mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-25 09:19:31 +00:00
Merge pull request #1677 from enkore/pr/1676
Added docs explaining multiple --restrict-to-path flags, with example…
This commit is contained in:
commit
45a2d8b5c0
2 changed files with 9 additions and 1 deletions
|
@ -1011,7 +1011,9 @@ def build_parser(self, args=None, prog=None):
|
||||||
help='start repository server process')
|
help='start repository server process')
|
||||||
subparser.set_defaults(func=self.do_serve)
|
subparser.set_defaults(func=self.do_serve)
|
||||||
subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append',
|
subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append',
|
||||||
metavar='PATH', help='restrict repository access to PATH')
|
metavar='PATH', help='restrict repository access to PATH. '
|
||||||
|
'Can be specified multiple times to allow the client access to several directories. '
|
||||||
|
'Access to all sub-directories is granted implicitly; PATH doesn\'t need to directly point to a repository.')
|
||||||
subparser.add_argument('--append-only', dest='append_only', action='store_true',
|
subparser.add_argument('--append-only', dest='append_only', action='store_true',
|
||||||
help='only allow appending to repository segment files')
|
help='only allow appending to repository segment files')
|
||||||
init_epilog = textwrap.dedent("""
|
init_epilog = textwrap.dedent("""
|
||||||
|
|
|
@ -54,6 +54,12 @@ Restrictions
|
||||||
Borg is instructed to restrict clients into their own paths:
|
Borg is instructed to restrict clients into their own paths:
|
||||||
``borg serve --restrict-to-path /home/backup/repos/<client fqdn>``
|
``borg serve --restrict-to-path /home/backup/repos/<client fqdn>``
|
||||||
|
|
||||||
|
The client will be able to access any file or subdirectory inside of ``/home/backup/repos/<client fqdn>``
|
||||||
|
but no other directories. You can allow a client to access several separate directories by passing multiple
|
||||||
|
`--restrict-to-path` flags, for instance: ``borg serve --restrict-to-path /home/backup/repos/<client fqdn> --restrict-to-path /home/backup/repos/<other client fqdn>``,
|
||||||
|
which could make sense if multiple machines belong to one person which should then have access to all the
|
||||||
|
backups of their machines.
|
||||||
|
|
||||||
There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and
|
There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and
|
||||||
``app01.srv.local``. But they will access the backup under only one UNIX user account as:
|
``app01.srv.local``. But they will access the backup under only one UNIX user account as:
|
||||||
``backup@backup01.srv.local``. Every key in ``$HOME/.ssh/authorized_keys`` has a
|
``backup@backup01.srv.local``. Every key in ``$HOME/.ssh/authorized_keys`` has a
|
||||||
|
|
Loading…
Reference in a new issue