mirror of
https://github.com/borgbackup/borg.git
synced 2024-12-27 02:08:54 +00:00
90 lines
3.1 KiB
Groff
90 lines
3.1 KiB
Groff
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH BORG-SERVE 1 "2017-05-17" "" "borg backup tool"
|
|
.SH NAME
|
|
borg-serve \- Start in server mode. This command is usually not used manually.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
borg [common options] serve <options>
|
|
.SH DESCRIPTION
|
|
.sp
|
|
This command starts a repository server process. This command is usually not used manually.
|
|
.SH OPTIONS
|
|
.sp
|
|
See \fIborg\-common(1)\fP for common options of Borg commands.
|
|
.SS optional arguments
|
|
.INDENT 0.0
|
|
.TP
|
|
.BI \-\-restrict\-to\-path \ PATH
|
|
restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
|
|
.TP
|
|
.B \-\-append\-only
|
|
only allow appending to repository segment files
|
|
.UNINDENT
|
|
.SH EXAMPLES
|
|
.sp
|
|
borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
|
|
example below): it will detect that you use such a forced command and extract
|
|
the value of the \fB\-\-restrict\-to\-path\fP option(s).
|
|
.sp
|
|
It will then parse the original command that came from the client, makes sure
|
|
that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
|
|
forced command. That way, other options given by the client (like \fB\-\-info\fP or
|
|
\fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
|
|
.sp
|
|
Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original
|
|
command sent by the client are \fInot\fP interpreted, but ignored. If BORG_XXX environment
|
|
variables should be set on the \fBborg serve\fP side, then these must be set in system\-specific
|
|
locations like \fB/etc/environment\fP or in the forced command itself (example below).
|
|
.INDENT 0.0
|
|
.INDENT 3.5
|
|
.sp
|
|
.nf
|
|
.ft C
|
|
# Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
|
|
# Use key options to disable unneeded and potentially dangerous SSH functionality.
|
|
# This will help to secure an automated remote backup system.
|
|
$ cat ~/.ssh/authorized_keys
|
|
command="borg serve \-\-restrict\-to\-path /path/to/repo",no\-pty,no\-agent\-forwarding,no\-port\-forwarding,no\-X11\-forwarding,no\-user\-rc ssh\-rsa AAAAB3[...]
|
|
|
|
# Set a BORG_XXX environment variable on the "borg serve" side
|
|
$ cat ~/.ssh/authorized_keys
|
|
command="export BORG_XXX=value; borg serve [...]",restrict ssh\-rsa [...]
|
|
.ft P
|
|
.fi
|
|
.UNINDENT
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fIborg\-common(1)\fP
|
|
.SH AUTHOR
|
|
The Borg Collective
|
|
.\" Generated by docutils manpage writer.
|
|
.
|