1. 7

  2. 5

    This sounds like the worst backup scheme ever created and I don’t understand why people keep doing this bizarre things instead of just using a real backup tool or Time Machine which you can do to open source Samba as of 4.8, and could do with Netatalk for years.

    Additionally Apple intentionally created Launchd to kill cron (among other things) because of jobs running when they shouldn’t and were affecting performance of users doing video rendering. Launchd has the capability of running your tasks when the system is idle, low IOPS, connected to your home network, etc. Why not just use that?

    1. 5

      Hey, author here!

      First of all, thanks for pointing out Time Machine support for Samba, didn’t know that, I’ll read about it.

      I understand your criticism (it is in my backlog to refactor by backup strategy, but time is limited), but the point of the article is not the backup scheme itself, but rather show how can you fix your cron jobs if they need some extra level of privilege that Mojave now (IMO, righty) blocks.

      Again, thanks for suggesting Time Machine over Samba, I’ll dig in deeper.

      Have a good week!

      1. 1

        I think I have forgotten to update my blog post on Samba Time Machines and it’s still using the old Netatalk method, but when I get around to it I’ll try to send it your way. It works really well, and we’re actually at a point now where it’s “supported” by Apple. (includes all Apple extensions required in the protocol; no weird hacks or changes in MacOS required to make it work)

      2. 2

        Some backup tools, such as restic or duplicacy have way better features and configurability. Time Machine is too much one-button apple way, which only works until it stops working and then you can’t do anything. I tried using it, then it started to halt my machine to unresponsive state for minutes every time it ran backup, cleanup of old backups stopped working, exclusion mechanism is primitive and cumbersome (compare that to rsync/restic filters), no possibility to back up only home dir, no indication what files are copied and what’s going on, no deduplication between multiple computers. I have lightly-used desktop with only 500Gb HDD and still ran into lots of problems with Time Machine.

        P.S. I added taskpolicy -d throttle nice -n 20 before backup command and it seems that it solved “give backup low disk priority” problem, now UI almost does not freeze during backups. Haven’t yet automated backup process, however; thanks for launchd suggestion, I didn’t know it can schedule tasks. “Systemd way” has its advantages.

        1. 1

          Time Machine which you can do to open source Samba as of 4.8

          Hey, do you have any source for this? This would make a back burner project possible!

        2. 4

          I haven’t updated my personal computer to Mojave yet, for just these kinds of reasons. Thanks for pointing this one out.

          I’m curious—have you considered using a LaunchAgent for this instead of a cron job? Cron seems to be at least unofficially deprecated in favor of launchd so I wonder whether maybe the latter wouldn’t have the same permission issue.

          1. 1

            So, this is like selinux, and in Mojave you should whitelist every binary to allow it to access home directory? Or if I whitelist terminal, everything that I run inside it, gets its permissions? Even processes that are launched in background from that terminal?

            1. 1

              It seems like maybe Apple also found a way to not make their permissions usable from cli userspace. That probably should be improved.

              1. 1


              2. 1

                What about marking the shell script for Full Access, and making it only editable by root. Wouldn’t that improve things security wise? Or do you need root anyway to configure a cron job?

                1. 1

                  The script itself is not an binary, some interpreter (bash, python, lua, etc.) must run it, so whenever you are running a script, the binary name of the process is the interpreter, not the script, so I guess it wouldn’t work.