For my home network I wanted to buy a NAS which supports disk encryption and NFS since it is important for me that the backup is encrypted but also that it preserves owner, groups and permissions (therefore NFS). This way I thought I could use something like rsnapshot
or rBackup
to backup my data and get multiple snapshots. Unfortunately I didn't find any NAS which supports NFS and encryption at the same time. So I was wondering if there is any possibility to get this using an NAS which without NFS (using for example CIFS instead of NFS). So I am looking for a backup solution which meets the following requirements:
- backup to a NAS in my local network (i.e. I don't want to use a local usb drive)
- it should preserve owner, groups and permissions and symbolic links
- it should be encrypted
- there should be multiple snapshots available like in
rsnapshot
orrBackup
- it should be easy to access the files of a snapshot
- it should be not too slow
Any ideas how to do this in detail?
Edit:
I just try to sum up the answers so far and want to ask some additional question to clarify some points. It seems to be the most flexible option to use a container, FUSE or otherwise "faked" filesystem which doesn't depend on the target device. In this approach I can use any backup script I like and the encryption is done by the client CPU. The possibilities are:
- EncFS
- Truecrypt
- dmcrypt/luks
- S3QL
I am not sure if it is possible to read and write on the NAS via S3QL from two clients simultanously. Is it correct that this is no problem for the other approaches? Concerning the permissions, in any case I have just to make sure to make it work with NFS. For example I could just make my backup script to preserve numerical uid/gid and setup no users on the NAS at all.
EncFS seems to be the easiest solution so far. In Truecrypt and dmcrypt/luks I have to choose the containersize in advance which seems to be not so flexible as EncFS or Truecrypt. However are there any significant differences between those solutions concerning read/write performance and stability?
Another interesting approach mentioned so far is to use duplicity
as a backup script which does the encryption via gpg
by itself.
Best Answer
You can use EncFS on top of NFS
encfs /encrypted_place_at_nfs /mnt/place_to_access_it_unencrypted