From 2a4fa9541847f5cd169031a39de1c201309ac34f Mon Sep 17 00:00:00 2001 From: Joo Aun Saw Date: Fri, 2 Mar 2018 17:20:51 +1100 Subject: [PATCH] README_mods: Added rsync instructions --- README_mods.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/README_mods.md b/README_mods.md index 7f53f954047..ebb89d7ecd4 100644 --- a/README_mods.md +++ b/README_mods.md @@ -46,3 +46,56 @@ Note that this fork is __*not*__ compatible with ccrisan's MotionEyeOS because o sdram_freq=450 over_voltage=0 ``` + + +### How to automatically backup media files to Dropbox via a file server + +Set up camera upload folder permissions. +1. Create a new user named `seccam` for the purpose of backing up files. +2. Create a new group called `secmedia` and add `seccam` and the Dropbox owner into the group. +3. Allow secmedia group to access the Dropbox media folder. + ``` + chgrp secmedia Dropbox + chmod 710 Dropbox + chgrp -R secmedia Dropbox/CameraUploads + ``` +4. Enable secmedia group read-write permission for Dropbox/CameraUploads if not already enabled. `chmod 770 Dropbox/CameraUploads`. +5. Create a symlink in `seccam` home directory that points to Dropbox/CameraUploads. `ln -s /home/$DROPBOX_OWNER/Dropbox/CameraUploads CameraUploads`. + +Set up SSH key login from MotionEyeOS to the file server. +1. On MotionEyeOS, copy `/data/etc/ssh_host_rsa_key.pub` to file server. +2. On the file server, add the copied `ssh_host_rsa_key.pub` to authorized_keys by running `cat ssh_host_rsa_key.pub >> authorized_keys`. +3. On MotionEyeOS, login to remote server by running `ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts seccam@SERVER_HOSTNAME` + +Set up rsync to backup media files. +1. Try running rsync with verbose output to make sure rsync works. On MotionEyeOS, run ```if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -av --progress --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi```. +2. Add additional security on the file server by limiting SSH login to running rsync command. + Create validate-rsync.sh file. + ``` + touch ~/validate-rsync.sh + chmod +x ~/validate-rsync.sh + ``` + Put the code below into validate-rsync.sh file. + ``` + #!/bin/sh + case "$SSH_ORIGINAL_COMMAND" in + *\&*) + echo "Rejected" + ;; + *\;*) + echo "Rejected" + ;; + rsync\ --server*) + $SSH_ORIGINAL_COMMAND + ;; + *) + echo "Rejected" + ;; + esac + ``` + Add to the ~/.ssh/authorized_keys file: `command="/home/seccam/validate-rsync.sh" ssh-rsa AAAAB3NzaC1yc2... root@meye-01`. +3. Try the rsync command again. If rsync works, rsync `--progress` and `-v` arguments can be replaced by `-q`. + Example: ```if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -aq --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi``` +4. Add the rsync command to crontab. Run `EDITOR=vi crontab -e` and add: + ```0 * * * * if [ -z `pidof rsync` ]; then timeout -t 1800 nice -n 19 rsync -aq --delete --bwlimit=800 --exclude='.keep' -e "nice -n 19 ssh -i /data/etc/ssh_host_rsa_key -o UserKnownHostsFile=/data/etc/known_hosts" /home/ftp/sdcard/ seccam@SERVER_HOSTNAME:CameraUploads/ ; fi``` +5. Add the same rsync command to Motion Notification --> Run an End Command.