1BORG(1) Borg - Deduplicating Archiver BORG(1)
2
6 borg - BorgBackup is a deduplicating backup program with optional com‐
7 pression and authenticated encryption.
8
10 Borg consists of a number of commands. Each command accepts a number of
11 arguments and options and interprets various environment variables.
12 The following sections will describe each command in detail.
13 Commands, options, parameters, paths and such are set in fixed-width.
15 Option values are underlined. Borg has few options accepting a fixed
16 set of values (e.g. --encryption of borg_init). Experimental features
17 are marked with red stripes on the sides, like this paragraph.
18 Experimental features are not stable, which means that they may be
20 changed in incompatible ways or even removed entirely without prior
21 notice in following releases.
22 Positional Arguments and Options: Order matters
24 Borg only supports taking options (-s and --progress in the example) to
25 the left or right of all positional arguments (repo::archive and path
26 in the example), but not in between them:
27 borg create -s --progress repo::archive path # good and preferred
29 borg create repo::archive path -s --progress # also works
30 borg create -s repo::archive path --progress # works, but ugly
31 borg create repo::archive -s --progress path # BAD
32 This is due to a problem in the argparse module:
34 http://bugs.python.org/issue15112
35 Repository URLs
37 Local filesystem (or locally mounted network filesystem):
38 /path/to/repo - filesystem path to repo directory, absolute path
40 path/to/repo - filesystem path to repo directory, relative path
42 Also, stuff like ~/path/to/repo or ~other/path/to/repo works (this is
44 expanded by your shell).
45 Note: you may also prepend a file:// to a filesystem path to get URL
47 style.
48 Remote repositories accessed via ssh user@host:
50 user@host:/path/to/repo - remote repo, absolute path
52 ssh://user@host:port/path/to/repo - same, alternative syntax, port can
54 be given
55 Remote repositories with relative paths can be given using this syntax:
57 user@host:path/to/repo - path relative to current directory
59 user@host:~/path/to/repo - path relative to user's home directory
61 user@host:~other/path/to/repo - path relative to other's home directory
63 Note: giving user@host:/./path/to/repo or user@host:/~/path/to/repo or
65 user@host:/~other/path/to/repo is also supported, but not required
66 here.
67 Remote repositories with relative paths, alternative syntax with port:
69 ssh://user@host:port/./path/to/repo - path relative to current direc‐
71 tory
72 ssh://user@host:port/~/path/to/repo - path relative to user's home
74 directory
75 ssh://user@host:port/~other/path/to/repo - path relative to other's
77 home directory
78 If you frequently need the same repo URL, it is a good idea to set the
80 BORG_REPO environment variable to set a default for the repo URL:
81 export BORG_REPO='ssh://user@host:port/path/to/repo'
83 Then just leave away the repo URL if only a repo URL is needed and you
85 want to use the default - it will be read from BORG_REPO then.
86 Use :: syntax to give the repo URL when syntax requires giving a posi‐
88 tional argument for the repo (e.g. borg mount :: /mnt).
89 Repository / Archive Locations
91 Many commands want either a repository (just give the repo URL, see
92 above) or an archive location, which is a repo URL followed by ::ar‐
93 chive_name.
94 Archive names must not contain the / (slash) character. For simplicity,
96 maybe also avoid blanks or other characters that have special meaning
97 on the shell or in a filesystem (borg mount will use the archive name
98 as directory name).
99 If you have set BORG_REPO (see above) and an archive location is
101 needed, use ::archive_name - the repo URL part is then read from
102 BORG_REPO.
103 Logging
105 Borg writes all log output to stderr by default. But please note that
106 something showing up on stderr does not indicate an error condition
107 just because it is on stderr. Please check the log levels of the mes‐
108 sages and the return code of borg for determining error, warning or
109 success conditions.
110 If you want to capture the log output to a file, just redirect it:
112 borg create repo::archive myfiles 2>> logfile
114 Custom logging configurations can be implemented via BORG_LOGGING_CONF.
116 The log level of the builtin logging configuration defaults to WARNING.
118 This is because we want Borg to be mostly silent and only output warn‐
119 ings, errors and critical messages, unless output has been requested by
120 supplying an option that implies output (e.g. --list or --progress).
121 Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
123 Use --debug to set DEBUG log level - to get debug, info, warning, error
125 and critical level output.
126 Use --info (or -v or --verbose) to set INFO log level - to get info,
128 warning, error and critical level output.
129 Use --warning (default) to set WARNING log level - to get warning,
131 error and critical level output.
132 Use --error to set ERROR log level - to get error and critical level
134 output.
135 Use --critical to set CRITICAL log level - to get critical level out‐
137 put.
138 While you can set misc. log levels, do not expect that every command
140 will give different output on different log levels - it's just a possi‐
141 bility.
142 WARNING:
144 Options --critical and --error are provided for completeness, their
145 usage is not recommended as you might miss important information.
