Backup Your Mac to Hidden Location With Rsync

This last weekend, I almost lost all the pictures. We have four kids and have tons of pictures. I had set up the user accounts on our Mac on an external mirrored drive connected by Firewire. This was mostly good, but all the applications refused to connect this weekend because of some weird permissions issue. I went through all sorts of stuff to get it working, but at the end of the day, I just created a new account and copied all the files to the internal drive on the Mac, then changed ownership of all the files and thought I was good to go.

That was until my wife went to make a Christmas book for her grandmother. Some of the pictures were missing, and all were blurry. The full-sized photos were gone. I restored everything from Time Machine, which is good for those kinds of things, so everything turned out okay. But I have always been worried about what would happen if the Mac and the connected drives were stolen. I could use an online backup service... but I wouldn’t say I like to do that. There had to be a better way.



You could use the UNIX application sync to create a script that would back up every file to a remote sync server. I did not have one of those, but I did have a USB drive connected to my home wireless router, so I figured I could set it up to copy the files to that. No, go. Sync does not work well when connecting to a Samba server on the other end. I had to set up a real sync server.

An old PC in the basement that I had set up a copy of Ubuntu Linux on last year. Setting up Ubuntu is ridiculously easy, especially on a PC that is a few years old. Go to, download the latest copy, put it on a USB stick, and boot. It sets up everything automatically.

As I researched this, I found out I could very easily set up a Rsync server on the Linux box and copy over files from the Mac, but it was too easy. It was too easy because sync is not secure. All the files were sent over my wireless unencrypted. I wouldn’t say I like doing unencrypted things and not password-protected. When security is so easy to add to a system, it is worth taking a few extra minutes to do things right.

I discovered that you could set up sync to operate over a secure shell (SSH), which is encrypted. Furthermore, a feature built into SSH allows trusted computers to log in without using a username or password using public/private key encryption. So this is what I set up. I put a simple two-line script on the Mac that I set to run once a week, and it copies over just the changed files from the Mac to the Linux box hidden in the basement. I have moved to an 802.11n system, so the wireless runs nice and fast, which is good for transferring all those gymnastics pictures and videos.

So, the process is as follows:

Give your Linux box a static IP address so you can ssh to it. If you fancy it, name it on your internal DNS server. I am not that fancy. Set up the Mac to SSH to the Linux box with signatures by generating a key pair, doing a secure copy to the non-root user account on the Linux box (call it backup user or something like that), and putting it in the trusted keys file. See this website on ssh-keygen Mac to see how it is done.

Make a directory on the Linux box to store the backup files. I keep mine on the external USB drive, so I created a guide called /media/Volume/USB drive/mac_backup and gave the directory ownership to a backup user on the Linux box. After this, ensure the USB drive mounts when the Linux box is rebooted. Mine didn’t, so I had to enter the /etc/stab file to ensure it mounted on the boot.

Create sync.conf file in the /home/backup user directory. This is tricky – do not configure the main box’s sync server or sync.conf file. This mini-resync server is kicked off when the Mac does ssh to the backup user account on the Linux box. Here is the sync.conf file should look like this:

path = /media/Volume/mac_backup

read-only = false

use chroot = false

Then, create the script in a text file on the Mac and name it something like rsync_backup_script.txt. It should contain something like this (the \ is where I had to fit it onto this page; don’t type the \ and do put everything on the same line. Also substitute @ for (at character)):

Rsync -av –delete –exclude ‘.DS_Store’ –rsh=”ssh -l backup user”\

/Users/ backup user(at character) The sync command copies any new or changed files from the Mac to the Linux box. It also deletes any files on the backup that have been deleted on the Mac. Make the script executable. There is some way to do this with the GUI, but I open the terminal on the Mac, navigate to the directory with the file, and type: do mod u+x rsync_backup_script.txt. Now, test everything! You could go for it and execute the script by entering the command line: ./rsync_backup_script.txt. If that does not work, you need to step through the parts of the process – make sure you can ssh without using a password, check the file permissions on the Linux box, and check the sync.conf file, and even enter the command on the Mac terminal line to ensure everything works.

It will take hours for the first backup if your system is anything like mine. The script is set up to compress any files it can, and in future backups, it will only transfer the changes. This is not limited to backing up Macs. You can do the same thing with Windows boxes by installing Cygwin on the Windows machine and going through a similar process. Just create another directory on the backup drive and create a second profile in the sync.conf file that uses a different profile name and points to the new drive location, and you are off and running.

If you have to use your backup, you can use the opposite command to copy the files back to the Mac. Hopefully, you won’t have to do that, though! Something like this should work: sync -av –rsh=”ssh -l back up user” backup user(at character) /Users/ That is the complete exercise. I have gone through the files on the Linux box and ensured they are there, so I am happy. The box has no screen or keyboard connected to it, and it looks like a chunky old PC that no one wants. The noisy 1TB mirrored hard drives in the external array are slightly loud, which is another good reason to keep it hidden. Of course, I still make a USB copy occasionally and take it to work, but that is the backup to the backup. Hopefully, I will have good copies of my files available for many years.


Alcohol scholar. Bacon fan. Internetaholic. Beer geek. Thinker. Coffee advocate. Reader. Have a strong interest in consulting about teddy bears in Nigeria. Spent 2001-2004 promoting glue in Pensacola, FL. My current pet project is testing the market for salsa in Las Vegas, NV. In 2008 I was getting to know birdhouses worldwide. Spent 2002-2008 buying and selling easy-bake-ovens in Bethesda, MD. Spent 2002-2009 marketing country music in the financial sector.