PDA

View Full Version : Backing up filevaults quickly


onlynone
02-14-2006, 10:56 AM
I use the filevault for my user account. Based on the suggestions in the user manual I logged out of that user before I do backups. I use the smart update, and everything works fine except that it takes over an hour to move the sparse image for my user account. Obviously even a small change in my home directory for that user would require the entire sparse image to be copied over.

There's no way around the long backup time the very first time, but it would be nice if after the first backup is done, you could designate certain files as sparse images which would be handled separately from the rest of the drive. After copying of all the other files is finished, each pair of sparse images (one on the source drive, and one on the target) are mounted, and a backup is then done from the source sparse image to the backup sparse image. That way, if only one file has change in my filevault, it would take just seconds to make the update. I believe root can mount and modify any filevault, right? If not, there could be an option to save the password of any encrypted sparse images you want treated in this way.

I've got a 37GB filevault/sparse image, It would make back ups a good deal faster for me.

(oh, and even though the user manual says that only firewire devices can be made bootable, I was able to boot off of the backup made to my external usb hard drive, don't know if anyone else has hit on this.)

dnanian
02-14-2006, 11:01 AM
To answer the 2nd question first, some USB drives will occasionally allow boot on some Macs. But in general they don't work.

Special FileVault handling is something we'll consider for the future -- but, no, root can't just mount it. It's encrypted, and root can't get by the encryption.

You might find it better to use something like Knox (http://www.knoxformac.com). FileVault is kind of massive overkill for most people who want to encrypt a few things -- I mean, why encrypt your MP3s?

With Knox, you can encrypt those few things, but leave most of your stuff "normal", which will improve your backup speeds and also improve safety, since encrypted images are inherently less stable than going right to the drive...

onlynone
02-14-2006, 05:58 PM
You're right, it wasn't that root could mount the sparse images, but you can set a master password which "is a 'safety net' password, it lets you unlock any FileVault account on this computer". So you could use that to smartly backup any/all user FileVaults.

Of course any non-FileVault password protected images wouldn't benefit from this, which is why you could still have the option to manually specify the password to any images you want intelligently backed up.

dnanian
02-14-2006, 07:04 PM
Understood. Thanks for the suggestion.

onlynone
02-18-2006, 03:25 PM
So, I thought I had come up with a cool solution the the problem I had above, this was my plan:

- userA has a FileVault homedir
- userB has regular homedir
- logout userA, login userB
- previous backup has been done, so userA's sparse image is already on backup drive
- mount userA's sparse image from the internal drive
- mount the backup of userA's from the external drive
- perform smart update from userA's homedir to userA's backup homedir
- unmount both sparse images
- at this point I'd be hoping that both sparse images would be identical
- if they are, perform a normal smart update from my internal drive to my external drive
- if the files aren't identical, just exclude them from the smart update.

This didn't work though, userA's internal sparse image is mounted ok as 'userA', userA's backup sparse image is mounted ok as 'userA 1'. In SuperDuper! I can select the source sparse image, but 'userA 1' is grayed out in the target list.

I tried creating a completely new encrypted sparse image, mounted it, and it was selectable in the target list of drives. Any idea why my plan wouldn't work?

dnanian
02-18-2006, 03:27 PM
If it's grey, it's likely because it's read-only...