146 Return codes
148 Borg can exit with the following return codes (rc):
149 ┌────────────┬────────────────────────────┐
151 │Return code │ Meaning │
152 ├────────────┼────────────────────────────┤
153 │0 │ success (logged as INFO) │
154 ├────────────┼────────────────────────────┤
155 │1 │ warning (operation reached │
156 │ │ its normal end, but there │
157 │ │ were warnings -- you │
158 │ │ should check the log, │
159 │ │ logged as WARNING) │
160 ├────────────┼────────────────────────────┤
161 │2 │ error (like a fatal error, │
162 │ │ a local or remote excep‐ │
163 │ │ tion, the operation did │
164 │ │ not reach its normal end, │
165 │ │ logged as ERROR) │
166 ├────────────┼────────────────────────────┤
167 │128+N │ killed by signal N (e.g. │
168 │ │ 137 == kill -9) │
169 └────────────┴────────────────────────────┘
170 If you use --show-rc, the return code is also logged at the indicated
172 level as the last log entry.
173 Environment Variables
175 Borg uses some environment variables for automation:
176 General:
178 BORG_REPO
180 When set, use the value to give the default repository
181 location. If a command needs an archive parameter, you
182 can abbreviate as ::archive. If a command needs a reposi‐
183 tory parameter, you can either leave it away or abbrevi‐
184 ate as ::, if a positional parameter is required.
185 BORG_PASSPHRASE
187 When set, use the value to answer the passphrase question
188 for encrypted repositories. It is used when a passphrase
189 is needed to access an encrypted repo as well as when a
190 new passphrase should be initially set when initializing
191 an encrypted repo. See also BORG_NEW_PASSPHRASE.
192 BORG_PASSCOMMAND
194 When set, use the standard output of the command (trail‐
195 ing newlines are stripped) to answer the passphrase ques‐
196 tion for encrypted repositories. It is used when a
197 passphrase is needed to access an encrypted repo as well
198 as when a new passphrase should be initially set when
199 initializing an encrypted repo. Note that the command is
200 executed without a shell. So variables, like $HOME will
201 work, but ~ won't. If BORG_PASSPHRASE is also set, it
202 takes precedence. See also BORG_NEW_PASSPHRASE.
203 BORG_PASSPHRASE_FD
205 When set, specifies a file descriptor to read a
206 passphrase from. Programs starting borg may choose to
207 open an anonymous pipe and use it to pass a passphrase.
208 This is safer than passing via BORG_PASSPHRASE, because
209 on some systems (e.g. Linux) environment can be examined
210 by other processes. If BORG_PASSPHRASE or BORG_PASSCOM‐
211 MAND are also set, they take precedence.
212 BORG_NEW_PASSPHRASE
214 When set, use the value to answer the passphrase question
215 when a new passphrase is asked for. This variable is
216 checked first. If it is not set, BORG_PASSPHRASE and
217 BORG_PASSCOMMAND will also be checked. Main usecase for
218 this is to fully automate borg change-passphrase.
219 BORG_DISPLAY_PASSPHRASE
221 When set, use the value to answer the "display the
222 passphrase for verification" question when defining a new
223 passphrase for encrypted repositories.
224 BORG_HOSTNAME_IS_UNIQUE=no
226 Borg assumes that it can derive a unique hostname / iden‐
227 tity (see borg debug info). If this is not the case or
228 you do not want Borg to automatically remove stale locks,
229 set this to no.
230 BORG_HOST_ID
232 Borg usually computes a host id from the FQDN plus the
233 results of uuid.getnode() (which usually returns a unique
234 id based on the MAC address of the network interface.
235 Except if that MAC happens to be all-zero - in that case
236 it returns a random value, which is not what we want
237 (because it kills automatic stale lock removal). So, if
238 you have a all-zero MAC address or other reasons to bet‐
239 ter externally control the host id, just set this envi‐
240 ronment variable to a unique value. If all your FQDNs are
241 unique, you can just use the FQDN. If not, use
242 fqdn@uniqueid.
243 BORG_LOGGING_CONF
245 When set, use the given filename as INI-style logging
246 configuration. A basic example conf can be found at
247 docs/misc/logging.conf.
248 BORG_RSH
250 When set, use this command instead of ssh. This can be
251 used to specify ssh options, such as a custom identity
252 file ssh -i /path/to/private/key. See man ssh for other
253 options. Using the --rsh CMD commandline option overrides
254 the environment variable.
255 BORG_REMOTE_PATH
257 When set, use the given path as borg executable on the
258 remote (defaults to "borg" if unset). Using
259 --remote-path PATH commandline option overrides the envi‐
260 ronment variable.
261 BORG_FILES_CACHE_TTL
263 When set to a numeric value, this determines the maximum
264 "time to live" for the files cache entries (default: 20).
265 The files cache is used to quickly determine whether a
266 file is unchanged. The FAQ explains this more detailed
267 in: always_chunking
268 BORG_SHOW_SYSINFO
270 When set to no (default: yes), system information (like
271 OS, Python version, ...) in exceptions is not shown.
272 Please only use for good reasons as it makes issues
273 harder to analyze.
274 TMPDIR where temporary files are stored (might need a lot of
276 temporary space for some operations), see tempfile for
277 details
278 Some automatic answerers (if set, they automatically answer confirma‐
280 tion questions):
281 BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
283 For "Warning: Attempting to access a previously unknown
284 unencrypted repository"
285 BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
287 For "Warning: The repository at location ... was previ‐
288 ously located at ..."
289 BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
291 For "Warning: 'check --repair' is an experimental feature
292 that might result in data loss."
