1backintime(1)                    USER COMMANDS                   backintime(1)
2
3
4

NAME

6       backintime - a simple backup tool for Linux.
7
8       This is the command line tool.  The graphical tool is backintime-qt.
9

SYNOPSIS

11       backintime  [--checksum] [--config PATH] [--debug] [--delete] [--help |
12       -h] [--keep-mount]  [--license]  [--local-backup  |  --no-local-backup]
13       [--no-crontab]   [--only-new]   [--profile   NAME  |  --profile-id  ID]
14       [--quiet] [--share-path PATH] [--version]
15
16       { backup | backup-job | benchmark-cipher [FILE-SIZE] |  check-config  |
17       decode   [PATH]   |   last-snapshot  |  last-snapshot-path  |  pw-cache
18       [start|stop|restart|reload|status]   |    remove[-and-do-not-ask-again]
19       [SNAPSHOT_ID]  |  restore  [WHAT  [WHERE  [SNAPSHOT_ID]]]  | shutdown |
20       smart-remove | snapshots-list | snapshots-list-path | snapshots-path  |
21       unmount }
22
23

DESCRIPTION

25       Back  In  Time is a simple backup tool for Linux. The backup is done by
26       taking snapshots of a specified set of folders.
27
28       All you have to do is configure: where to save snapshots, what  folders
29       to  backup.   You can also specify a backup schedule: disabled, every 5
30       minutes, every 10 minutes, every hour, every  day,  every  week,  every
31       month.  To  configure  it use one of the graphical interfaces available
32       (backintime-gnome or backintime-kde4).
33
34       It acts as  a  'user  mode'  backup  tool.  This  means  that  you  can
35       backup/restore  only folders you have write access to (actually you can
36       backup read-only folders, but you can't restore them).
37
38       If you want to run it as root you need to use 'sudo -i backintime'.
39
40       A new snapshot is created only if  something  changed  since  the  last
41       snapshot (if any).
42
43       A snapshot contains all the files from the selected folders (except for
44       exclude patterns). In order to reduce disk space it use hard-links  (if
45       possible)  between  snapshots  for  unchanged files. This way a file of
46       10MiB, unchanged for 10 snapshots, will use only 10MiB on the disk.
47
48       When you restore a file 'A', if it already exists on the file system it
49       will be renamed to 'A.backup.currentdate'.
50
51       For  automatic  backup  it use 'cron' so there is no need for a daemon,
52       but 'cron' must be running.
53
54   Modes
55       Local
56           Store snapshots on local HDD's (internal or USB). The drive has  to
57           be mounted before creating a new snapshot.
58
59       Local encrypted
60           Store  encrypted  snapshots on local HDD's (internal or USB).  Back
61           In Time uses 'encfs' with standard  configuration  to  encrypt  all
62           data.  Please take a look at A NOTE ON SECURITY.
63
64       SSH
65           With  Mode  set  to  SSH  you can store the backup on a remote host
66           using the SecureShellHost protocol (ssh).  The remote path will  be
67           mount  local  using  sshfs to provide file-access for the graphical
68           interface and the backup process.  Rsync and other processes called
69           during  backup  process  will run directly on the remote host using
70           ssh.
71
72           To prepare your user account for ssh-mode  you  have  to  create  a
73           password-less  login  to  the  remote host (for further information
74           look at  http://www.debian-administration.org/articles/152).   Type
75           in  terminal  'ssh-keygen  -t  rsa'  hit enter for default path and
76           enter a passphrase for the private key.
77
78           Finally      type      'ssh-copy-id      -i       ~/.ssh/id_rsa.pub
79           <REMOTE_USER>@<HOST>' and enter your password on remote host.
80
81           In  Settingsdialog you need to set the host and remote user. If you
82           enter a relative path (no leading / ) it  will  start  from  remote
83           users  homedir. The password has to be the passphrase for your pri‐
84           vate key.
85
86           Cipher (the algorithm used to encrypt the data during transfer)
87           To optimize performance you can choose  the  cipher  used  by  ssh.
88           Depending on your environment you can have a massive speed increase
89           compared to the default cipher.
90
91           benchmark-cipher will give you an overview over which cipher is the
92           fastest in your environment.
93
94           If the bottleneck of your environment is the hard-drive or the net‐
95           work you will not see a big difference between the ciphers. In this
96           case you should rather stay on 'default'.
97
98           Please read security information about the cipher before using them
99           in untrusted networks (Wifi,  Internet).  Some  of  them  (Arcfour,
100           3DES, ...) should be handled as not secure anymore.
101
102           Remote Host
103           If  your  remote  host is an embedded Linux NAS or any other device
104           with limited functions, you could run into some problems caused  by
105           feature-less  commands.   For  example  some  devices  may not have
106           hardlink support for 'cp', 'chmod' and 'rsync'. In this case it may
107           help  to  install  so-called  Optware  or Entware on your device if
108           available.
109
110           WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
111           If you don't know how to compile packages and how to modify a Linux
112           system you should NOT try to do this. There is a significant chance
