mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-27 18:28:42 +00:00
889 lines
29 KiB
Groff
889 lines
29 KiB
Groff
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH BORG 1 "2020-04-12" "" "borg backup tool"
|
|
.SH NAME
|
|
borg \- deduplicating and encrypting backup tool
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
borg [common options] <command> [options] [arguments]
|
|
.SH DESCRIPTION
|
|
.\" we don't include the README.rst here since we want to keep this terse.
|
|
.
|
|
.sp
|
|
BorgBackup (short: Borg) is a deduplicating backup program.
|
|
Optionally, it supports compression and authenticated encryption.
|
|
.sp
|
|
The main goal of Borg is to provide an efficient and secure way to backup data.
|
|
The data deduplication technique used makes Borg suitable for daily backups
|
|
since only changes are stored.
|
|
The authenticated encryption technique makes it suitable for backups to not
|
|
fully trusted targets.
|
|
.sp
|
|
Borg stores a set of files in an \fIarchive\fP\&. A \fIrepository\fP is a collection
|
|
of \fIarchives\fP\&. The format of repositories is Borg\-specific. Borg does not
|
|
distinguish archives from each other in any way other than their name,
|
|
it does not matter when or where archives were created (e.g. different hosts).
|
|
.SH EXAMPLES
|
|
.SS A step\-by\-step example
|
|
.INDENT 0.0
|
|
.IP 1. 3
|
|
Before a backup can be made a repository has to be initialized:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg init \-\-encryption=repokey /path/to/repo
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 2. 3
|
|
Backup the \fB~/src\fP and \fB~/Documents\fP directories into an archive called
|
|
\fIMonday\fP:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg create /path/to/repo::Monday ~/src ~/Documents
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 3. 3
|
|
The next day create a new archive called \fITuesday\fP:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg create \-\-stats /path/to/repo::Tuesday ~/src ~/Documents
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
This backup will be a lot quicker and a lot smaller since only new never
|
|
before seen data is stored. The \fB\-\-stats\fP option causes Borg to
|
|
output statistics about the newly created archive such as the amount of unique
|
|
data (not shared with other archives):
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
|
|
Archive name: Tuesday
|
|
Archive fingerprint: bd31004d58f51ea06ff735d2e5ac49376901b21d58035f8fb05dbf866566e3c2
|
|
Time (start): Tue, 2016\-02\-16 18:15:11
|
|
Time (end): Tue, 2016\-02\-16 18:15:11
|
|
|
|
Duration: 0.19 seconds
|
|
Number of files: 127
|
|
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
|
|
Original size Compressed size Deduplicated size
|
|
This archive: 4.16 MB 4.17 MB 26.78 kB
|
|
All archives: 8.33 MB 8.34 MB 4.19 MB
|
|
|
|
Unique chunks Total chunks
|
|
Chunk index: 132 261
|
|
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 4. 3
|
|
List all archives in the repository:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg list /path/to/repo
|
|
Monday Mon, 2016\-02\-15 19:14:44
|
|
Tuesday Tue, 2016\-02\-16 19:15:11
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 5. 3
|
|
List the contents of the \fIMonday\fP archive:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg list /path/to/repo::Monday
|
|
drwxr\-xr\-x user group 0 Mon, 2016\-02\-15 18:22:30 home/user/Documents
|
|
\-rw\-r\-\-r\-\- user group 7961 Mon, 2016\-02\-15 18:22:30 home/user/Documents/Important.doc
|
|
\&...
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 6. 3
|
|
Restore the \fIMonday\fP archive by extracting the files relative to the current directory:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg extract /path/to/repo::Monday
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.IP 7. 3
|
|
Recover disk space by manually deleting the \fIMonday\fP archive:
|
|
.INDENT 3.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
$ borg delete /path/to/repo::Monday
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
\fBNOTE:\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Borg is quiet by default (it works on WARNING log level).