293 BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
295 For "You requested to completely DELETE the repository
296 including all archives it contains:"
297 BORG_RECREATE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
299 For "recreate is an experimental feature."
300 Note: answers are case sensitive. setting an invalid answer
302 value might either give the default answer or ask you interac‐
303 tively, depending on whether retries are allowed (they by
304 default are allowed). So please test your scripts interactively
305 before making them a non-interactive script.
306 Directories and files:
308 BORG_BASE_DIR
310 Default to '$HOME', '~$USER', '~' (in that order)'. If
311 we refer to ~ below, we in fact mean BORG_BASE_DIR.
312 BORG_CONFIG_DIR
314 Default to '~/.config/borg'. This directory contains the
315 whole config directories.
316 BORG_CACHE_DIR
318 Default to '~/.cache/borg'. This directory contains the
319 local cache and might need a lot of space for dealing
320 with big repositories.
321 BORG_SECURITY_DIR
323 Default to '~/.config/borg/security'. This directory con‐
324 tains information borg uses to track its usage of NONCES
325 ("numbers used once" - usually in encryption context) and
326 other security relevant data.
327 BORG_KEYS_DIR
329 Default to '~/.config/borg/keys'. This directory contains
330 keys for encrypted repositories.
331 BORG_KEY_FILE
333 When set, use the given filename as repository key file.
334 Building:
336 BORG_OPENSSL_PREFIX
338 Adds given OpenSSL header file directory to the default
339 locations (setup.py).
340 BORG_LIBLZ4_PREFIX
342 Adds given prefix directory to the default locations. If
343 a 'include/lz4.h' is found Borg will be linked against
344 the system liblz4 instead of a bundled implementation.
345 (setup.py)
346 BORG_LIBB2_PREFIX
348 Adds given prefix directory to the default locations. If
349 a 'include/blake2.h' is found Borg will be linked against
350 the system libb2 instead of a bundled implementation.
351 (setup.py)
352 BORG_LIBZSTD_PREFIX
354 Adds given prefix directory to the default locations. If
355 a 'include/zstd.h' is found Borg will be linked against
356 the system libzstd instead of a bundled implementation.
357 (setup.py)
358 Please note:
360 · be very careful when using the "yes" sayers, the warnings with prompt
362 exist for your / your data's security/safety
363 · also be very careful when putting your passphrase into a script, make
365 sure it has appropriate file permissions (e.g. mode 600, root:root).
366 File systems
368 We strongly recommend against using Borg (or any other database-like
369 software) on non-journaling file systems like FAT, since it is not pos‐
370 sible to assume any consistency in case of power failures (or a sudden
371 disconnect of an external drive or similar failures).
372 While Borg uses a data store that is resilient against these failures
374 when used on journaling file systems, it is not possible to guarantee
375 this with some hardware -- independent of the software used. We don't
376 know a list of affected hardware.
377 If you are suspicious whether your Borg repository is still consistent
379 and readable after one of the failures mentioned above occurred, run
380 borg check --verify-data to make sure it is consistent. Requirements
381 for Borg repository file systems.INDENT 0.0
382 · Long file names
384 · At least three directory levels with short names
386 · Typically, file sizes up to a few hundred MB. Large repositories may
388 require large files (>2 GB).
389 · Up to 1000 files per directory (10000 for repositories initialized
391 with Borg 1.0)
392 · mkdir(2) should be atomic, since it is used for locking
394 · Hardlinks are needed for borg_upgrade --inplace
396 Units
398 To display quantities, Borg takes care of respecting the usual conven‐
399 tions of scale. Disk sizes are displayed in decimal, using powers of
400 ten (so kB means 1000 bytes). For memory usage, binary prefixes are
401 used, and are indicated using the IEC binary prefixes, using powers of
402 two (so KiB means 1024 bytes).
403 Date and Time
405 We format date and time conforming to ISO-8601, that is: YYYY-MM-DD and
406 HH:MM:SS (24h clock).
407 For more information about that, see: https://xkcd.com/1179/
409 Unless otherwise noted, we display local date and time. Internally, we
411 store and process date and time as UTC.
412 Resource Usage
414 Borg might use a lot of resources depending on the size of the data set
415 it is dealing with.
416 If one uses Borg in a client/server way (with a ssh: repository), the
418 resource usage occurs in part on the client and in another part on the
419 server.
420 If one uses Borg as a single process (with a filesystem repo), all the
422 resource usage occurs in that one process, so just add up client +
423 server to get the approximate resource usage.
424 CPU client:
426 · borg create: does chunking, hashing, compression, crypto (high
428 CPU usage)
429 · chunks cache sync: quite heavy on CPU, doing lots of hashtable
431 operations.
432 · borg extract: crypto, decompression (medium to high CPU usage)
434 · borg check: similar to extract, but depends on options given.
436 · borg prune / borg delete archive: low to medium CPU usage
438 · borg delete repo: done on the server
440 It won't go beyond 100% of 1 core as the code is currently sin‐
442 gle-threaded. Especially higher zlib and lzma compression lev‐
443 els use significant amounts of CPU cycles. Crypto might be cheap
444 on the CPU (if hardware accelerated) or expensive (if not).
445 CPU server:
447 It usually doesn't need much CPU, it just deals with the
448 key/value store (repository) and uses the repository index for
449 that.
