1backintime(1) USER COMMANDS backintime(1)
2
6 backintime - a simple backup tool for Linux.
7 This is the command line tool. The graphical tool is backintime-qt4.
9
11 backintime [--checksum] [--config PATH] [--debug] [--delete] [--help |
12 -h] [--keep-mount] [--license] [--local-backup] [--no-crontab]
13 [--no-local-backup] [--profile NAME | --profile-id ID] [--quiet]
14 [--version]
15 { backup | backup-job | benchmark-cipher [FILE-SIZE] | check-config |
17 decode [PATH] | last-snapshot | last-snapshot-path | pw-cache
18 [start|stop|restart|reload|status] | remove[-and-do-not-ask-again]
19 [SNAPSHOT_ID] | restore [WHAT [WHERE [SNAPSHOT_ID]]] | snapshots-list |
20 snapshots-list-path | snapshots-path | unmount }
21
24 Back In Time is a simple backup tool for Linux. The backup is done by
25 taking snapshots of a specified set of folders.
26 All you have to do is configure: where to save snapshots, what folders
28 to backup. You can also specify a backup schedule: disabled, every 5
29 minutes, every 10 minutes, every hour, every day, every week, every
30 month. To configure it use one of the graphical interfaces available
31 (backintime-gnome or backintime-kde4).
32 It acts as a 'user mode' backup tool. This means that you can
34 backup/restore only folders you have write access to (actually you can
35 backup read-only folders, but you can't restore them).
36 If you want to run it as root you need to use 'sudo -i backintime'.
38 A new snapshot is created only if something changed since the last
40 snapshot (if any).
41 A snapshot contains all the files from the selected folders (except for
43 exclude patterns). In order to reduce disk space it use hard-links (if
44 possible) between snapshots for unchanged files. This way a file of
45 10MiB, unchanged for 10 snapshots, will use only 10MiB on the disk.
46 When you restore a file 'A', if it already exists on the file system it
48 will be renamed to 'A.backup.currentdate'.
49 For automatic backup it use 'cron' so there is no need for a daemon,
51 but 'cron' must be running.
52 Modes
54 Local
55 Store snapshots on local HDD's (internal or USB). The drive has to
56 be mounted before creating a new snapshot.
57 Local encrypted
59 Store encrypted snapshots on local HDD's (internal or USB). Back
60 In Time uses 'encfs' with standard configuration to encrypt all
61 data. Please take a look at A NOTE ON SECURITY. You have to be
62 member of group fuse to use this. In terminal type 'sudo adduser
63 <USER> fuse'. To apply changes you have to logout and login again.
64 SSH
66 With Mode set to SSH you can store the backup on a remote host
67 using the SecureShellHost protocol (ssh). The remote path will be
68 mount local using sshfs to provide file-access for the graphical
69 interface and the backup process. Rsync and other processes called
70 during backup process will run directly on the remote host using
71 ssh.
72 To prepare your user account for ssh-mode you have to add the user
74 to group 'fuse' by typing 'sudo adduser <USER> fuse' in terminal.
75 To apply changes you have to logout and login again.
76 Next you have to create a password-less login to the remote host
78 (for further information look at http://www.debian-administra‐
79 tion.org/articles/152). Type in terminal 'ssh-keygen -t rsa' hit
80 enter for default path and enter a passphrase for the private key.
81 Finally type 'ssh-copy-id -i ~/.ssh/id_rsa.pub
83 <REMOTE_USER>@<HOST>' and enter your password on remote host.
84 In Settingsdialog you need to set the host and remote user. If you
86 enter a relative path (no leading / ) it will start from remote
87 users homedir. The password has to be the passphrase for your pri‐
88 vate key.
89 Cipher (the algorithm used to encrypt the data during transfer)
91 To optimize performance you can choose the cipher used by ssh.
92 Depending on your environment you can have a massive speed increase
93 compared to the default cipher.
94 benchmark-cipher will give you an overview over which cipher is the
96 fastest in your environment.
97 If the bottleneck of your environment is the hard-drive or the net‐
99 work you will not see a big difference between the ciphers. In this
100 case you should rather stay on 'default'.
101 Please read security information about the cipher before using them
103 in untrusted networks (Wifi, Internet). Some of them (Arcfour,
104 3DES, ...) should be handled as not secure anymore.