|
|
You can use options like \fB\-\-progress\fP or \fB\-\-list\fP to get specific
|
|
reports during command execution. You can also add the \fB\-v\fP (or
|
|
\fB\-\-verbose\fP or \fB\-\-info\fP) option to adjust the log level to INFO to
|
|
get other informational messages.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH NOTES
|
|
.SS Positional Arguments and Options: Order matters
|
|
.sp
|
|
Borg only supports taking options (\fB\-s\fP and \fB\-\-progress\fP in the example)
|
|
to the left or right of all positional arguments (\fBrepo::archive\fP and \fBpath\fP
|
|
in the example), but not in between them:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
borg create \-s \-\-progress repo::archive path # good and preferred
|
|
borg create repo::archive path \-s \-\-progress # also works
|
|
borg create \-s repo::archive path \-\-progress # works, but ugly
|
|
borg create repo::archive \-s \-\-progress path # BAD
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
This is due to a problem in the argparse module: \fI\%http://bugs.python.org/issue15112\fP
|
|
.SS Repository URLs
|
|
.sp
|
|
\fBLocal filesystem\fP (or locally mounted network filesystem):
|
|
.sp
|
|
\fB/path/to/repo\fP \- filesystem path to repo directory, absolute path
|
|
.sp
|
|
\fBpath/to/repo\fP \- filesystem path to repo directory, relative path
|
|
.sp
|
|
Also, stuff like \fB~/path/to/repo\fP or \fB~other/path/to/repo\fP works (this is
|
|
expanded by your shell).
|
|
.sp
|
|
Note: you may also prepend a \fBfile://\fP to a filesystem path to get URL style.
|
|
.sp
|
|
\fBRemote repositories\fP accessed via ssh \fI\%user@host\fP:
|
|
.sp
|
|
\fBuser@host:/path/to/repo\fP \- remote repo, absolute path
|
|
.sp
|
|
\fBssh://user@host:port/path/to/repo\fP \- same, alternative syntax, port can be given
|
|
.sp
|
|
\fBRemote repositories with relative paths\fP can be given using this syntax:
|
|
.sp
|
|
\fBuser@host:path/to/repo\fP \- path relative to current directory
|
|
.sp
|
|
\fBuser@host:~/path/to/repo\fP \- path relative to user\(aqs home directory
|
|
.sp
|
|
\fBuser@host:~other/path/to/repo\fP \- path relative to other\(aqs home directory
|
|
.sp
|
|
Note: giving \fBuser@host:/./path/to/repo\fP or \fBuser@host:/~/path/to/repo\fP or
|
|
\fBuser@host:/~other/path/to/repo\fP is also supported, but not required here.
|
|
.sp
|
|
\fBRemote repositories with relative paths, alternative syntax with port\fP:
|
|
.sp
|
|
\fBssh://user@host:port/./path/to/repo\fP \- path relative to current directory
|
|
.sp
|
|
\fBssh://user@host:port/~/path/to/repo\fP \- path relative to user\(aqs home directory
|
|
.sp
|
|
\fBssh://user@host:port/~other/path/to/repo\fP \- path relative to other\(aqs home directory
|
|
.sp
|
|
If you frequently need the same repo URL, it is a good idea to set the
|
|
\fBBORG_REPO\fP environment variable to set a default for the repo URL:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
export BORG_REPO=\(aqssh://user@host:port/path/to/repo\(aq
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
Then just leave away the repo URL if only a repo URL is needed and you want
|
|
to use the default \- it will be read from BORG_REPO then.
|
|
.sp
|
|
Use \fB::\fP syntax to give the repo URL when syntax requires giving a positional
|
|
argument for the repo (e.g. \fBborg mount :: /mnt\fP).
|
|
.SS Repository / Archive Locations
|
|
.sp
|
|
Many commands want either a repository (just give the repo URL, see above) or
|
|
an archive location, which is a repo URL followed by \fB::archive_name\fP\&.
|
|
.sp
|
|
Archive names must not contain the \fB/\fP (slash) character. For simplicity,
|
|
maybe also avoid blanks or other characters that have special meaning on the
|
|
shell or in a filesystem (borg mount will use the archive name as directory
|
|
name).
|
|
.sp
|
|
If you have set BORG_REPO (see above) and an archive location is needed, use
|
|
\fB::archive_name\fP \- the repo URL part is then read from BORG_REPO.
|
|
.SS Logging
|
|
.sp
|
|
Borg writes all log output to stderr by default. But please note that something
|
|
showing up on stderr does \fInot\fP indicate an error condition just because it is
|
|
on stderr. Please check the log levels of the messages and the return code of
|
|
borg for determining error, warning or success conditions.
|
|
.sp
|
|
If you want to capture the log output to a file, just redirect it:
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
borg create repo::archive myfiles 2>> logfile
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
Custom logging configurations can be implemented via BORG_LOGGING_CONF.
|
|
.sp
|
|
The log level of the builtin logging configuration defaults to WARNING.
