Tim's blah blah blah

Timemachine to Linux Server

(Updated: )

Here I document my setup of networked Time Machine backups to my linux server over Samba (SMB), which should be faster than AFS. The data is stored on a USB disk connected to the server formatted with zfs.

Ideally I would be able to backup over network, and unplug the disk from the server to directly restore from it, however the networked Time Machine backup is of different structure than a backup to a directly connected disk, so that’s still on the wishlist.



  1. Prepare disk
    1. Install ZFS on Ubuntu
    2. Partition disk – NB ensure you use static labels or else your pools might disappear! (If they did disappear, you debug sudo zdb, search sudo zpool import and import them again: zpool import -d /dev/disk/by-id <pool-name>)
      parted /dev/disk/by-id/
      mklabel GPT
    3. Create pool sudo zpool create pool0 /dev/disk/by-id/
    4. Create datasets
      sudo zfs create pool0/timemachinembp
      sudo zfs set quota=1200G pool0/timemachinembp
      sudo zfs create pool0/timemachinemba
      sudo zfs set quota=300G pool0/timemachinemba
      zfs list
    5. Automatic spin-down of USB disk (old hd-idle, new hd-idle), run at reboot from crontab, tell logrotate we want the log files to rotate.
      sudo hd-idle -t disk/by-id/wwn-0x3e41415851524c4a # optionally test once
      1. Either run via system service
        cat << EOF | sudo tee --append /etc/default/hd-idle
        # TvW 20210313 Setting up hd-idle for USB disk
        HD_IDLE_OPTS="-i 0 -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log"
        sudo service hd-idle start
        grep hd-idle /var/log/syslog
      2. Or run via crontab
        (sudo crontab -l 2>/dev/null; echo "@reboot hd-idle -a disk/by-id/wwn-0x3e41415851524c4a -i 3600 -l /var/log/hd-idle.log";) | sudo crontab -
      3. In both cases, set-up logrotate for hd-idle:
        cat << EOF | sudo tee /etc/logrotate.d/hd-idle
        /var/log/hd-idle.log {
  2. Create backup users
    1. No new homedir, point to datasets instead. Don’t allow shell login. No password needed on system level.
      sudo useradd --no-create-home --home-dir /pool0/timemachinembp --shell /usr/sbin/nologin backupmbp
      sudo useradd --no-create-home --home-dir /pool0/timemachinemba --shell /usr/sbin/nologin backupmba
    2. Set zfs dataset permissions & umask
      sudo chown backupmbp:backupmbp /pool0/timemachinembp
      sudo chown backupmba:backupmba /pool0/timemachinemba
      sudo chmod o-rx /pool0/timemachine{mbp,mba}
  3. Set-up file server using Samba v3
    1. Install Samba >4.8.0 for file serving and avahi-daemon for discovery sudo apt install samba avahi-daemon
    2. Allow users
      openssl rand -base64 20
      sudo smbpasswd -a backupmbp
      sudo smbpasswd -e backupmbp
      openssl rand -base64 20
      sudo smbpasswd -a backupmba
      sudo smbpasswd -e backupmba
    3. Configure Samba in /etc/samba/smb.conf:
          comment = Time Machine MBP
          path = /pool0/timemachinembp
          valid users = backupmbp
          browseable = yes
          writeable = yes
          create mask = 0600
          directory mask = 0700
          spotlight = yes
          vfs objects = catia fruit streams_xattr
          fruit:aapl = yes
          fruit:time machine = yes
          comment = Time Machine MBA
          path = /pool0/timemachinemba
          valid users = backupmba
          browseable = yes
          writeable = yes
          create mask = 0600
          directory mask = 0700
          spotlight = yes
          vfs objects = catia fruit streams_xattr
          fruit:aapl = yes
          fruit:time machine = yes
    4. Disable printing (because we don’t serve printers)
      load printers = no
      printing = bsd
      printcap name = /dev/null
      disable spoolss = yes
    5. Restart Samba and check if all OK
      sudo systemctl restart smbd
      tail -n 50 /var/log/samba/log.smbd
      should show
      daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
    6. Check if stuff is working with sudo smbstatus, check users known to samba with sudo pdbedit -L -v (from stack)
  4. Debugging zfs in case something goes wrong, I still don’t really get how zfs works :p. Also see here.
    zpool status
    sudo zpool import -c /etc/zfs/zpool.cache
    sudo zpool import <id>
    sudo zpool import pool0
    sudo zpool status
    sudo zfs umount pool0
    1. See also https://superuser.com/questions/685882/zpool-pool-i-o-is-currently-suspended

Configuration on Mac

Based on this this and this guides.

  1. Create sparse encrypted disk image using Disk Utility on network (Samba) share, naming as NAME_MACADDRESS.sparsebundle (NAME from scutil --get ComputerName and MACADDRESS from ifconfig en0 | grep ether sans colons), with fixed size to constrain Time Machine disk use.
  2. Mount said disk image, store password in Keychain to allow MacOS Time Machine to mount/unmount by itself (maybe this is not necessary)
  3. Tell Time Machine to use the network volume: sudo tmutil setdestination -a /Volumes/{network-drive}
  4. Enter network share credentials & disk image password

If you accidentally delete the Time Machine destination

  1. Tell Time Machine to use the network volume again: sudo tmutil setdestination -a /Volumes/{network-drive}
  2. Tell Time Machine to use the existing backup.