How to make creating shadow backups more secure?

JerryHorace · March 20, 2024, 3:18am

vshadow.exe -nw -script=setvars.cmd -exec=exec.cmd c:

exec.cmd:
call setvars.cmd >nul
rclone sync --delete-excluded --create-empty-src-dirs --links "%shadow_device_1%\Users" "destination"

I'm trying to take a backup after creating a shadow copy using the above code,

Because --delete-excluded is used, this will delete data that no longer exists in the source in the destination.

I have a concern, is it possible to delete data by mistake?

Because if some unknown error occurs in "%shadow_device_1%" and becomes an empty directory, all destination data will be deleted.

Is there any way to deal with this situation and make the backup safer?

kapitainsky · March 20, 2024, 9:17am

With or without vss it is always the same problem. Of course when you add extra steps chances of some error only increases.

With rclone you can use --backup-dir to at least not delete anything immediately.

Outside rclone you can improve your script by adding various conditions checks like checking if some folders/files you expect to exist actually exist and abort if not.

And very importantly maybe it is not the best idea to use rclone sync as a backup software. It does what it says on the tin - it syncs:) Look at kopia or restic.

JerryHorace · March 20, 2024, 10:56am

@ECHO OFF & cd /d "%~dp0"

::vshadow.exe -nw -script=setvars.cmd -exec=exec.cmd c:

SET shadow_device_1=\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy481

::First determine whether the long path of the snapshot has been obtained
if defined shadow_device_1 (
  echo "Variable has set value。"  
) else (
  echo "no value set。"
  ::If a string is not retrieved, this is to ensure that "%shadow_device_1%/Users" null/Users becomes an invalid path when the path is empty.
  SET shadow_device_1="Snapshot created unsuccessfully"

)

::Determine whether the path is valid
if not exist "%shadow_device_1%/Users" (
    echo Does not point to a valid shadow copy.
) else (
    echo Valid shadow copy
	rclone .....
)

SET shadow_device_1=
PAUSE

I modified the code so that I can determine whether the snapshot path is valid.

I planned to use kopia before, but I couldn’t find a way to browse encrypted data on my phone.

So I used Rclone, which is very good. You can use Round sync to view encrypted data on your mobile phone.

kapitainsky · March 20, 2024, 10:59am

There is always more than one way how to skin a cat:)

With sync it is indeed good idea to add some safety checks.

Still - sync and backup are two different things. With sync if you delete your super important file or it gets corrupted you will sync it and lose forever. With backup with snapshots you can always retrieve some past version.

JerryHorace · March 20, 2024, 11:55am

Thank you for your reminder. I have carefully thought about how to ensure data security again.

My backup solution is: Windows > Nas > OneDrive

In Windows, Windows historical version record > Nas is also used. In this way, if you want to restore the historical version, you usually restore it in the historical version record.

In case of accidental deletion due to --delete-excluded during the Rclone backup process, if it can be discovered and corrected in time, it can be restored through the next synchronization.

This will not affect Windows data

The data in OneDrive is read-only and only provides backup and browsing query data on the phone.

What I have in mind for now is this method, and I will adjust it as needed later.

system · April 19, 2024, 1:39pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.