|
|
This is because we want Borg to be mostly silent and only output
|
|
warnings, errors and critical messages, unless output has been requested
|
|
by supplying an option that implies output (e.g. \fB\-\-list\fP or \fB\-\-progress\fP).
|
|
.sp
|
|
Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
|
|
.sp
|
|
Use \fB\-\-debug\fP to set DEBUG log level \-
|
|
to get debug, info, warning, error and critical level output.
|
|
.sp
|
|
Use \fB\-\-info\fP (or \fB\-v\fP or \fB\-\-verbose\fP) to set INFO log level \-
|
|
to get info, warning, error and critical level output.
|
|
.sp
|
|
Use \fB\-\-warning\fP (default) to set WARNING log level \-
|
|
to get warning, error and critical level output.
|
|
.sp
|
|
Use \fB\-\-error\fP to set ERROR log level \-
|
|
to get error and critical level output.
|
|
.sp
|
|
Use \fB\-\-critical\fP to set CRITICAL log level \-
|
|
to get critical level output.
|
|
.sp
|
|
While you can set misc. log levels, do not expect that every command will
|
|
give different output on different log levels \- it\(aqs just a possibility.
|
|
.sp
|
|
\fBWARNING:\fP
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
Options \fB\-\-critical\fP and \fB\-\-error\fP are provided for completeness,
|
|
their usage is not recommended as you might miss important information.
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SS Return codes
|
|
.sp
|
|
Borg can exit with the following return codes (rc):
|
|
.TS
|
|
center;
|
|
|l|l|.
|
|
_
|
|
T{
|
|
Return code
|
|
T} T{
|
|
Meaning
|
|
T}
|
|
_
|
|
T{
|
|
0
|
|
T} T{
|
|
success (logged as INFO)
|
|
T}
|
|
_
|
|
T{
|
|
1
|
|
T} T{
|
|
warning (operation reached its normal end, but there were warnings \-\-
|
|
you should check the log, logged as WARNING)
|
|
T}
|
|
_
|
|
T{
|
|
2
|
|
T} T{
|
|
error (like a fatal error, a local or remote exception, the operation
|
|
did not reach its normal end, logged as ERROR)
|
|
T}
|
|
_
|
|
T{
|
|
128+N
|
|
T} T{
|
|
killed by signal N (e.g. 137 == kill \-9)
|
|
T}
|
|
_
|
|
.TE
|
|
.sp
|
|
If you use \fB\-\-show\-rc\fP, the return code is also logged at the indicated
|
|
level as the last log entry.
|
|
.SS Environment Variables
|
|
.sp
|
|
Borg uses some environment variables for automation:
|
|
.INDENT 0.0
|
|
.TP
|
|
.B General:
|
|
.INDENT 7.0
|
|
.TP
|
|
.B BORG_REPO
|
|
When set, use the value to give the default repository location. If a command needs an archive
|
|
parameter, you can abbreviate as \fB::archive\fP\&. If a command needs a repository parameter, you
|
|
can either leave it away or abbreviate as \fB::\fP, if a positional parameter is required.
|
|
.TP
|
|
.B BORG_PASSPHRASE
|
|
When set, use the value to answer the passphrase question for encrypted repositories.
|
|
It is used when a passphrase is needed to access an encrypted repo as well as when a new
|
|
passphrase should be initially set when initializing an encrypted repo.
|
|
See also BORG_NEW_PASSPHRASE.
|
|
.TP
|
|
.B BORG_PASSCOMMAND
|
|
When set, use the standard output of the command (trailing newlines are stripped) to answer the
|
|
passphrase question for encrypted repositories.
|
|
It is used when a passphrase is needed to access an encrypted repo as well as when a new
|
|
passphrase should be initially set when initializing an encrypted repo. Note that the command
|
|
is executed without a shell. So variables, like \fB$HOME\fP will work, but \fB~\fP won\(aqt.
|
|
If BORG_PASSPHRASE is also set, it takes precedence.
|
|
See also BORG_NEW_PASSPHRASE.
|
|
.TP
|
|
.B BORG_PASSPHRASE_FD
|
|
When set, specifies a file descriptor to read a passphrase
|
|
from. Programs starting borg may choose to open an anonymous pipe
|
|
and use it to pass a passphrase. This is safer than passing via
|
|
BORG_PASSPHRASE, because on some systems (e.g. Linux) environment
|
|
can be examined by other processes.
