mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-28 10:49:16 +00:00
ef8217afc9
also: git add borgfs.1
111 lines
4.2 KiB
Groff
111 lines
4.2 KiB
Groff
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH BORG-SERVE 1 "2017-11-25" "" "borg backup tool"
|
|
.SH NAME
|
|
borg-serve \- Start in server mode. This command is usually not used manually.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
borg [common options] serve [options]
|
|
.SH DESCRIPTION
|
|
.sp
|
|
This command starts a repository server process. This command is usually not used manually.
|
|
.SH OPTIONS
|
|
.sp
|
|
See \fIborg\-common(1)\fP for common options of Borg commands.
|
|
.SS optional arguments
|
|
.INDENT 0.0
|
|
.TP
|
|
.BI \-\-restrict\-to\-path \ PATH
|
|
restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
|
|
.TP
|
|
.BI \-\-restrict\-to\-repository \ PATH
|
|
restrict repository access. Only the repository located at PATH (no sub\-directories are considered) is accessible. Can be specified multiple times to allow the client access to several repositories. Unlike \fB\-\-restrict\-to\-path\fP sub\-directories are not accessible; PATH needs to directly point at a repository location. PATH may be an empty directory or the last element of PATH may not exist, in which case the client may initialize a repository there.
|
|
.TP
|
|
.B \-\-append\-only
|
|
only allow appending to repository segment files
|
|
.TP
|
|
.BI \-\-storage\-quota \ QUOTA
|
|
Override storage quota of the repository (e.g. 5G, 1.5T). When a new repository is initialized, sets the storage quota on the new repository as well. Default: no quota.
|
|
.UNINDENT
|
|
.SH EXAMPLES
|
|
.sp
|
|
borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
|
|
example below): it will detect that you use such a forced command and extract
|
|
the value of the \fB\-\-restrict\-to\-path\fP option(s).
|
|
.sp
|
|
It will then parse the original command that came from the client, makes sure
|
|
that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
|
|
forced command. That way, other options given by the client (like \fB\-\-info\fP or
|
|
\fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
|
|
.sp
|
|
Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original
|
|
command sent by the client are \fInot\fP interpreted, but ignored. If BORG_XXX environment
|
|
variables should be set on the \fBborg serve\fP side, then these must be set in system\-specific
|
|
locations like \fB/etc/environment\fP or in the forced command itself (example below).
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
# Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
|
|
# Use key options to disable unneeded and potentially dangerous SSH functionality.
|
|
# This will help to secure an automated remote backup system.
|
|
$ cat ~/.ssh/authorized_keys
|
|
command="borg serve \-\-restrict\-to\-path /path/to/repo",restrict ssh\-rsa AAAAB3[...]
|
|
|
|
# Set a BORG_XXX environment variable on the "borg serve" side
|
|
$ cat ~/.ssh/authorized_keys
|
|
command="export BORG_XXX=value; borg serve [...]",restrict ssh\-rsa [...]
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fBNOTE:\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
The examples above use the \fBrestrict\fP directive. This does automatically
|
|
block potential dangerous ssh features, even when they are added in a future
|
|
update. Thus, this option should be preferred.
|
|
.sp
|
|
If you\(aqre using openssh\-server < 7.2, however, you have to explicitly specify
|
|
the ssh features to restrict and cannot simply use the restrict option as it
|
|
has been introduced in v7.2. We recommend to use
|
|
\fBno\-port\-forwarding,no\-X11\-forwarding,no\-pty,no\-agent\-forwarding,no\-user\-rc\fP
|
|
in this case.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fIborg\-common(1)\fP
|
|
.SH AUTHOR
|
|
The Borg Collective
|
|
.\" Generated by docutils manpage writer.
|
|
.
|