105 Remote Host
107 If your remote host is an embedded Linux NAS or any other device
108 with limited functions, you could run into some problems caused by
109 feature-less commands. For example some devices may not have
110 hardlink support for 'cp', 'chmod' and 'rsync'. In this case it may
111 help to install so-called Optware or Entware on your device if
112 available.
113 WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
115 If you don't know how to compile packages and how to modify a Linux
116 system you should NOT try to do this. There is a significant chance
117 to break your device and make it completely unusable with the fol‐
118 lowing procedure. We will not take any warranty for this. Make a
119 backup of your device before proceed! You have been warned!
120 You should install at least packages called 'bash', 'coreutils' and
122 'rsync'. You will have to change users default shell from
123 '/bin/sh' to '/opt/bin/bash' in '/etc/passwd'. To add
124 '/opt/bin:/opt/sbin:' to the start of the PATH environment you can
125 use 'Add prefix to SSH commands' in 'Expert Options' with
126 'PATH=/opt/bin:/opt/sbin:\ATH'.
127 To check if it does work you can compare the output of '/bin/cp
129 --help' and '/opt/bin/cp --help'. If 'ssh <user>@<host> cp --help'
130 called from your PC will print the same as '/opt/bin/cp --help'
131 called on the remote host (via interactive ssh session) you are
132 ready to go.
133 If you have questions on how to install and configure the Optware
135 please refer to the community of your device. You can also take a
136 look on Back In Time FAQ on GitHub https://github.com/bit-
137 team/backintime/wiki/FAQ
138 If you successfully modified your device to be able to make backups
140 over ssh, it would be nice if you write a 'How to' on Launchpad's
141 Answers so we can add this to the FAQ.
142 SSH encrypted
144 Store encrypted snapshots on remote hosts using SSH. Backintime
145 uses 'encfs --reverse' to mount the root filesystem '/'. Rsync will
146 sync this encrypted view of '/' to a remote host over SSH. All
147 encoding will be done on the local machine. So the password will
148 never be exposed to the remote host and you can use the (normally)
149 more powerful processor in you local machine for encryption instead
150 of weak NAS CPU's. The downside on this is 'encfs --reverse' does
151 not support 'Filename Initialization Vector Chaining' and 'Per-File
152 Initialization Vectors' from the standard configuration (take a
153 look at 'man encfs' for further information). Please take a look at
154 A NOTE ON SECURITY.
155 Because of all data is transferred encrypted the log output shows
157 encrypted filenames, too. In the Logview-Dialog you can use
158 'decode' option to decrypt the paths automatically or you can use
159 'backintime decode' to manually decrypt paths. Back In Time will
160 show all snapshots decoded so you can browse all files as normal.
161 Exclude does not support wildcards ('foo*', '[fF]oo', 'fo?')
163 because after encoding a file these wildcards can't match any more.
164 Only separate asterisk that match a full file or folder will work
165 ('foo/*', 'foo/**/bar'). All other excludes that have wildcards
166 will be silently ignored.
167 Please refer to the 'SSH' section above for information on setting
169 up the SSH connection.
170 Password
172 If 'Save Password to Keyring' is activated Back In Time will save the
173 Password into GnomeKeyring (Seahorse) or KDE-KWallet. Both are secure
174 password storages which encrypt the password with the users login-pass‐
175 word. So they can only be accessed if the user is logged in.
176 A backup cronjob during the user isn't logged in can not collect the
178 password from keyring. Also if the homedir is encrypted the keyring is
179 not accessible from cronjobs (even if the user is logged in). For these
180 cases the password can be cached in RAM. If 'Cache Password for Cron'
181 is activated Back In Time will start a small daemon in user-space which
182 will collect the password from keyring and provide them for cronjobs.
183 They will never be written to the harddrive but a user with root per‐
184 missions could access the daemon and read the password.
185 user-callback
187 During backup process the application can call a user callback at dif‐
188 ferent steps. This callback is "$XDG_CONFIG_HOME/backintime/user-call‐
189 back" (by default $XDG_CONFIG_HOME is ~/.config).
190 The first argument is the profile id (1=Main Profile, ...).
192 The second argument is the profile name.
194 The third argument is the reason:
196 1 Backup process begins.
198 2 Backup process ends.
200 3 A new snapshot was taken. The extra arguments are snap‐
202 shot ID and snapshot path.
203 4 There was an error. The second argument is the error
205 code.
206 Error codes:
207 1 The application is not configured.
209 2 A "take snapshot" process is already running.