|
|
If BORG_PASSPHRASE or BORG_PASSCOMMAND are also set, they take precedence.
|
|
.TP
|
|
.B BORG_NEW_PASSPHRASE
|
|
When set, use the value to answer the passphrase question when a \fBnew\fP passphrase is asked for.
|
|
This variable is checked first. If it is not set, BORG_PASSPHRASE and BORG_PASSCOMMAND will also
|
|
be checked.
|
|
Main usecase for this is to fully automate \fBborg change\-passphrase\fP\&.
|
|
.TP
|
|
.B BORG_DISPLAY_PASSPHRASE
|
|
When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
|
|
.TP
|
|
.B BORG_HOSTNAME_IS_UNIQUE=no
|
|
Borg assumes that it can derive a unique hostname / identity (see \fBborg debug info\fP).
|
|
If this is not the case or you do not want Borg to automatically remove stale locks,
|
|
set this to \fIno\fP\&.
|
|
.TP
|
|
.B BORG_HOST_ID
|
|
Borg usually computes a host id from the FQDN plus the results of \fBuuid.getnode()\fP (which usually returns
|
|
a unique id based on the MAC address of the network interface. Except if that MAC happens to be all\-zero \- in
|
|
that case it returns a random value, which is not what we want (because it kills automatic stale lock removal).
|
|
So, if you have a all\-zero MAC address or other reasons to better externally control the host id, just set this
|
|
environment variable to a unique value. If all your FQDNs are unique, you can just use the FQDN. If not,
|
|
use \fI\%fqdn@uniqueid\fP\&.
|
|
.TP
|
|
.B BORG_LOGGING_CONF
|
|
When set, use the given filename as \fI\%INI\fP\-style logging configuration.
|
|
A basic example conf can be found at \fBdocs/misc/logging.conf\fP\&.
|
|
.TP
|
|
.B BORG_RSH
|
|
When set, use this command instead of \fBssh\fP\&. This can be used to specify ssh options, such as
|
|
a custom identity file \fBssh \-i /path/to/private/key\fP\&. See \fBman ssh\fP for other options. Using
|
|
the \fB\-\-rsh CMD\fP commandline option overrides the environment variable.
|
|
.TP
|
|
.B BORG_REMOTE_PATH
|
|
When set, use the given path as borg executable on the remote (defaults to "borg" if unset).
|
|
Using \fB\-\-remote\-path PATH\fP commandline option overrides the environment variable.
|
|
.TP
|
|
.B BORG_FILES_CACHE_TTL
|
|
When set to a numeric value, this determines the maximum "time to live" for the files cache
|
|
entries (default: 20). The files cache is used to quickly determine whether a file is unchanged.
|
|
The FAQ explains this more detailed in: \fIalways_chunking\fP
|
|
.TP
|
|
.B BORG_SHOW_SYSINFO
|
|
When set to no (default: yes), system information (like OS, Python version, ...) in
|
|
exceptions is not shown.
|
|
Please only use for good reasons as it makes issues harder to analyze.
|
|
.TP
|
|
.B BORG_WORKAROUNDS
|
|
A list of comma separated strings that trigger workarounds in borg,
|
|
e.g. to work around bugs in other software.
|
|
.sp
|
|
Currently known strings are:
|
|
.INDENT 7.0
|
|
.TP
|
|
.B basesyncfile
|
|
Use the more simple BaseSyncFile code to avoid issues with sync_file_range.
|
|
You might need this to run borg on WSL (Windows Subsystem for Linux) or
|
|
in systemd.nspawn containers on some architectures (e.g. ARM).
|
|
Using this does not affect data safety, but might result in a more bursty
|
|
write to disk behaviour (not continuously streaming to disk).
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.TP
|
|
.B Some automatic "answerers" (if set, they automatically answer confirmation questions):
|
|
.INDENT 7.0
|
|
.TP
|
|
.B BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
|
|
For "Warning: Attempting to access a previously unknown unencrypted repository"
|
|
.TP
|
|
.B BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
|
|
For "Warning: The repository at location ... was previously located at ..."
|
|
.TP
|
|
.B BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
|
|
For "Warning: \(aqcheck \-\-repair\(aq is an experimental feature that might result in data loss."
|
|
.TP
|
|
.B BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
|
|
For "You requested to completely DELETE the repository \fIincluding\fP all archives it contains:"
|
|
.TP
|
|
.B BORG_RECREATE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
|
|
For "recreate is an experimental feature."