450 borg check: the repository check computes the checksums of all
452 chunks (medium CPU usage) borg delete repo: low CPU usage
453 CPU (only for client/server operation):
455 When using borg in a client/server way with a ssh:-type repo,
456 the ssh processes used for the transport layer will need some
457 CPU on the client and on the server due to the crypto they are
458 doing - esp. if you are pumping big amounts of data.
459 Memory (RAM) client:
461 The chunks index and the files index are read into memory for
462 performance reasons. Might need big amounts of memory (see
463 below). Compression, esp. lzma compression with high levels
464 might need substantial amounts of memory.
465 Memory (RAM) server:
467 The server process will load the repository index into memory.
468 Might need considerable amounts of memory, but less than on the
469 client (see below).
470 Chunks index (client only):
472 Proportional to the amount of data chunks in your repo. Lots of
473 chunks in your repo imply a big chunks index. It is possible to
474 tweak the chunker params (see create options).
475 Files index (client only):
477 Proportional to the amount of files in your last backups. Can be
478 switched off (see create options), but next backup might be much
479 slower if you do. The speed benefit of using the files cache is
480 proportional to file size.
481 Repository index (server only):
483 Proportional to the amount of data chunks in your repo. Lots of
484 chunks in your repo imply a big repository index. It is possi‐
485 ble to tweak the chunker params (see create options) to influ‐
486 ence the amount of chunks being created.
487 Temporary files (client):
489 Reading data and metadata from a FUSE mounted repository will
490 consume up to the size of all deduplicated, small chunks in the
491 repository. Big chunks won't be locally cached.
492 Temporary files (server):
494 None.
495 Cache files (client only):
497 Contains the chunks index and files index (plus a collection of
498 single- archive chunk indexes which might need huge amounts of
499 disk space, depending on archive count and size - see FAQ about
500 how to reduce).
501 Network (only for client/server operation):
503 If your repository is remote, all deduplicated (and optionally
504 compressed/ encrypted) data of course has to go over the connec‐
505 tion (ssh:// repo url). If you use a locally mounted network
506 filesystem, additionally some copy operations used for transac‐
507 tion support also go over the connection. If you backup multiple
508 sources to one target repository, additional traffic happens for
509 cache resynchronization.
510 Support for file metadata
512 Besides regular file and directory structures, Borg can preserve
513 · symlinks (stored as symlink, the symlink is not followed)
515 · special files:
517 · character and block device files (restored via mknod)
519 · FIFOs ("named pipes")
521 · special file contents can be backed up in --read-special mode. By
523 default the metadata to create them with mknod(2), mkfifo(2) etc.
524 is stored.
525 · hardlinked regular files, devices, FIFOs (considering all items in
527 the same archive)
528 · timestamps in nanosecond precision: mtime, atime, ctime
530 · other timestamps: birthtime (on platforms supporting it)
532 · permissions:
534 · IDs of owning user and owning group
536 · names of owning user and owning group (if the IDs can be resolved)
538 · Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
540 On some platforms additional features are supported:
542 ┌─────────────────┬──────────┬───────────┬───────────┐
544 │Platform │ ACLs [5] │ xattr [6] │ Flags [7] │
545 ├─────────────────┼──────────┼───────────┼───────────┤
546 │Linux │ Yes │ Yes │ Yes [1] │
547 ├─────────────────┼──────────┼───────────┼───────────┤
548 │Mac OS X │ Yes │ Yes │ Yes (all) │
549 ├─────────────────┼──────────┼───────────┼───────────┤
550 │FreeBSD │ Yes │ Yes │ Yes (all) │
551 ├─────────────────┼──────────┼───────────┼───────────┤
552 │OpenBSD │ n/a │ n/a │ Yes (all) │
553 ├─────────────────┼──────────┼───────────┼───────────┤
554 │NetBSD │ n/a │ No [2] │ Yes (all) │
555 ├─────────────────┼──────────┼───────────┼───────────┤
556 │Solaris and de‐ │ No [3] │ No [3] │ n/a │
557 │rivatives │ │ │ │
558 ├─────────────────┼──────────┼───────────┼───────────┤
559 │Windows (cygwin) │ No [4] │ No │ No │
560 └─────────────────┴──────────┴───────────┴───────────┘
561 Other Unix-like operating systems may work as well, but have not been
563 tested at all.
564 Note that most of the platform-dependent features also depend on the
566 file system. For example, ntfs-3g on Linux isn't able to convey NTFS
567 ACLs.
568 [1] Only "nodump", "immutable", "compressed" and "append" are sup‐
570 ported. Feature request #618 for more flags.
571 [2] Feature request #1332
573 [3] Feature request #1337
575 [4] Cygwin tries to map NTFS ACLs to permissions with varying degress
577 of success.
578 [5] The native access control list mechanism of the OS. This normally
580 limits access to non-native ACLs. For example, NTFS ACLs aren't
581 completely accessible on Linux with ntfs-3g.
582 [6] extended attributes; key-value pairs attached to a file, mainly
584 used by the OS. This includes resource forks on Mac OS X.
585 [7] aka BSD flags. The Linux set of flags [1] is portable across plat‐
587 forms. The BSDs define additional flags.
