup a system state to disk with ntbackup and back that up with tar).

Two links (1)

Anonymous Coward | more than 10 years ago | (#9888661)

Maybe try BackupPC [sourceforge.net] , which I believe supports rsync and SSH on Windows (with cygwin).

Here's [mikerubel.org] another good site on backing up Windows machines.

Karen's Replicator + WebDav (1)

DA-MAN (17442) | more than 10 years ago | (#9892767)

I'd suggest using a combo of https and webdav on the Linux box and Karen's replicator [karenware.com] on the Windows side to keep consistancy.

It's about as close as you can get to rsync on Windows without resorting to cygwin, plus it can run non-stop as a service.

Hope this helps.

Rsync daemon works on Windows (0)

Anonymous Coward | more than 10 years ago | (#9895944)

I've done this before, between two Windows computers! There's also an SSH implementation for Windows and you can grab all the files that aren't locked or protected on that machine. As for the registry and protected files, well, you use something like Ghost for that. Your backup should consist of only user data.

Duplicity (1)

gagravarr (148765) | more than 10 years ago | (#9898085)

You want duplicity [nongnu.org] . It'll run over SSH, and uses librsync. You get compressed backups, and compressed incremental changes. You can easily go back to the version of the file from a few days previously, or the latest version. It requires Python, librsync, and either a ssh or ftp server. You can make it work with cygwin, or with ActivePython + some other ssh server.

Re:Duplicity (0)

Anonymous Coward | more than 10 years ago | (#9898615)

Come on guys get serious.
The only one out there is Snapshot EFB.
Six months worth of full backups (no incrementals) to one hot swap hard disk. 98% data compression. Instant recovery of any file from any server in seconds. Commercial product but worth a look at sysV.com. Resellers and Consultants can get a free license if you ask.
Cheers...

Automating NTBackup is half the battle. Example... (1)

jakedata (585566) | more than 10 years ago | (#9898563)

Making NTBackup operate at the command line can be tricky. You can use the backup wizard to create the bkf file for Exchange, and then specify it from the command line.

Here is an example .bat file I use for naming and managing backups without the use of any external utilities. It is pure batch language on Windows 2000.

Move the files to Linux any way you want.

-begin backup.bat-

rem Make room by deleting oldest files, leaving four newest

for /F "skip=4" %%A in ('dir s:\backup\*email.bkf /o-d /b') do del s:\backup\%%A
for /F "skip=4" %%A in ('dir s:\backup\*system.bkf /o-d /b') do del s:\backup\%%A

rem Back up the C drive
C:\WINNT\system32\ntbackup.exe backup systemstate c: /M normal /F s:\backup\system.bkf

rem Grab the date and time, strip out extra spaces and illegal characters, insert dashes and rename latest backup file
FOR /F "tokens=2,3* delims=/ " %%i in ('date /t') do FOR /F "tokens=1,2 delims=: " %%l in ('time /t') do FOR /F "tokens=1-5 " %%n in ('@echo %%i %%j %%k%%l %%m') do rename s:\backup\system.bkf %%n-%%o-%%p-%%q-%%r-system.bkf

rem Back up the Exchange database
C:\WINNT\system32\ntbackup.exe backup "@C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\exchange.bks" /a /v:no /r:no /rs:no /hc:off /m normal /j "exchange" /l:s /f "s:\backup\email.bkf"

rem Grab the date and time, strip out extra spaces and illegal characters, insert dashes and rename latest backup file
FOR /F "tokens=2,3* delims=/ " %%i in ('date /t') do FOR /F "tokens=1,2 delims=: " %%l in ('time /t') do FOR /F "tokens=1-5 " %%n in ('@echo %%i %%j %%k%%l %%m') do rename s:\backup\email.bkf %%n-%%o-%%p-%%q-%%r-email.bkf

SSH altern. - PuTTY's other utils or MS's SFU 3.5 (0)

Anonymous Coward | more than 10 years ago | (#9904050)

I personally use Cygwin for various and obivious reasons. However, if you need SSH and cannot install Cygwin, for your various and obvious reasons, consider the alternatives.

PuTTY has several other utilities that come with it. For tunnelling, PLINK comes to mind - a cmdline util for establishing tunnels without a TTY ! It's small and can be unzipped alone from PuTTY's homepage.

If you cannot even use PuTTY & its utils. You could resort to Microsoft's Services for Unix. This is large install 135 Meg or so. (Or install it somewhere, copy out the bin & libs you need, and install them by hand.) If installed with Cygwin, it will break Cygwin (ENV issues, etc.)

SFU 3.5 comes with a full suite of unix utils, compilers, etc, including SSH. You can go grab source and recompile for Win2K or XP.

It DOES NOT come with any servers - no sshd, no X, etc. *They don't want to step on their partners territory* (i.e. get sued anymore than necessary)

SFU is a free download from MS. The Licenses prevent them from distributing *this* version of SFU. Their future versions built in to the OS are supposed to come from private source so the can distribute them.

rdiff-backup (1)

exekewtable (130076) | more than 10 years ago | (#9911619)

rdiff-backup does what you want.
I have windows installers available:

http://sol1.net/~dave/backup

http://rdiff-backup.stanford.edu

it solves your problem exactly

I use it - get blat to email you the logs and you are sweet
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>