|
|
.UNINDENT
|
|
.sp
|
|
Note: answers are case sensitive. setting an invalid answer value might either give the default
|
|
answer or ask you interactively, depending on whether retries are allowed (they by default are
|
|
allowed). So please test your scripts interactively before making them a non\-interactive script.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B Directories and files:
|
|
.INDENT 7.0
|
|
.TP
|
|
.B BORG_BASE_DIR
|
|
Defaults to \fB$HOME\fP or \fB~$USER\fP or \fB~\fP (in that order).
|
|
If you want to move all borg\-specific folders to a custom path at once, all you need to do is
|
|
to modify \fBBORG_BASE_DIR\fP: the other paths for cache, config etc. will adapt accordingly
|
|
(assuming you didn\(aqt set them to a different custom value).
|
|
.TP
|
|
.B BORG_CACHE_DIR
|
|
Defaults to \fB$BORG_BASE_DIR/.cache/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
|
|
\fI\%XDG env var\fP \fBXDG_CACHE_HOME\fP is set, then \fB$XDG_CACHE_HOME/borg\fP is being used instead.
|
|
This directory contains the local cache and might need a lot
|
|
of space for dealing with big repositories. Make sure you\(aqre aware of the associated
|
|
security aspects of the cache location: \fIcache_security\fP
|
|
.TP
|
|
.B BORG_CONFIG_DIR
|
|
Defaults to \fB$BORG_BASE_DIR/.config/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
|
|
\fI\%XDG env var\fP \fBXDG_CONFIG_HOME\fP is set, then \fB$XDG_CONFIG_HOME/borg\fP is being used instead.
|
|
This directory contains all borg configuration directories, see the FAQ
|
|
for a security advisory about the data in this directory: \fIhome_config_borg\fP
|
|
.TP
|
|
.B BORG_SECURITY_DIR
|
|
Defaults to \fB$BORG_CONFIG_DIR/security\fP\&.
|
|
This directory contains information borg uses to track its usage of NONCES ("numbers used
|
|
once" \- usually in encryption context) and other security relevant data.
|
|
.TP
|
|
.B BORG_KEYS_DIR
|
|
Defaults to \fB$BORG_CONFIG_DIR/keys\fP\&.
|
|
This directory contains keys for encrypted repositories.
|
|
.TP
|
|
.B BORG_KEY_FILE
|
|
When set, use the given filename as repository key file.
|
|
.TP
|
|
.B TMPDIR
|
|
This is where temporary files are stored (might need a lot of temporary space for some
|
|
operations), see \fI\%tempfile\fP for details.
|
|
.UNINDENT
|
|
.TP
|
|
.B Building:
|
|
.INDENT 7.0
|
|
.TP
|
|
.B BORG_OPENSSL_PREFIX
|
|
Adds given OpenSSL header file directory to the default locations (setup.py).
|
|
.TP
|
|
.B BORG_LIBLZ4_PREFIX
|
|
Adds given prefix directory to the default locations. If a \(aqinclude/lz4.h\(aq is found Borg
|
|
will be linked against the system liblz4 instead of a bundled implementation. (setup.py)
|
|
.TP
|
|
.B BORG_LIBB2_PREFIX
|
|
Adds given prefix directory to the default locations. If a \(aqinclude/blake2.h\(aq is found Borg
|
|
will be linked against the system libb2 instead of a bundled implementation. (setup.py)
|
|
.TP
|
|
.B BORG_LIBZSTD_PREFIX
|
|
Adds given prefix directory to the default locations. If a \(aqinclude/zstd.h\(aq is found Borg
|
|
will be linked against the system libzstd instead of a bundled implementation. (setup.py)
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
Please note:
|
|
.INDENT 0.0
|
|
.IP \(bu 2
|
|
Be very careful when using the "yes" sayers, the warnings with prompt exist for your / your data\(aqs security/safety.
|
|
.IP \(bu 2
|
|
Also be very careful when putting your passphrase into a script, make sure it has appropriate file permissions (e.g.
|
|
mode 600, root:root).
|
|
.UNINDENT
|
|
.SS File systems
|
|
.sp
|
|
We strongly recommend against using Borg (or any other database\-like
|
|
software) on non\-journaling file systems like FAT, since it is not
|
|
possible to assume any consistency in case of power failures (or a
|
|
sudden disconnect of an external drive or similar failures).