588 In case you are interested in more details (like formulas), please
590 see internals. For details on the available JSON output, refer to
591 json_output.
592 Common options
594 All Borg commands share these options:
595 -h, --help
597 show this help message and exit
598 --critical
600 work on log level CRITICAL
601 --error
603 work on log level ERROR
604 --warning
606 work on log level WARNING (default)
607 --info, -v, --verbose
609 work on log level INFO
610 --debug
612 enable debug output, work on log level DEBUG
613 --debug-topic TOPIC
615 enable TOPIC debugging (can be specified multiple times). The
616 logger path is borg.debug.<TOPIC> if TOPIC is not fully quali‐
617 fied.
618 -p, --progress
620 show progress information
621 --log-json
623 Output one JSON object per log line instead of formatted text.
624 --lock-wait SECONDS
626 wait at most SECONDS for acquiring a repository/cache lock
627 (default: 1).
628 --show-version
630 show/log the borg version
631 --show-rc
633 show/log the return code (rc)
634 --umask M
636 set umask to M (local and remote, default: 0077)
637 --remote-path PATH
639 use PATH as borg executable on the remote (default: "borg")
640 --remote-ratelimit RATE
642 set remote network upload rate limit in kiByte/s (default:
643 0=unlimited)
644 --consider-part-files
646 treat part files like normal files (e.g. to list/extract them)
647 --debug-profile FILE
649 Write execution profile in Borg format into FILE. For local use
650 a Python-compatible file can be generated by suffixing FILE with
651 ".pyprof".
652 --rsh RSH
654 Use this command to connect to the 'borg serve' process
655 (default: 'ssh')
656 Examples
658 # Create an archive and log: borg version, files list, return code
659 $ borg create --show-version --list --show-rc /path/to/repo::my-files files
660
662 borg [common options] init [options] [REPOSITORY]
663 Description
665 This command initializes an empty repository. A repository is a
666 filesystem directory containing the deduplicated data from zero or more
667 archives.
668 Encryption can be enabled at repository init time. It cannot be changed
670 later.
671 It is not recommended to work without encryption. Repository encryption
673 protects you e.g. against the case that an attacker has access to your
674 backup repository.
675 But be careful with the key / the passphrase:
677 If you want "passphrase-only" security, use one of the repokey modes.
679 The key will be stored inside the repository (in its "config" file). In
680 above mentioned attack scenario, the attacker will have the key (but
681 not the passphrase).
682 If you want "passphrase and having-the-key" security, use one of the
684 keyfile modes. The key will be stored in your home directory (in .con‐
685 fig/borg/keys). In the attack scenario, the attacker who has just
686 access to your repo won't have the key (and also not the passphrase).
687 Make a backup copy of the key file (keyfile mode) or repo config file
689 (repokey mode) and keep it at a safe place, so you still have the key
690 in case it gets corrupted or lost. Also keep the passphrase at a safe
691 place. The backup that is encrypted with that key won't help you with
692 that, of course.
693 Make sure you use a good passphrase. Not too short, not too simple. The
695 real encryption / decryption key is encrypted with / locked by your
696 passphrase. If an attacker gets your key, he can't unlock and use it
697 without knowing the passphrase.
698 Be careful with special or non-ascii characters in your passphrase:
700 · Borg processes the passphrase as unicode (and encodes it as utf-8),
702 so it does not have problems dealing with even the strangest charac‐
703 ters.
704 · BUT: that does not necessarily apply to your OS / VM / keyboard con‐
706 figuration.
707 So better use a long passphrase made from simple ascii chars than one
709 that includes non-ascii stuff or characters that are hard/impossible to
710 enter on a different keyboard layout.
711 You can change your passphrase for existing repos at any time, it won't
713 affect the encryption/decryption key or other secrets.
714 Encryption modes
716 ┌─────────┬──────────────────┬──────────────────┬──────────────────┐
717 │Hash/MAC │ Not encrypted no │ Not encrypted, │ Encrypted (AEAD │
718 │ │ auth │ but authenti‐ │ w/ AES) and │
719 │ │ │ cated │ authenticated │
720 ├─────────┼──────────────────┼──────────────────┼──────────────────┤
721 │SHA-256 │ none │ authenticated │ repokey keyfile │
722 ├─────────┼──────────────────┼──────────────────┼──────────────────┤
723 │BLAKE2b │ n/a │ authenti‐ │ repokey-blake2 │
724 │ │ │ cated-blake2 │ keyfile-blake2 │
725 └─────────┴──────────────────┴──────────────────┴──────────────────┘
726 Marked modes are new in Borg 1.1 and are not backwards-compatible with
728 Borg 1.0.x.
729 On modern Intel/AMD CPUs (except very cheap ones), AES is usually hard‐
731 ware-accelerated. BLAKE2b is faster than SHA256 on Intel/AMD 64-bit
732 CPUs (except AMD Ryzen and future CPUs with SHA extensions), which
733 makes authenticated-blake2 faster than none and authenticated.
734 On modern ARM CPUs, NEON provides hardware acceleration for SHA256 mak‐
736 ing it faster than BLAKE2b-256 there. NEON accelerates AES as well.
