Home Explore Help
Sign In
mirrors
/
borg
mirror of https://github.com/borgbackup/borg
2
0
Fork 0
Files Issues 0 Wiki
Tree: 874e6b8971
Branches Tags
borg
/
docs
/
man
/
borg-serve.1

borg-serve.1 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 
  1. .\" Man page generated from reStructuredText.
    2. 

  2. .
    3. 

  3. .TH BORG-SERVE 1 "2018-06-11" "" "borg backup tool"
    4. 

  4. .SH NAME
    5. 

  5. borg-serve \- Start in server mode. This command is usually not used manually.
    6. 

  6. .
    7. 

  7. .nr rst2man-indent-level 0
    8. 

  8. .
    9. 

  9. .de1 rstReportMargin
    10. 

  10. \\$1 \\n[an-margin]
    11. 

  11. level \\n[rst2man-indent-level]
    12. 

  12. level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
    13. 

  13. -
    14. 

  14. \\n[rst2man-indent0]
    15. 

  15. \\n[rst2man-indent1]
    16. 

  16. \\n[rst2man-indent2]
    17. 

  17. ..
    18. 

  18. .de1 INDENT
    19. 

  19. .\" .rstReportMargin pre:
    20. 

  20. . RS \\$1
    21. 

  21. . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
    22. 

  22. . nr rst2man-indent-level +1
    23. 

  23. .\" .rstReportMargin post:
    24. 

  24. ..
    25. 

  25. .de UNINDENT
    26. 

  26. . RE
    27. 

  27. .\" indent \\n[an-margin]
    28. 

  28. .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
    29. 

  29. .nr rst2man-indent-level -1
    30. 

  30. .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
    31. 

  31. .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
    32. 

  32. ..
    33. 

  33. .SH SYNOPSIS
    34. 

  34. .sp
    35. 

  35. borg [common options] serve [options]
    36. 

  36. .SH DESCRIPTION
    37. 

  37. .sp
    38. 

  38. This command starts a repository server process. This command is usually not used manually.
    39. 

  39. .SH OPTIONS
    40. 

  40. .sp
    41. 

  41. See \fIborg\-common(1)\fP for common options of Borg commands.
    42. 

  42. .SS optional arguments
    43. 

  43. .INDENT 0.0
    44. 

  44. .TP
    45. 

  45. .BI \-\-restrict\-to\-path \ PATH
    46. 

  46. restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
    47. 

  47. .TP
    48. 

  48. .BI \-\-restrict\-to\-repository \ PATH
    49. 

  49. restrict repository access. Only the repository located at PATH (no sub\-directories are considered) is accessible. Can be specified multiple times to allow the client access to several repositories. Unlike \fB\-\-restrict\-to\-path\fP sub\-directories are not accessible; PATH needs to directly point at a repository location. PATH may be an empty directory or the last element of PATH may not exist, in which case the client may initialize a repository there.
    50. 

  50. .TP
    51. 

  51. .B \-\-append\-only
    52. 

  52. only allow appending to repository segment files
    53. 

  53. .TP
    54. 

  54. .BI \-\-storage\-quota \ QUOTA
    55. 

  55. Override storage quota of the repository (e.g. 5G, 1.5T). When a new repository is initialized, sets the storage quota on the new repository as well. Default: no quota.
    56. 

  56. .UNINDENT
    57. 

  57. .SH EXAMPLES
    58. 

  58. .sp
    59. 

  59. borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
    60. 

  60. example below): it will detect that you use such a forced command and extract
    61. 

  61. the value of the \fB\-\-restrict\-to\-path\fP option(s).
    62. 

  62. .sp
    63. 

  63. It will then parse the original command that came from the client, makes sure
    64. 

  64. that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
    65. 

  65. forced command. That way, other options given by the client (like \fB\-\-info\fP or
    66. 

  66. \fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
    67. 

  67. .sp
    68. 

  68. Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original
    69. 

  69. command sent by the client are \fInot\fP interpreted, but ignored. If BORG_XXX environment
    70. 

  70. variables should be set on the \fBborg serve\fP side, then these must be set in system\-specific
    71. 

  71. locations like \fB/etc/environment\fP or in the forced command itself (example below).
    72. 

  72. .INDENT 0.0
    73. 

  73. .INDENT 3.5
    74. 

  74. .sp
    75. 

  75. .nf
    76. 

  76. .ft C
    77. 

  77. # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
    78. 

  78. # Use key options to disable unneeded and potentially dangerous SSH functionality.
    79. 

  79. # This will help to secure an automated remote backup system.
    80. 

  80. $ cat ~/.ssh/authorized_keys
    81. 

  81. command="borg serve \-\-restrict\-to\-path /path/to/repo",restrict ssh\-rsa AAAAB3[...]
    82. 

  82. 

  83. # Set a BORG_XXX environment variable on the "borg serve" side
    84. 

  84. $ cat ~/.ssh/authorized_keys
    85. 

  85. command="export BORG_XXX=value; borg serve [...]",restrict ssh\-rsa [...]
    86. 

  86. .ft P
    87. 

  87. .fi
    88. 

  88. .UNINDENT
    89. 

  89. .UNINDENT
    90. 

  90. .sp
    91. 

  91. \fBNOTE:\fP
    92. 

  92. .INDENT 0.0
    93. 

  93. .INDENT 3.5
    94. 

  94. The examples above use the \fBrestrict\fP directive. This does automatically
    95. 

  95. block potential dangerous ssh features, even when they are added in a future
    96. 

  96. update. Thus, this option should be preferred.
    97. 

  97. .sp
    98. 

  98. If you\(aqre using openssh\-server < 7.2, however, you have to explicitly specify
    99. 

  99. the ssh features to restrict and cannot simply use the restrict option as it
    100. 

  100. has been introduced in v7.2. We recommend to use
    101. 

  101. \fBno\-port\-forwarding,no\-X11\-forwarding,no\-pty,no\-agent\-forwarding,no\-user\-rc\fP
    102. 

  102. in this case.
    103. 

  103. .UNINDENT
    104. 

  104. .UNINDENT
    105. 

  105. .SH SEE ALSO
    106. 

  106. .sp
    107. 

  107. \fIborg\-common(1)\fP
    108. 

  108. .SH AUTHOR
    109. 

  109. The Borg Collective
    110. 

  110. .\" Generated by docutils manpage writer.
    111. 

  111. .
    112.