|
|
.sp
|
|
While Borg uses a data store that is resilient against these failures
|
|
when used on journaling file systems, it is not possible to guarantee
|
|
this with some hardware \-\- independent of the software used. We don\(aqt
|
|
know a list of affected hardware.
|
|
.sp
|
|
If you are suspicious whether your Borg repository is still consistent
|
|
and readable after one of the failures mentioned above occurred, run
|
|
\fBborg check \-\-verify\-data\fP to make sure it is consistent.
|
|
Requirements for Borg repository file systems.INDENT 0.0
|
|
.IP \(bu 2
|
|
Long file names
|
|
.IP \(bu 2
|
|
At least three directory levels with short names
|
|
.IP \(bu 2
|
|
Typically, file sizes up to a few hundred MB.
|
|
Large repositories may require large files (>2 GB).
|
|
.IP \(bu 2
|
|
Up to 1000 files per directory (10000 for repositories initialized with Borg 1.0)
|
|
.IP \(bu 2
|
|
mkdir(2) should be atomic, since it is used for locking
|
|
.IP \(bu 2
|
|
Hardlinks are needed for \fIborg_upgrade\fP \fB\-\-inplace\fP
|
|
.UNINDENT
|
|
.SS Units
|
|
.sp
|
|
To display quantities, Borg takes care of respecting the
|
|
usual conventions of scale. Disk sizes are displayed in \fI\%decimal\fP, using powers of ten (so
|
|
\fBkB\fP means 1000 bytes). For memory usage, \fI\%binary prefixes\fP are used, and are
|
|
indicated using the \fI\%IEC binary prefixes\fP,
|
|
using powers of two (so \fBKiB\fP means 1024 bytes).
|
|
.SS Date and Time
|
|
.sp
|
|
We format date and time conforming to ISO\-8601, that is: YYYY\-MM\-DD and
|
|
HH:MM:SS (24h clock).
|
|
.sp
|
|
For more information about that, see: \fI\%https://xkcd.com/1179/\fP
|
|
.sp
|
|
Unless otherwise noted, we display local date and time.
|
|
Internally, we store and process date and time as UTC.
|
|
.SS Resource Usage
|
|
.sp
|
|
Borg might use a lot of resources depending on the size of the data set it is dealing with.
|
|
.sp
|
|
If one uses Borg in a client/server way (with a ssh: repository),
|
|
the resource usage occurs in part on the client and in another part on the
|
|
server.
|
|
.sp
|
|
If one uses Borg as a single process (with a filesystem repo),
|
|
all the resource usage occurs in that one process, so just add up client +
|
|
server to get the approximate resource usage.
|
|
.INDENT 0.0
|
|
.TP
|
|
.B CPU client:
|
|
.INDENT 7.0
|
|
.IP \(bu 2
|
|
\fBborg create:\fP does chunking, hashing, compression, crypto (high CPU usage)
|
|
.IP \(bu 2
|
|
\fBchunks cache sync:\fP quite heavy on CPU, doing lots of hashtable operations.
|
|
.IP \(bu 2
|
|
\fBborg extract:\fP crypto, decompression (medium to high CPU usage)
|
|
.IP \(bu 2
|
|
\fBborg check:\fP similar to extract, but depends on options given.
|
|
.IP \(bu 2
|
|
\fBborg prune / borg delete archive:\fP low to medium CPU usage
|
|
.IP \(bu 2
|
|
\fBborg delete repo:\fP done on the server
|
|
.UNINDENT
|
|
.sp
|
|
It won\(aqt go beyond 100% of 1 core as the code is currently single\-threaded.
|
|
Especially higher zlib and lzma compression levels use significant amounts
|
|
of CPU cycles. Crypto might be cheap on the CPU (if hardware accelerated) or
|
|
expensive (if not).
|
|
.TP
|
|
.B CPU server:
|
|
It usually doesn\(aqt need much CPU, it just deals with the key/value store
|
|
(repository) and uses the repository index for that.
|
|
.sp
|
|
borg check: the repository check computes the checksums of all chunks
|
|
(medium CPU usage)
|
|
borg delete repo: low CPU usage
|
|
.TP
|
|
.B CPU (only for client/server operation):
|
|
When using borg in a client/server way with a \fI\%ssh:\-type\fP repo, the ssh
|
|
processes used for the transport layer will need some CPU on the client and
|
|
on the server due to the crypto they are doing \- esp. if you are pumping
|
|
big amounts of data.