737 Hardware acceleration is always used automatically when available.
739 repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for
741 authentication in an encrypt-then-MAC (EtM) construction. The chunk ID
742 hash is HMAC-SHA256 as well (with a separate key). These modes are
743 compatible with Borg 1.0.x.
744 repokey-blake2 and keyfile-blake2 are also authenticated encryption
746 modes, but use BLAKE2b-256 instead of HMAC-SHA256 for authentication.
747 The chunk ID hash is a keyed BLAKE2b-256 hash. These modes are new and
748 not compatible with Borg 1.0.x.
749 authenticated mode uses no encryption, but authenticates repository
751 contents through the same HMAC-SHA256 hash as the repokey and keyfile
752 modes (it uses it as the chunk ID hash). The key is stored like
753 repokey. This mode is new and not compatible with Borg 1.0.x.
754 authenticated-blake2 is like authenticated, but uses the keyed
756 BLAKE2b-256 hash from the other blake2 modes. This mode is new and not
757 compatible with Borg 1.0.x.
758 none mode uses no encryption and no authentication. It uses SHA256 as
760 chunk ID hash. Not recommended, rather consider using an authenticated
761 or authenticated/encrypted mode. This mode has possible denial-of-ser‐
762 vice issues when running borg create on contents controlled by an
763 attacker. Use it only for new repositories where no encryption is
764 wanted and when compatibility with 1.0.x is important. If compatibility
765 with 1.0.x is not important, use authenticated-blake2 or authenticated
766 instead. This mode is compatible with Borg 1.0.x.
767 Examples
769 # Local repository, repokey encryption, BLAKE2b (often faster, since Borg 1.1)
770 $ borg init --encryption=repokey-blake2 /path/to/repo
771 # Local repository (no encryption)
773 $ borg init --encryption=none /path/to/repo
774 # Remote repository (accesses a remote borg via ssh)
776 $ borg init --encryption=repokey-blake2 user@hostname:backup
777 # Remote repository (store the key your home dir)
779 $ borg init --encryption=keyfile user@hostname:backup
780
782 borg [common options] create [options] ARCHIVE [PATH...]
783 Description
785 This command creates a backup archive containing all files found while
786 recursively traversing all paths specified. Paths are added to the ar‐
787 chive as they are given, that means if relative paths are desired, the
788 command has to be run from the correct directory.
789 When giving '-' as path, borg will read data from standard input and
791 create a file 'stdin' in the created archive from that data.
792 The archive will consume almost no disk space for files or parts of
794 files that have already been stored in other archives.
795 The archive name needs to be unique. It must not end in '.checkpoint'
797 or '.checkpoint.N' (with N being a number), because these names are
798 used for checkpoints and treated in special ways.
799 In the archive name, you may use the following placeholders: {now},
801 {utcnow}, {fqdn}, {hostname}, {user} and some others.
802 Backup speed is increased by not reprocessing files that are already
804 part of existing archives and weren't modified. The detection of unmod‐
805 ified files is done by comparing multiple file metadata values with
806 previous values kept in the files cache.
807 This comparison can operate in different modes as given by
809 --files-cache:
810 · ctime,size,inode (default)
812 · mtime,size,inode (default behaviour of borg versions older than
814 1.1.0rc4)
815 · ctime,size (ignore the inode number)
817 · mtime,size (ignore the inode number)
819 · rechunk,ctime (all files are considered modified - rechunk, cache
821 ctime)
822 · rechunk,mtime (all files are considered modified - rechunk, cache
824 mtime)
825 · disabled (disable the files cache, all files considered modified -
827 rechunk)
828 inode number: better safety, but often unstable on network filesystems
830 Normally, detecting file modifications will take inode information into
832 consideration to improve the reliability of file change detection.
833 This is problematic for files located on sshfs and similar network file
834 systems which do not provide stable inode numbers, such files will
835 always be considered modified. You can use modes without inode in this
836 case to improve performance, but reliability of change detection might
837 be reduced.
838 ctime vs. mtime: safety vs. speed
840 · ctime is a rather safe way to detect changes to a file (metadata and
842 contents) as it can not be set from userspace. But, a metadata-only
843 change will already update the ctime, so there might be some unneces‐
844 sary chunking/hashing even without content changes. Some filesystems
845 do not support ctime (change time).
846 · mtime usually works and only updates if file contents were changed.
848 But mtime can be arbitrarily set from userspace, e.g. to set mtime
849 back to the same value it had before a content change happened. This
850 can be used maliciously as well as well-meant, but in both cases
851 mtime based cache modes can be problematic.
852 The mount points of filesystems or filesystem snapshots should be the
854 same for every creation of a new archive to ensure fast operation. This
855 is because the file cache that is used to determine changed files
856 quickly uses absolute filenames. If this is not possible, consider
857 creating a bind mount to a stable location.
858 The --progress option shows (from left to right) Original, Compressed
860 and Deduplicated (O, C and D, respectively), then the Number of files
861 (N) processed so far, followed by the currently processed path.
862 When using --stats, you will get some statistics about how much data
864 was added - the "This Archive" deduplicated size there is most inter‐
865 esting as that is how much your repository will grow. Please note that
866 the "All archives" stats refer to the state after creation. Also, the
867 --stats and --dry-run options are mutually exclusive because the data
868 is not actually compressed and deduplicated during a dry run.
