| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 |
- .\" Man page generated from reStructuredText.
- .
- .TH BORG-SERVE 1 "2017-04-29" "" "borg backup tool"
- .SH NAME
- borg-serve \- Start in server mode. This command is usually not used manually.
- .
- .nr rst2man-indent-level 0
- .
- .de1 rstReportMargin
- \\$1 \\n[an-margin]
- level \\n[rst2man-indent-level]
- level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
- -
- \\n[rst2man-indent0]
- \\n[rst2man-indent1]
- \\n[rst2man-indent2]
- ..
- .de1 INDENT
- .\" .rstReportMargin pre:
- . RS \\$1
- . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
- . nr rst2man-indent-level +1
- .\" .rstReportMargin post:
- ..
- .de UNINDENT
- . RE
- .\" indent \\n[an-margin]
- .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .nr rst2man-indent-level -1
- .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
- ..
- .SH SYNOPSIS
- .sp
- borg serve <options>
- .SH DESCRIPTION
- .sp
- This command starts a repository server process. This command is usually not used manually.
- .SH OPTIONS
- .sp
- See \fIborg\-common(1)\fP for common options of Borg commands.
- .SS optional arguments
- .INDENT 0.0
- .TP
- .BI \-\-restrict\-to\-path \ PATH
- restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
- .TP
- .B \-\-append\-only
- only allow appending to repository segment files
- .UNINDENT
- .SH EXAMPLES
- .sp
- borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
- example below): it will detect that you use such a forced command and extract
- the value of the \fB\-\-restrict\-to\-path\fP option(s).
- .sp
- It will then parse the original command that came from the client, makes sure
- that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
- forced command. That way, other options given by the client (like \fB\-\-info\fP or
- \fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
- .sp
- Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original
- command sent by the client are \fInot\fP interpreted, but ignored. If BORG_XXX environment
- variables should be set on the \fBborg serve\fP side, then these must be set in system\-specific
- locations like \fB/etc/environment\fP or in the forced command itself (example below).
- .INDENT 0.0
- .INDENT 3.5
- .sp
- .nf
- .ft C
- # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
- # Use key options to disable unneeded and potentially dangerous SSH functionality.
- # This will help to secure an automated remote backup system.
- $ cat ~/.ssh/authorized_keys
- command="borg serve \-\-restrict\-to\-path /path/to/repo",no\-pty,no\-agent\-forwarding,no\-port\-forwarding,no\-X11\-forwarding,no\-user\-rc ssh\-rsa AAAAB3[...]
- # Set a BORG_XXX environment variable on the "borg serve" side
- $ cat ~/.ssh/authorized_keys
- command="export BORG_XXX=value; borg serve [...]",restrict ssh\-rsa [...]
- .ft P
- .fi
- .UNINDENT
- .UNINDENT
- .SH SEE ALSO
- .sp
- \fIborg\-common(1)\fP
- .SH AUTHOR
- The Borg Collective
- .\" Generated by docutils manpage writer.
- .
|