|
|
.TP
|
|
.B Memory (RAM) client:
|
|
The chunks index and the files index are read into memory for performance
|
|
reasons. Might need big amounts of memory (see below).
|
|
Compression, esp. lzma compression with high levels might need substantial
|
|
amounts of memory.
|
|
.TP
|
|
.B Memory (RAM) server:
|
|
The server process will load the repository index into memory. Might need
|
|
considerable amounts of memory, but less than on the client (see below).
|
|
.TP
|
|
.B Chunks index (client only):
|
|
Proportional to the amount of data chunks in your repo. Lots of chunks
|
|
in your repo imply a big chunks index.
|
|
It is possible to tweak the chunker params (see create options).
|
|
.TP
|
|
.B Files index (client only):
|
|
Proportional to the amount of files in your last backups. Can be switched
|
|
off (see create options), but next backup might be much slower if you do.
|
|
The speed benefit of using the files cache is proportional to file size.
|
|
.TP
|
|
.B Repository index (server only):
|
|
Proportional to the amount of data chunks in your repo. Lots of chunks
|
|
in your repo imply a big repository index.
|
|
It is possible to tweak the chunker params (see create options) to
|
|
influence the amount of chunks being created.
|
|
.TP
|
|
.B Temporary files (client):
|
|
Reading data and metadata from a FUSE mounted repository will consume up to
|
|
the size of all deduplicated, small chunks in the repository. Big chunks
|
|
won\(aqt be locally cached.
|
|
.TP
|
|
.B Temporary files (server):
|
|
A non\-trivial amount of data will be stored on the remote temp directory
|
|
for each client that connects to it. For some remotes, this can fill the
|
|
default temporary directory at /tmp. This can be remediated by ensuring the
|
|
$TMPDIR, $TEMP, or $TMP environment variable is properly set for the sshd
|
|
process.
|
|
For some OSes, this can be done just by setting the correct value in the
|
|
.bashrc (or equivalent login config file for other shells), however in
|
|
other cases it may be necessary to first enable \fBPermitUserEnvironment yes\fP
|
|
in your \fBsshd_config\fP file, then add \fBenvironment="TMPDIR=/my/big/tmpdir"\fP
|
|
at the start of the public key to be used in the \fBauthorized_hosts\fP file.
|
|
.TP
|
|
.B Cache files (client only):
|
|
Contains the chunks index and files index (plus a collection of single\-
|
|
archive chunk indexes which might need huge amounts of disk space,
|
|
depending on archive count and size \- see FAQ about how to reduce).
|
|
.TP
|
|
.B Network (only for client/server operation):
|
|
If your repository is remote, all deduplicated (and optionally compressed/
|
|
encrypted) data of course has to go over the connection (\fBssh://\fP repo url).
|
|
If you use a locally mounted network filesystem, additionally some copy
|
|
operations used for transaction support also go over the connection. If
|
|
you backup multiple sources to one target repository, additional traffic
|
|
happens for cache resynchronization.
|
|
.UNINDENT
|
|
.SS Support for file metadata
|
|
.sp
|
|
Besides regular file and directory structures, Borg can preserve
|
|
.INDENT 0.0
|
|
.IP \(bu 2
|
|
symlinks (stored as symlink, the symlink is not followed)
|
|
.IP \(bu 2
|
|
special files:
|
|
.INDENT 2.0
|
|
.IP \(bu 2
|
|
character and block device files (restored via mknod)
|
|
.IP \(bu 2
|
|
FIFOs ("named pipes")
|
|
.IP \(bu 2
|
|
special file \fIcontents\fP can be backed up in \fB\-\-read\-special\fP mode.
|
|
By default the metadata to create them with mknod(2), mkfifo(2) etc. is stored.
|
|
.UNINDENT
|
|
.IP \(bu 2
|
|
hardlinked regular files, devices, FIFOs (considering all items in the same archive)
|
|
.IP \(bu 2
|
|
timestamps in nanosecond precision: mtime, atime, ctime
|
|
.IP \(bu 2
|
|
other timestamps: birthtime (on platforms supporting it)
|
|
.IP \(bu 2
|
|
permissions:
|
|
.INDENT 2.0
|
|
.IP \(bu 2
|
|
IDs of owning user and owning group
|
|
.IP \(bu 2
|
|
names of owning user and owning group (if the IDs can be resolved)
|
|
.IP \(bu 2
|
|
Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.sp
|
|
On some platforms additional features are supported:
|
|
.\" Yes/No's are grouped by reason/mechanism/reference.