113           to break your device and make it completely unusable with the  fol‐
114           lowing  procedure.  We  will not take any warranty for this. Make a
115           backup of your device before proceed!  You have been warned!
116
117           You should install at least packages called 'bash', 'coreutils' and
118           'rsync'.   You  will  have  to  change  users  default  shell  from
119           '/bin/sh'   to   '/opt/bin/bash'   in   '/etc/passwd'.    To    add
120           '/opt/bin:/opt/sbin:'  to the start of the PATH environment you can
121           use  'Add  prefix  to  SSH  commands'  in  'Expert  Options'   with
122           'PATH=/opt/bin:/opt/sbin:\$PATH'.
123
124           To  check  if  it  does work you can compare the output of '/bin/cp
125           --help' and '/opt/bin/cp --help'. If 'ssh <user>@<host> cp  --help'
126           called  from  your  PC  will print the same as '/opt/bin/cp --help'
127           called on the remote host (via interactive  ssh  session)  you  are
128           ready to go.
129
130           If  you  have questions on how to install and configure the Optware
131           please refer to the community of your device. You can also  take  a
132           look   on  Back  In  Time  FAQ  on  GitHub  https://github.com/bit-
133           team/backintime/wiki/FAQ
134
135           If you successfully modified your device to be able to make backups
136           over  ssh,  it would be nice if you write a 'How to' on Launchpad's
137           Answers so we can add this to the FAQ.
138
139       SSH encrypted
140           Store encrypted snapshots on remote  hosts  using  SSH.  Backintime
141           uses 'encfs --reverse' to mount the root filesystem '/'. Rsync will
142           sync this encrypted view of '/' to a  remote  host  over  SSH.  All
143           encoding  will  be  done on the local machine. So the password will
144           never be exposed to the remote host and you can use the  (normally)
145           more powerful processor in you local machine for encryption instead
146           of weak NAS CPU's. The downside on this is 'encfs  --reverse'  does
147           not support 'Filename Initialization Vector Chaining' and 'Per-File
148           Initialization Vectors' from the  standard  configuration  (take  a
149           look at 'man encfs' for further information). Please take a look at
150           A NOTE ON SECURITY.
151
152           Because of all data is transferred encrypted the log  output  shows
153           encrypted  filenames,  too.  In  the  Logview-Dialog  you  can  use
154           'decode' option to decrypt the paths automatically or you  can  use
155           'backintime  decode'  to  manually decrypt paths. Back In Time will
156           show all snapshots decoded so you can browse all files as normal.
157
158           Exclude  does  not  support  wildcards  ('foo*',  '[fF]oo',  'fo?')
159           because after encoding a file these wildcards can't match any more.
160           Only separate asterisk that match a full file or folder  will  work
161           ('foo/*',  'foo/**/bar').  All  other  excludes that have wildcards
162           will be silently ignored.
163
164           Please refer to the 'SSH' section above for information on  setting
165           up the SSH connection.
166
167   Password
168       If  'Save  Password to Keyring' is activated Back In Time will save the
169       Password into GnomeKeyring (Seahorse) or KDE-KWallet. Both  are  secure
170       password storages which encrypt the password with the users login-pass‐
171       word. So they can only be accessed if the user is logged in.
172
173       A backup cronjob during the user isn't logged in can  not  collect  the
174       password  from keyring. Also if the homedir is encrypted the keyring is
175       not accessible from cronjobs (even if the user is logged in). For these
176       cases  the  password can be cached in RAM. If 'Cache Password for Cron'
177       is activated Back In Time will start a small daemon in user-space which
178       will  collect  the password from keyring and provide them for cronjobs.
179       They will never be written to the harddrive but a user with  root  per‐
180       missions could access the daemon and read the password.
181
182   user-callback
183       During  backup process the application can call a user callback at dif‐
184       ferent steps.  This callback is "$XDG_CONFIG_HOME/backintime/user-call‐
185       back" (by default $XDG_CONFIG_HOME is ~/.config).
186
187       The first argument is the profile id (1=Main Profile, ...).
188
189       The second argument is the profile name.
190
191       The third argument is the reason:
192
193              1      Backup process begins.
194
195              2      Backup process ends.
196
197              3      A  new  snapshot was taken. The extra arguments are snap‐
198                     shot ID and snapshot path.
199
200              4      There was an error. The  second  argument  is  the  error
201                     code.
202                     Error codes:
203
204                     1      The application is not configured.
205
206                     2      A "take snapshot" process is already running.
207
208                     3      Can't  find snapshots folder (is it on a removable
209                            drive ?).
210
211                     4      A snapshot for "now" already exist.
212
213              5      On (graphical) App start.
214
215              6      On (graphical) App close.
216
217              7      Mount all necessary drives.
218
219              8      Unmount all drives.
220

