mirror/borg
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2024-12-26 01:37:20 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1677 from enkore/pr/1676

Browse source 
Added docs explaining multiple --restrict-to-path flags, with example…
This commit is contained in:
TW 2016-10-06 01:48:13 +02:00 committed by GitHub
commit 45a2d8b5c0
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
borg/archiver.py
View file

@ -1011,7 +1011,9 @@ def build_parser(self, args=None, prog=None):
help='start repository server process') help='start repository server process')
subparser.set_defaults(func=self.do_serve) subparser.set_defaults(func=self.do_serve)
subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append', subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append',
metavar='PATH', help='restrict repository access to PATH') metavar='PATH', help='restrict repository access to PATH. '
'Can be specified multiple times to allow the client access to several directories. '
'Access to all sub-directories is granted implicitly; PATH doesn\'t need to directly point to a repository.')
subparser.add_argument('--append-only', dest='append_only', action='store_true', subparser.add_argument('--append-only', dest='append_only', action='store_true',
help='only allow appending to repository segment files') help='only allow appending to repository segment files')
init_epilog = textwrap.dedent(""" init_epilog = textwrap.dedent("""

6
docs/deployment.rst
View file

@ -54,6 +54,12 @@ Restrictions
Borg is instructed to restrict clients into their own paths: Borg is instructed to restrict clients into their own paths:
``borg serve --restrict-to-path /home/backup/repos/<client fqdn>`` ``borg serve --restrict-to-path /home/backup/repos/<client fqdn>``
The client will be able to access any file or subdirectory inside of ``/home/backup/repos/<client fqdn>``
but no other directories. You can allow a client to access several separate directories by passing multiple
`--restrict-to-path` flags, for instance: ``borg serve --restrict-to-path /home/backup/repos/<client fqdn> --restrict-to-path /home/backup/repos/<other client fqdn>``,
which could make sense if multiple machines belong to one person which should then have access to all the
backups of their machines.
There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and
``app01.srv.local``. But they will access the backup under only one UNIX user account as: ``app01.srv.local``. But they will access the backup under only one UNIX user account as:
``backup@backup01.srv.local``. Every key in ``$HOME/.ssh/authorized_keys`` has a ``backup@backup01.srv.local``. Every key in ``$HOME/.ssh/authorized_keys`` has a