211 3 Can't find snapshots folder (is it on a removable
213 drive ?).
214 4 A snapshot for "now" already exist.
216 5 On (graphical) App start.
218 6 On (graphical) App close.
220 7 Mount all necessary drives.
222 8 Unmount all drives.
224
226 --checksum
227 Force to use checksum for checking if files have been changed.
228 This is the same as 'Use checksum to detect changes' in Options.
229 But you can use this to periodically run checksums from cron‐
230 jobs. Only valid with backup, backup-job and restore.
231 --config PATH
233 Read config from PATH.
234 --debug
236 Show debug messages.
237 --delete
239 Restore and delete newer files which are not in the snapshot.
240 WARNING: deleting files in filesystem root could break your
241 whole system!!! Only valid with restore.
242 -h, --help
244 Display a short help
245 --keep-mount
247 Don't unmount on exit. Only valid with snapshots-path, snap‐
248 shots-list-path and last-snapshot-path.
249 --license
251 Show license
252 --local-backup
254 Create backup files before changing local files. Only valid
255 with restore.
256 --no-crontab
258 Do not install crontab entries. Only valid with check-config.
259 --no-local-backup
261 Temporary disable creation of backup files before changing local
262 files. Only valid with restore.
263 --profile NAME
265 Select profile by name
266 --profile-id ID
268 Select profile by id
269 --quiet
271 Suppress status messages on standard output.
272 -v, --version
274 Show version
275
278 backup | -b | --backup
279 Take a snapshot now (if needed)
280 backup-job | --backup-job
282 Take a snapshot (if needed) depending on schedule rules (used
283 for cron jobs). Back In Time will run in background for this.
284 benchmark-cipher | --benchmark-cipher [FILE-SIZE]
286 Show a benchmark of all ciphers for ssh transfer.
287 check-config
289 Verify the profile in config, create snapshot path and crontab
290 entries.
291 decode | --decode [PATH]
293 Decode encrypted PATH. If no PATH is given Back In Time will
294 read paths from standard input.
295 last-snapshot | --last-snapshot
297 Display last snapshot ID (if any)
298 last-snapshot-path | --last-snapshot-path
300 Display the path to the last snapshot (if any)
301 pw-cache | --pw-cache [start|stop|restart|reload|status]
303 Control the Password Cache Daemon. If no argument is given the
304 Password Cache will start in foreground.
305 remove[-and-do-not-ask-again] | --remove[-and-do-not-ask-again] [SNAP‐
307 SHOT_ID]
308 Remove the snapshot. If SNAPSHOT_ID is missing it will be
309 prompted. SNAPSHOT_ID can be an index (starting with 0 for the
310 last snapshot) or the exact SnapshotID (19 caracters like
311 '20130606-230501-984'). remove-and-do-not-ask-again will remove
312 the snapshot immediately. Be careful with this!
313 restore | --restore [WHAT [WHERE [SNAPSHOT_ID]]]
315 Restore file WHAT to path WHERE from snapshot SNAPSHOT_ID. If
316 arguments are missing they will be prompted. To restore to the
317 original path WHERE can be an empty string '' or just press
318 Enter at the prompt. SNAPSHOT_ID can be an index (starting with
319 0 for the last snapshot) or the exact SnapshotID (19 caracters
320 like '20130606-230501-984')
321 snapshots-list | --snapshots-list
323 Display the list of snapshot IDs (if any)
324 snapshots-list-path | --snapshots-list-path
326 Display the paths to snapshots (if any)
327 snapshots-path | --snapshots-path
329 Display path where is saves the snapshots (if configured)
330 unmount | --unmount
332 Unmount the profile.
333
336 There was a paid security audit for EncFS in Feb 2014 which revealed
337 several potential vulnerabilities.
338 From https://defuse.ca/audits/encfs.htm
340 EncFS is probably safe as long as the adversary only gets one
341 copy of the ciphertext and nothing more. EncFS is not safe if
342 the adversary has the opportunity to see two or more snapshots
343 of the ciphertext at different times. EncFS attempts to protect
344 files from malicious modification, but there are serious prob‐
345 lems with this feature.
346 This might be a problem with Back In Time snapshots.
348
350 backintime-qt4, backintime-config.
351 Back In Time also has a website: https://github.com/bit-team/backintime
353
355 This manual page was written by BIT Team(<bit-team@lists.launch‐
356 pad.net>).
357version 1.1.24 July 2015 backintime(1)