README_mods: Added rsync instructions

jasaw · Jun 4, 2018 · 2a4fa95 · 2a4fa95
1 parent 3f94578
commit 2a4fa95
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/README_mods.md b/README_mods.md
@@ -46,3 +46,56 @@ Note that this fork is __*not*__ compatible with ccrisan's MotionEyeOS because o
   sdram_freq=450
   over_voltage=0
   ```
+
+
+### How to automatically backup media files to Dropbox via a file server
+
+Set up camera upload folder permissions.
+1. Create a new user named `seccam` for the purpose of backing up files.
+2. Create a new group called `secmedia` and add `seccam` and the Dropbox owner into the group.
+3. Allow secmedia group to access the Dropbox media folder.
+   ```
+   chgrp secmedia Dropbox
+   chmod 710 Dropbox
+   chgrp -R secmedia Dropbox/CameraUploads
+   ```
+4. Enable secmedia group read-write permission for Dropbox/CameraUploads if not already enabled. `chmod 770 Dropbox/CameraUploads`.
+5. Create a symlink in `seccam` home directory that points to Dropbox/CameraUploads. `ln -s /home/$DROPBOX_OWNER/Dropbox/CameraUploads CameraUploads`.
+
+Set up SSH key login from MotionEyeOS to the file server.
+1. On MotionEyeOS, copy `/data/etc/ssh_host_rsa_key.pub` to file server.
+2. On the file server, add the copied `ssh_host_rsa_key.pub` to authorized_keys by running `cat ssh_host_rsa_key.pub >> authorized_keys`.
+3. On MotionEyeOS, login to remote server by running `ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts seccam@SERVER_HOSTNAME`
+
+Set up rsync to backup media files.
+1. Try running rsync with verbose output to make sure rsync works. On MotionEyeOS, run ```if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -av --progress --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi```.
+2. Add additional security on the file server by limiting SSH login to running rsync command.
+   Create validate-rsync.sh file.
+   ```
+   touch ~/validate-rsync.sh
+   chmod +x ~/validate-rsync.sh
+   ```
+   Put the code below into validate-rsync.sh file.
+   ```
+   #!/bin/sh
+   case "$SSH_ORIGINAL_COMMAND" in
+   *\&*)
+   echo "Rejected"
+   ;;
+   *\;*)
+   echo "Rejected"
+   ;;
+   rsync\ --server*)
+   $SSH_ORIGINAL_COMMAND
+   ;;
+   *)
+   echo "Rejected"
+   ;;
+   esac
+   ```
+   Add to the ~/.ssh/authorized_keys file: `command="/home/seccam/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yc2... root@meye-01`.
+3. Try the rsync command again. If rsync works, rsync `--progress` and `-v` arguments can be replaced by `-q`.
+   Example: ```if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -aq --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi```
+4. Add the rsync command to crontab. Run `EDITOR=vi crontab -e` and add:
+   ```0 * * * * if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -aq --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi```
+5. Add the same rsync command to Motion Notification --> Run an End Command.