borg/docs/man/borg-serve.1

.\" Man page generated from reStructuredText.
.
.TH BORG-SERVE 1 "2017-02-05" "" "borg backup tool"
.SH NAME
borg-serve \- Start in server mode. This command is usually not used manually.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
borg serve <options>
.SH DESCRIPTION
.sp
This command starts a repository server process. This command is usually not used manually.
.SH OPTIONS
.sp
See \fIborg\-common(1)\fP for common options of Borg commands.
.SS optional arguments
.INDENT 0.0
.TP
.BI \-\-restrict\-to\-path \ PATH
restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
.TP
.B \-\-append\-only
only allow appending to repository segment files
.UNINDENT
.SH EXAMPLES
.sp
borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
example below): it will detect that you use such a forced command and extract
the value of the \fB\-\-restrict\-to\-path\fP option(s).
It will then parse the original command that came from the client, makes sure
that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
forced command. That way, other options given by the client (like \fB\-\-info\fP or
\fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
# Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
# Use key options to disable unneeded and potentially dangerous SSH functionality.
# This will help to secure an automated remote backup system.
$ cat ~/.ssh/authorized_keys
command="borg serve \-\-restrict\-to\-path /path/to/repo",no\-pty,no\-agent\-forwarding,no\-port\-forwarding,no\-X11\-forwarding,no\-user\-rc ssh\-rsa AAAAB3[...]
.ft P
.fi
.UNINDENT
.UNINDENT
.SH SEE ALSO
.sp
\fIborg\-common(1)\fP
.SH AUTHOR
The Borg Collective
.\" Generated by docutils manpage writer.
.
commit man pages 2017-02-05 13:22:06 +00:00			`.\" Man page generated from reStructuredText.`
			`.`
			`.TH BORG-SERVE 1 "2017-02-05" "" "borg backup tool"`
			`.SH NAME`
			`borg-serve \- Start in server mode. This command is usually not used manually.`
			`.`
			`.nr rst2man-indent-level 0`
			`.`
			`.de1 rstReportMargin`
			`\\$1 \\n[an-margin]`
			`level \\n[rst2man-indent-level]`
			`level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]`
			`-`
			`\\n[rst2man-indent0]`
			`\\n[rst2man-indent1]`
			`\\n[rst2man-indent2]`
			`..`
			`.de1 INDENT`
			`.\" .rstReportMargin pre:`
			`. RS \\$1`
			`. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]`
			`. nr rst2man-indent-level +1`
			`.\" .rstReportMargin post:`
			`..`
			`.de UNINDENT`
			`. RE`
			`.\" indent \\n[an-margin]`
			`.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]`
			`.nr rst2man-indent-level -1`
			`.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]`
			`.in \\n[rst2man-indent\\n[rst2man-indent-level]]u`
			`..`
			`.SH SYNOPSIS`
			`.sp`
			`borg serve <options>`
			`.SH DESCRIPTION`
			`.sp`
			`This command starts a repository server process. This command is usually not used manually.`
			`.SH OPTIONS`
			`.sp`
			`See \fIborg\-common(1)\fP for common options of Borg commands.`
			`.SS optional arguments`
			`.INDENT 0.0`
			`.TP`
			`.BI \-\-restrict\-to\-path \ PATH`
			`restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.`
			`.TP`
			`.B \-\-append\-only`
			`only allow appending to repository segment files`
			`.UNINDENT`
			`.SH EXAMPLES`
			`.sp`
			`borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP`
			`example below): it will detect that you use such a forced command and extract`
			`the value of the \fB\-\-restrict\-to\-path\fP option(s).`
			`It will then parse the original command that came from the client, makes sure`
			`that it is also \fBborg serve\fP and enforce path restriction(s) as given by the`
			`forced command. That way, other options given by the client (like \fB\-\-info\fP or`
			`\fB\-\-umask\fP) are preserved (and are not fixed by the forced command).`
			`.INDENT 0.0`
			`.INDENT 3.5`
			`.sp`
			`.nf`
			`.ft C`
			`# Allow an SSH keypair to only run borg, and only have access to /path/to/repo.`
			`# Use key options to disable unneeded and potentially dangerous SSH functionality.`
			`# This will help to secure an automated remote backup system.`
			`$ cat ~/.ssh/authorized_keys`
			`command="borg serve \-\-restrict\-to\-path /path/to/repo",no\-pty,no\-agent\-forwarding,no\-port\-forwarding,no\-X11\-forwarding,no\-user\-rc ssh\-rsa AAAAB3[...]`
			`.ft P`
			`.fi`
			`.UNINDENT`
			`.UNINDENT`
			`.SH SEE ALSO`
			`.sp`
			`\fIborg\-common(1)\fP`
			`.SH AUTHOR`
			`The Borg Collective`
			`.\" Generated by docutils manpage writer.`
			`.`