[NCLUG] Tidbit: /var/backups on Debian and Ubuntu

Bob Proulx bob at proulx.com
Sat Oct 20 14:32:32 MDT 2012

Recently I was chatting with folks and saw that the existence of
/var/backups wasn't universally known.  Let me post this tidbit as a
hint to make it better known.

On Debian and derived systems like Ubuntu there is a /var/backups
directory which is updated by the system crontabs with useful system
information.  If you are backing up your system but not backing up
/var then you should consider explicitly adding /var/backups to the
backup list.

In the /var/backups directory are saved a backup copy of your
/etc/passwd, /etc/group, and /etc/shadow files.  Especially if backed
up those can be useful to save a system after an accident.

In /var/backups are saved weekly status snapshots of apt's and dpkg's
package status.  These are rotated and therefore a long history is
available.  This contains a list of what packages were installed on
the machine previously.  This is useful to me when I want to know how
a system changed from last week to this week.

The commands to work with those files take a little bit of reading of
documentation in order to get their form right so let me help with a
few examples.

First you will need the dctrl-tools package installed.

  # apt-get install dctrl-tools

You can get a list of installed packages with:

  $ grep-dctrl -s Package -n "install ok installed" /var/backups/dpkg.status.0
  ...dumps a list of previously installed packages...

  $ zcat /var/backups/dpkg.status.1.gz | grep-dctrl -s Package -n "install ok installed" | sort > /tmp/before.list
  ...dumps a list of packages installed two days ago...
  ...use an older file to list more days ago...

  $ grep-status -s Package -n "install ok installed" | sort > /tmp/now.list
  ...dumps the current list of packages installed now...

Putting that information to use you can see what was different between
the backup file and now.

  $ grep-dctrl -s Package -n "install ok installed" /var/backups/dpkg.status.0 | sort > /tmp/list.prev

  $ grep-status -s Package -n "install ok installed" | sort > /tmp/list.now

  $ comm -3 /tmp/list.prev /tmp/list.now
  ...dumps the list of differences between before and now...
  ...column 1 will be packages that were installed before but not now...
  ...column 2 will be packages that are installed now but not before...
  ...column 3 is suppressed and would be packages that didn't change...

I find this information useful when trying to understand the install
history of a system.  It can also be used to replicate a system.  But
if you were to install everything that was previously installed then
all of the packages would be marked as manually installed.  That would
prevent the 'autoremove' functionality from working.

Fortunately the APT "extended_states" file is also in the backup.  After
installation the /var/lib/apt/extended_states file can be overwritten
with the backup copy and the previous state of what has been installed
due to dependencies will be restored and 'autoremove' will function
properly.  (Although in practice some more twiddling might be needed.)

If I have convinced you of the usefulness of /var/backups then go out
and check your system backups and verify that it is in the list of
directories to back up! :-)


More information about the NCLUG mailing list