| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 |
- .\" Man page generated from reStructuredText.
- .
- .TH BORG-SERVE 1 "2019-03-21" "" "borg backup tool"
- .SH NAME
- borg-serve \- Start in server mode. This command is usually not used manually.
- .
- .nr rst2man-indent-level 0
- .
- .de1 rstReportMargin
- \\$1 \\n[an-margin]
- level \\n[rst2man-indent-level]
- level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
- -
- \\n[rst2man-indent0]
- \\n[rst2man-indent1]
- \\n[rst2man-indent2]
- ..
- .de1 INDENT
- .\" .rstReportMargin pre:
- . RS \\$1
- . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
- . nr rst2man-indent-level +1
- .\" .rstReportMargin post:
- ..
- .de UNINDENT
- . RE
- .\" indent \\n[an-margin]
- .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .nr rst2man-indent-level -1
- .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
- .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
- ..
- .SH SYNOPSIS
- .sp
- borg [common options] serve [options]
- .SH DESCRIPTION
- .sp
- This command starts a repository server process. This command is usually not used manually.
- .SH OPTIONS
- .sp
- See \fIborg\-common(1)\fP for common options of Borg commands.
- .SS optional arguments
- .INDENT 0.0
- .TP
- .BI \-\-restrict\-to\-path \ PATH
- restrict repository access to PATH. Can be specified multiple times to allow the client access to several directories. Access to all sub\-directories is granted implicitly; PATH doesn\(aqt need to directly point to a repository.
- .TP
- .BI \-\-restrict\-to\-repository \ PATH
- restrict repository access. Only the repository located at PATH (no sub\-directories are considered) is accessible. Can be specified multiple times to allow the client access to several repositories. Unlike \fB\-\-restrict\-to\-path\fP sub\-directories are not accessible; PATH needs to directly point at a repository location. PATH may be an empty directory or the last element of PATH may not exist, in which case the client may initialize a repository there.
- .TP
- .B \-\-append\-only
- only allow appending to repository segment files. Note that this only affects the low level structure of the repository, and running \fIdelete\fP or \fIprune\fP will still be allowed. See \fIappend_only_mode\fP in Additional Notes for more details.
- .TP
- .BI \-\-storage\-quota \ QUOTA
- Override storage quota of the repository (e.g. 5G, 1.5T). When a new repository is initialized, sets the storage quota on the new repository as well. Default: no quota.
- .UNINDENT
- .SH EXAMPLES
- .sp
- borg serve has special support for ssh forced commands (see \fBauthorized_keys\fP
- example below): it will detect that you use such a forced command and extract
- the value of the \fB\-\-restrict\-to\-path\fP option(s).
- .sp
- It will then parse the original command that came from the client, makes sure
- that it is also \fBborg serve\fP and enforce path restriction(s) as given by the
- forced command. That way, other options given by the client (like \fB\-\-info\fP or
- \fB\-\-umask\fP) are preserved (and are not fixed by the forced command).
- .sp
- Environment variables (such as BORG_XXX) contained in the original
- command sent by the client are \fInot\fP interpreted, but ignored. If BORG_XXX environment
- variables should be set on the \fBborg serve\fP side, then these must be set in system\-specific
- locations like \fB/etc/environment\fP or in the forced command itself (example below).
- .INDENT 0.0
- .INDENT 3.5
- .sp
- .nf
- .ft C
- # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
- # Use key options to disable unneeded and potentially dangerous SSH functionality.
- # This will help to secure an automated remote backup system.
- $ cat ~/.ssh/authorized_keys
- command="borg serve \-\-restrict\-to\-path /path/to/repo",restrict ssh\-rsa AAAAB3[...]
- # Set a BORG_XXX environment variable on the "borg serve" side
- $ cat ~/.ssh/authorized_keys
- command="export BORG_XXX=value; borg serve [...]",restrict ssh\-rsa [...]
- .ft P
- .fi
- .UNINDENT
- .UNINDENT
- .sp
- \fBNOTE:\fP
- .INDENT 0.0
- .INDENT 3.5
- The examples above use the \fBrestrict\fP directive. This does automatically
- block potential dangerous ssh features, even when they are added in a future
- update. Thus, this option should be preferred.
- .sp
- If you\(aqre using openssh\-server < 7.2, however, you have to explicitly specify
- the ssh features to restrict and cannot simply use the restrict option as it
- has been introduced in v7.2. We recommend to use
- \fBno\-port\-forwarding,no\-X11\-forwarding,no\-pty,no\-agent\-forwarding,no\-user\-rc\fP
- in this case.
- .UNINDENT
- .UNINDENT
- .SH SEE ALSO
- .sp
- \fIborg\-common(1)\fP
- .SH AUTHOR
- The Borg Collective
- .\" Generated by docutils manpage writer.
- .
|