OPTIONS

222       --checksum
223              Force to use checksum for checking if files have  been  changed.
224              This is the same as 'Use checksum to detect changes' in Options.
225              But you can use this to periodically run  checksums  from  cron‐
226              jobs. Only valid with backup, backup-job and restore.
227
228       --config PATH
229              Read config from PATH. Default = ~/.config/backintime/config
230
231       --debug
232              Show debug messages.
233
234       --delete
235              Restore  and  delete  newer files which are not in the snapshot.
236              WARNING: deleting files in  filesystem  root  could  break  your
237              whole system!!!  Only valid with restore.
238
239       -h, --help
240              Display a short help
241
242       --keep-mount
243              Don't  unmount  on  exit.  Only valid with snapshots-path, snap‐
244              shots-list-path and last-snapshot-path.
245
246       --license
247              Show license
248
249       --local-backup
250              Create backup files before changing  local  files.   Only  valid
251              with restore.
252
253       --no-crontab
254              Do not install crontab entries.  Only valid with check-config.
255
256       --no-local-backup
257              Temporary disable creation of backup files before changing local
258              files.  Only valid with restore.
259
260       --only-new
261              Only restore files which does not exist or are newer than  those
262              in destination.  Using "rsync --update" option.  Only valid with
263              restore.
264
265       --profile NAME
266              Select profile by name
267
268       --profile-id ID
269              Select profile by id
270
271       --quiet
272              Suppress status messages on standard output.
273
274       --share-path PATH
275              Write runtime data (locks, messages,  log  and  mountpoints)  to
276              PATH.
277
278       -v, --version
279              Show version
280
281

COMMANDS

283       backup | -b | --backup
284              Take a snapshot now.
285
286       backup-job | --backup-job
287              Take  a  snapshot  (if needed) depending on schedule rules (used
288              for cron jobs).  Back In Time will run in background for this.
289
290       benchmark-cipher | --benchmark-cipher [FILE-SIZE]
291              Show a benchmark of all ciphers for ssh transfer.
292
293       check-config
294              Verify the profile in config, create snapshot path  and  crontab
295              entries.
296
297       decode | --decode [PATH]
298              Decode  encrypted  PATH.  If  no PATH is given Back In Time will
299              read paths from standard input.
300
301       last-snapshot | --last-snapshot
302              Display last snapshot ID (if any)
303
304       last-snapshot-path | --last-snapshot-path
305              Display the path to the last snapshot (if any)
306
307       pw-cache | --pw-cache [start|stop|restart|reload|status]
308              Control the Password Cache Daemon. If no argument is  given  the
309              Password Cache will start in foreground.
310
311       remove[-and-do-not-ask-again]  | --remove[-and-do-not-ask-again] [SNAP‐
312       SHOT_ID]
313              Remove the snapshot.  If  SNAPSHOT_ID  is  missing  it  will  be
314              prompted.  SNAPSHOT_ID  can be an index (starting with 0 for the
315              last snapshot)  or  the  exact  SnapshotID  (19  caracters  like
316              '20130606-230501-984').  remove-and-do-not-ask-again will remove
317              the snapshot immediately.  Be careful with this!
318
319       restore | --restore [WHAT [WHERE [SNAPSHOT_ID]]]
320              Restore file WHAT to path WHERE from  snapshot  SNAPSHOT_ID.  If
321              arguments  are  missing they will be prompted. To restore to the
322              original path WHERE can be an empty  string  ''  or  just  press
323              Enter  at the prompt. SNAPSHOT_ID can be an index (starting with
324              0 for the last snapshot) or the exact SnapshotID  (19  caracters
325              like '20130606-230501-984')
326
327       shutdown
328              Shutdown the computer after the snapshot is done.
329
330       smart-remove
331              Remove snapshots based on the configured Smart-Remove pattern.
332
333       snapshots-list | --snapshots-list
334              Display the list of snapshot IDs (if any)
335
336       snapshots-list-path | --snapshots-list-path
337              Display the paths to snapshots (if any)
338
339       snapshots-path | --snapshots-path
340              Display path where is saves the snapshots (if configured)
341
342       unmount | --unmount
343              Unmount the profile.
344
345

A NOTE ON SECURITY

347       There  was  a  paid security audit for EncFS in Feb 2014 which revealed
348       several potential vulnerabilities.
349
350       From https://defuse.ca/audits/encfs.htm
351              EncFS is probably safe as long as the adversary  only  gets  one
352              copy  of  the  ciphertext and nothing more. EncFS is not safe if
353              the adversary has the opportunity to see two or  more  snapshots
354              of  the ciphertext at different times. EncFS attempts to protect
355              files from malicious modification, but there are  serious  prob‐
356              lems with this feature.
357
358       This might be a problem with Back In Time snapshots.
359

SEE ALSO

361       backintime-qt, backintime-config.
362
363       Back In Time also has a website: https://github.com/bit-team/backintime
364

AUTHOR

366       This  manual  page  was  written  by  BIT  Team(<bit-team@lists.launch‐
367       pad.net>).
368
369
370
371version 1.2.0                      Aug 2016                      backintime(1)
Impressum