|
|
.
|
|
.TS
|
|
center;
|
|
|l|l|l|l|.
|
|
_
|
|
T{
|
|
Platform
|
|
T} T{
|
|
ACLs
|
|
[5]
|
|
T} T{
|
|
xattr
|
|
[6]
|
|
T} T{
|
|
Flags
|
|
[7]
|
|
T}
|
|
_
|
|
T{
|
|
Linux
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes [1]
|
|
T}
|
|
_
|
|
T{
|
|
Mac OS X
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes (all)
|
|
T}
|
|
_
|
|
T{
|
|
FreeBSD
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes
|
|
T} T{
|
|
Yes (all)
|
|
T}
|
|
_
|
|
T{
|
|
OpenBSD
|
|
T} T{
|
|
n/a
|
|
T} T{
|
|
n/a
|
|
T} T{
|
|
Yes (all)
|
|
T}
|
|
_
|
|
T{
|
|
NetBSD
|
|
T} T{
|
|
n/a
|
|
T} T{
|
|
No [2]
|
|
T} T{
|
|
Yes (all)
|
|
T}
|
|
_
|
|
T{
|
|
Solaris and derivatives
|
|
T} T{
|
|
No [3]
|
|
T} T{
|
|
No [3]
|
|
T} T{
|
|
n/a
|
|
T}
|
|
_
|
|
T{
|
|
Windows (cygwin)
|
|
T} T{
|
|
No [4]
|
|
T} T{
|
|
No
|
|
T} T{
|
|
No
|
|
T}
|
|
_
|
|
.TE
|
|
.sp
|
|
Other Unix\-like operating systems may work as well, but have not been tested at all.
|
|
.sp
|
|
Note that most of the platform\-dependent features also depend on the file system.
|
|
For example, ntfs\-3g on Linux isn\(aqt able to convey NTFS ACLs.
|
|
.IP [1] 5
|
|
Only "nodump", "immutable", "compressed" and "append" are supported.
|
|
Feature request #618 for more flags.
|
|
.IP [2] 5
|
|
Feature request #1332
|
|
.IP [3] 5
|
|
Feature request #1337
|
|
.IP [4] 5
|
|
Cygwin tries to map NTFS ACLs to permissions with varying degrees of success.
|
|
.IP [5] 5
|
|
The native access control list mechanism of the OS. This normally limits access to
|
|
non\-native ACLs. For example, NTFS ACLs aren\(aqt completely accessible on Linux with ntfs\-3g.
|
|
.IP [6] 5
|
|
extended attributes; key\-value pairs attached to a file, mainly used by the OS.
|
|
This includes resource forks on Mac OS X.
|
|
.IP [7] 5
|
|
aka \fIBSD flags\fP\&. The Linux set of flags [1] is portable across platforms.
|
|
The BSDs define additional flags.
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fIborg\-common(1)\fP for common command line options
|
|
.sp
|
|
\fIborg\-init(1)\fP,
|
|
\fIborg\-create(1)\fP, \fIborg\-mount(1)\fP, \fIborg\-extract(1)\fP,
|
|
\fIborg\-list(1)\fP, \fIborg\-info(1)\fP,
|
|
\fIborg\-delete(1)\fP, \fIborg\-prune(1)\fP,
|
|
\fIborg\-recreate(1)\fP
|
|
.sp
|
|
\fIborg\-compression(1)\fP, \fIborg\-patterns(1)\fP, \fIborg\-placeholders(1)\fP
|
|
.INDENT 0.0
|
|
.IP \(bu 2
|
|
Main web site \fI\%https://www.borgbackup.org/\fP
|
|
.IP \(bu 2
|
|
Releases \fI\%https://github.com/borgbackup/borg/releases\fP
|
|
.IP \(bu 2
|
|
Changelog \fI\%https://github.com/borgbackup/borg/blob/master/docs/changes.rst\fP
|
|
.IP \(bu 2
|
|
GitHub \fI\%https://github.com/borgbackup/borg\fP
|
|
.IP \(bu 2
|
|
Security contact \fI\%https://borgbackup.readthedocs.io/en/latest/support.html#security\-contact\fP
|
|
.UNINDENT
|
|
.SH AUTHOR
|
|
The Borg Collective
|
|
|
|
orphan:
|
|
.\" Generated by docutils manpage writer.
|
|
.
|