869 See the output of the "borg help patterns" command for more help on
871 exclude patterns. See the output of the "borg help placeholders" com‐
872 mand for more help on placeholders.
873 The --exclude patterns are not like tar. In tar --exclude .bundler/gems
875 will exclude foo/.bundler/gems. In borg it will not, you need to use
876 --exclude '*/.bundler/gems' to get the same effect. See borg help pat‐
877 terns for more information.
878 In addition to using --exclude patterns, it is possible to use
880 --exclude-if-present to specify the name of a filesystem object (e.g. a
881 file or folder name) which, when contained within another folder, will
882 prevent the containing folder from being backed up. By default, the
883 containing folder and all of its contents will be omitted from the
884 backup. If, however, you wish to only include the objects specified by
885 --exclude-if-present in your backup, and not include any other contents
886 of the containing folder, this can be enabled through using the
887 --keep-exclude-tags option.
888 Item flags
890 --list outputs a list of all files, directories and other file system
891 items it considered (no matter whether they had content changes or
892 not). For each item, it prefixes a single-letter flag that indicates
893 type and/or status of the item.
894 If you are interested only in a subset of that output, you can give
896 e.g. --filter=AME and it will only show regular files with A, M or E
897 status (see below).
898 A uppercase character represents the status of a regular file relative
900 to the "files" cache (not relative to the repo -- this is an issue if
901 the files cache is not used). Metadata is stored in any case and for
902 'A' and 'M' also new data chunks are stored. For 'U' all data chunks
903 refer to already existing chunks.
904 · 'A' = regular file, added (see also a_status_oddity in the FAQ)
906 · 'M' = regular file, modified
908 · 'U' = regular file, unchanged
910 · 'E' = regular file, an error happened while accessing/reading this
912 file
913 A lowercase character means a file type other than a regular file, borg
915 usually just stores their metadata:
916 · 'd' = directory
918 · 'b' = block device
920 · 'c' = char device
922 · 'h' = regular file, hardlink (to already seen inodes)
924 · 's' = symlink
926 · 'f' = fifo
928 Other flags used include:
930 · 'i' = backup data was read from standard input (stdin)
932 · '-' = dry run, item was not backed up
934 · 'x' = excluded, item was not backed up
936 · '?' = missing status code (if you see this, please file a bug
938 report!)
939 Examples
941 # Backup ~/Documents into an archive named "my-documents"
942 $ borg create /path/to/repo::my-documents ~/Documents
943 # same, but list all files as we process them
945 $ borg create --list /path/to/repo::my-documents ~/Documents
946 # Backup ~/Documents and ~/src but exclude pyc files
948 $ borg create /path/to/repo::my-files \
949 ~/Documents \
950 ~/src \
951 --exclude '*.pyc'
952 # Backup home directories excluding image thumbnails (i.e. only
954 # /home/<one directory>/.thumbnails is excluded, not /home/*/*/.thumbnails etc.)
955 $ borg create /path/to/repo::my-files /home \
956 --exclude 'sh:/home/*/.thumbnails'
957 # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
959 # use zlib compression (good, but slow) - default is lz4 (fast, low compression ratio)
960 $ borg create -C zlib,6 --one-file-system /path/to/repo::root-{now:%Y-%m-%d} /
961 # Backup a remote host locally ("pull" style) using sshfs
963 $ mkdir sshfs-mount
964 $ sshfs root@example.com:/ sshfs-mount
965 $ cd sshfs-mount
966 $ borg create /path/to/repo::example.com-root-{now:%Y-%m-%d} .
967 $ cd ..
968 $ fusermount -u sshfs-mount
969 # Make a big effort in fine granular deduplication (big chunk management
971 # overhead, needs a lot of RAM and disk space, see formula in internals
972 # docs - same parameters as borg < 1.0 or attic):
973 $ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff
974 # Backup a raw device (must not be active/in use/mounted at that time)
976 $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -
977 # No compression (none)
979 $ borg create --compression none /path/to/repo::arch ~
980 # Super fast, low compression (lz4, default)
982 $ borg create /path/to/repo::arch ~
983 # Less fast, higher compression (zlib, N = 0..9)
985 $ borg create --compression zlib,N /path/to/repo::arch ~
986 # Even slower, even higher compression (lzma, N = 0..9)
988 $ borg create --compression lzma,N /path/to/repo::arch ~
989 # Only compress compressible data with lzma,N (N = 0..9)
991 $ borg create --compression auto,lzma,N /path/to/repo::arch ~
992 # Use short hostname, user name and current time in archive name
994 $ borg create /path/to/repo::{hostname}-{user}-{now} ~
995 # Similar, use the same datetime format as borg 1.1 will have as default
996 $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
997 # As above, but add nanoseconds
998 $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~
999 # Backing up relative paths by moving into the correct directory first
1001 $ cd /home/user/Documents
1002 # The root directory of the archive will be "projectA"
1003 $ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA
1004
1006 borg [common options] extract [options] ARCHIVE [PATH...]
1007 Description
1009 This command extracts the contents of an archive. By default the entire
1010 archive is extracted but a subset of files and directories can be
1011 selected by passing a list of PATHs as arguments. The file selection
1012 can further be restricted by using the --exclude option.
1013 See the output of the "borg help patterns" command for more help on
1015 exclude patterns.
