Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1677 from enkore/pr/1676

Added docs explaining multiple --restrict-to-path flags, with example…
TW 8 years ago
parent
ce72d24825 573cb616d3
commit
45a2d8b5c0
2 changed files with 9 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      borg/archiver.py
  2. 6 0
      docs/deployment.rst

+ 3 - 1
borg/archiver.py
View File 

@@ -1011,7 +1011,9 @@ class Archiver:
 
                                           help='start repository server process')
 
         subparser.set_defaults(func=self.do_serve)
 
         subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append',
 
-                               metavar='PATH', help='restrict repository access to PATH')
 
+                               metavar='PATH', help='restrict repository access to PATH. '
 
+                                                    'Can be specified multiple times to allow the client access to several directories. '
 
+                                                    'Access to all sub-directories is granted implicitly; PATH doesn\'t need to directly point to a repository.')
 
         subparser.add_argument('--append-only', dest='append_only', action='store_true',
 
                                help='only allow appending to repository segment files')
 
         init_epilog = textwrap.dedent("""

+ 6 - 0
docs/deployment.rst
View File 

@@ -54,6 +54,12 @@ Restrictions
 
 Borg is instructed to restrict clients into their own paths:
 
 ``borg serve --restrict-to-path /home/backup/repos/<client fqdn>``
 
 
+The client will be able to access any file or subdirectory inside of ``/home/backup/repos/<client fqdn>``
 
+but no other directories. You can allow a client to access several separate directories by passing multiple
 
+`--restrict-to-path` flags, for instance: ``borg serve --restrict-to-path /home/backup/repos/<client fqdn> --restrict-to-path /home/backup/repos/<other client fqdn>``,
 
+which could make sense if multiple machines belong to one person which should then have access to all the
 
+backups of their machines.
 
+
 
 There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and
 
 ``app01.srv.local``. But they will access the backup under only one UNIX user account as:
 
 ``backup@backup01.srv.local``. Every key in ``$HOME/.ssh/authorized_keys`` has a