Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #87328

Re: The boring Linux habit that saves machines

Path csiph.com!eternal-september.org!feeder.eternal-september.org!nntp.eternal-september.org!.POSTED!not-for-mail
From TheLastSysop <thelastsysop@dev.null>
Newsgroups comp.os.linux.misc
Subject Re: The boring Linux habit that saves machines
Date Mon, 01 Jun 2026 09:38:15 GMT
Organization The Null Device Restoration Society
Lines 47
Message-ID <c861afe98bcb6ec7304c@dev.null> (permalink)
References <a4a501301e80e1f8f6d6@dev.null> <mRWdnV06O9jLLYb3nZ2dnZfqnPSdnZ2d@giganews.com> <b63f45928f73e704abc1@dev.null> <sm04ijmfwhl.fsf@lakka.kapsi.fi>
Injection-Date Mon, 01 Jun 2026 09:38:16 +0000 (UTC)
Injection-Info dont-email.me; logging-data="2248632"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1958I+/A06cjTZC2DU6DDKaZ+GVZsogFbA="; posting-host="ba59903ec678904fef4b69d99f9031f0"
Cancel-Lock sha1:3Ps2RpPFPcEhm33TOT6jtSD6kPw= sha256:MlQbMOkcreYrlFuqIVbZaCaFtvdWKARQdmxg3MvuAAY= sha1:IxXm0VCWQAWd1Wk+QZCazrzmsio=
X-Operating-System TempleOS-adjacent abacus cluster
X-Mood reasonably caffeinated
X-Archive-Policy please preserve the funny parts
X-Newsreader tin can + wet string 0.9.7
In-Reply-To <sm04ijmfwhl.fsf@lakka.kapsi.fi>
Xref csiph.com comp.os.linux.misc:87328

Show key headers only | View raw

>On Mon, 01 Jun 2026 12:20:06 +0300, Anssi Saari
><anssi.saari@usenet.mail.kapsi.fi> wrote:
>TheLastSysop <thelastsysop@dev.null> writes:
>
>> Pre-encrypting before the cloud hop is the sane default.
>
>Makes me wonder, how is this usually done, in a real sysadmin situation?
>I've recently started using gocryptfs which has this thing called
>"reverse mount" which makes my plaintext backup files appear encrypted
>in another tree and then I can just rsync that. That works great for me
>with a little ~10 machines home network.
>
>But if you have 100s of GBs or TBs or to back up? Do you encrypt the
>backups locally and then push or sync all that? But then you need twice
>the space for the backups. Or keep only encrypted backups, local and
>remote? Or encrypt on the fly like I do but with something cooler than
>gocryptfs?

In bigger shops the usual answer is "the backup program encrypts before it
leaves the client", not "make a second encrypted copy and then sync it".

Tools like borg, restic, kopia, duplicity, etc. do chunking/dedup/compression
and then encrypt the repository data. The target only sees encrypted chunks and
metadata suitable for the tool, so you do not need plaintext plus a full second
encrypted tree. Local and remote repos can both be encrypted; the important part
is that restores are regularly tested and the key material is stored somewhere
that survives the building burning down.

For very large sets, the design is usually:

* client-side encryption before untrusted storage;
* incremental, chunked backups rather than whole-tree encrypted blobs;
* local fast restore target plus off-site/cloud copy when budgets allow;
* separate retention policy from replication policy;
* key escrow/offline copies, because encrypted backups without keys are just
expensive confetti.

Your gocryptfs reverse mount approach is perfectly reasonable for simple file-
level rsync workflows. The main downside is that rsync still sees a file tree,
so rename/churn patterns and lots of small files may be less efficient than a
backup tool with its own chunk store. For hundreds of GB or TB, I would look
first at borg/restic/kopia-style repositories and only fall back to the reverse-
mount trick if plain rsync compatibility is the main requirement.

-- 
TheLastSysop <thelastsysop@dev.null>
"I survived the great rm -rf / rehearsal and all I got was this .signature."

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-30 22:28 +0000
  Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-30 23:51 -0400
    Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 04:23 +0000
      Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-31 02:26 -0400
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 06:41 +0000
          Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-05-31 03:37 -0400
            Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 07:46 +0000
              Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:55 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 12:07 +0200
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 10:14 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:06 +0200
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 11:12 +0000
                Re: The boring Linux habit that saves machines Rich <rich@example.invalid> - 2026-06-06 18:30 +0000
                Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 20:49 +0200
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 09:07 +0000
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 09:10 +0000
      Re: The boring Linux habit that saves machines Anssi Saari <anssi.saari@usenet.mail.kapsi.fi> - 2026-06-01 12:20 +0300
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-01 09:38 +0000
          Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-02 02:20 -0400
            Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-02 11:08 +0000
              Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-02 23:58 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-04 11:47 +0000
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-04 11:57 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-05 12:53 +0000
                Re: The boring Linux habit that saves machines Richard Kettlewell <invalid@invalid.invalid> - 2026-06-05 17:35 +0100
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-05 16:42 +0000
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 00:06 -0400
                Re: The boring Linux habit that saves machines Richard Kettlewell <invalid@invalid.invalid> - 2026-06-06 10:35 +0100
                Re: The boring Linux habit that saves machines The Natural Philosopher <tnp@invalid.invalid> - 2026-06-06 10:39 +0100
                Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-05 23:55 -0400
                Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000
                Re: The boring Linux habit that saves machines Rich <rich@example.invalid> - 2026-06-06 18:42 +0000
              Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:53 +0000
          Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 08:52 +0000
      Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 06:41 +0000
        Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 03:07 -0400
          Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:28 +0200
          Re: The boring Linux habit that saves machines rbowman <bowman@montana.com> - 2026-06-06 19:16 +0000
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000
  Re: The boring Linux habit that saves machines "Mr. Man-wai Chang" <toylet.toylet@gmail.com> - 2026-05-31 16:43 +0800
    Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 08:48 +0000
    Re: The boring Linux habit that saves machines Stéphane CARPENTIER <sc@fiat-linux.fr> - 2026-05-31 10:16 +0000
      Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-05-31 10:22 +0000
  Re: The boring Linux habit that saves machines Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-06-06 06:38 +0000
    Re: The boring Linux habit that saves machines c186282 <c186282@nnada.net> - 2026-06-06 03:04 -0400
      Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 13:32 +0200
        Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 11:34 +0000
          Re: The boring Linux habit that saves machines "Carlos E.R." <robin_listas@es.invalid> - 2026-06-06 14:01 +0200
    Re: The boring Linux habit that saves machines Nuno Silva <nunojsilva@invalid.invalid> - 2026-06-06 09:17 +0100
      Re: The boring Linux habit that saves machines TheLastSysop <thelastsysop@dev.null> - 2026-06-06 09:40 +0000

csiph-web