1016 By using --dry-run, you can do all extraction steps except actually
1018 writing the output data: reading metadata and data chunks from the
1019 repo, checking the hash/hmac, decrypting, decompressing.
1020 --progress can be slower than no progress display, since it makes one
1022 additional pass over the archive metadata.
1023 NOTE:
1025 Currently, extract always writes into the current working directory
1026 ("."), so make sure you cd to the right place before calling borg
1027 extract.
1028 Examples
1030 # Extract entire archive
1031 $ borg extract /path/to/repo::my-files
1032 # Extract entire archive and list files while processing
1034 $ borg extract --list /path/to/repo::my-files
1035 # Verify whether an archive could be successfully extracted, but do not write files to disk
1037 $ borg extract --dry-run /path/to/repo::my-files
1038 # Extract the "src" directory
1040 $ borg extract /path/to/repo::my-files home/USERNAME/src
1041 # Extract the "src" directory but exclude object files
1043 $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'
1044 # Restore a raw device (must not be active/in use/mounted at that time)
1046 $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M
1047
1049 borg [common options] check [options] [REPOSITORY_OR_ARCHIVE]
1050 Description
1052 The check command verifies the consistency of a repository and the cor‐
1053 responding archives.
1054 First, the underlying repository data files are checked:
1056 · For all segments the segment magic (header) is checked
1058 · For all objects stored in the segments, all metadata (e.g. crc and
1060 size) and all data is read. The read data is checked by size and CRC.
1061 Bit rot and other types of accidental damage can be detected this
1062 way.
1063 · If we are in repair mode and a integrity error is detected for a seg‐
1065 ment, we try to recover as many objects from the segment as possible.
1066 · In repair mode, it makes sure that the index is consistent with the
1068 data stored in the segments.
1069 · If you use a remote repo server via ssh:, the repo check is executed
1071 on the repo server without causing significant network traffic.
1072 · The repository check can be skipped using the --archives-only option.
1074 Second, the consistency and correctness of the archive metadata is ver‐
1076 ified:
1077 · Is the repo manifest present? If not, it is rebuilt from archive
1079 metadata chunks (this requires reading and decrypting of all metadata
1080 and data).
1081 · Check if archive metadata chunk is present. if not, remove archive
1083 from manifest.
1084 · For all files (items) in the archive, for all chunks referenced by
1086 these files, check if chunk is present. If a chunk is not present
1087 and we are in repair mode, replace it with a same-size replacement
1088 chunk of zeros. If a previously lost chunk reappears (e.g. via a
1089 later backup) and we are in repair mode, the all-zero replacement
1090 chunk will be replaced by the correct chunk. This requires reading
1091 of archive and file metadata, but not data.
1092 · If we are in repair mode and we checked all the archives: delete
1094 orphaned chunks from the repo.
1095 · if you use a remote repo server via ssh:, the archive check is exe‐
1097 cuted on the client machine (because if encryption is enabled, the
1098 checks will require decryption and this is always done client-side,
1099 because key access will be required).
1100 · The archive checks can be time consuming, they can be skipped using
1102 the --repository-only option.
1103 The --verify-data option will perform a full integrity verification (as
1105 opposed to checking the CRC32 of the segment) of data, which means
1106 reading the data from the repository, decrypting and decompressing it.
1107 This is a cryptographic verification, which will detect (accidental)
1108 corruption. For encrypted repositories it is tamper-resistant as well,
1109 unless the attacker has access to the keys.
1110 It is also very slow.
1112
1114 borg [common options] rename [options] ARCHIVE NEWNAME
1115 Description
1117 This command renames an archive in the repository.
1118 This results in a different archive ID.
1120 Examples
1122 $ borg create /path/to/repo::archivename ~
1123 $ borg list /path/to/repo
1124 archivename Mon, 2016-02-15 19:50:19
1125 $ borg rename /path/to/repo::archivename newname
1127 $ borg list /path/to/repo
1128 newname Mon, 2016-02-15 19:50:19
1129
1131 borg [common options] list [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1132 Description
1134 This command lists the contents of a repository or an archive.
1135 See the "borg help patterns" command for more help on exclude patterns.
1137 The following keys are available for --format:
1139 · NEWLINE: OS dependent line separator
1141 · NL: alias of NEWLINE
1143 · NUL: NUL character for creating print0 / xargs -0 like output, see
1145 barchive/bpath
1146 · SPACE
1148 · TAB
1150 · CR
1152 · LF
1154 Keys for listing repository archives:
1156 · archive: archive name interpreted as text (might be missing non-text
1158 characters, see barchive)
1159 · name: alias of "archive"
1161 · barchive: verbatim archive name, can contain any character except NUL
1163 · comment: archive comment interpreted as text (might be missing
1165 non-text characters, see bcomment)
1166 · bcomment: verbatim archive comment, can contain any character except
1168 NUL
1169 · id: internal ID of the archive
1171 · start: time (start) of creation of the archive
1173 · time: alias of "start"
1175 · end: time (end) of creation of the archive
1177 · hostname: hostname of host on which this archive was created
1179 · username: username of user who created this archive
1181 Keys for listing archive files:
1183 · type
1185 · mode
1187 · uid
1189 · gid
1191 · user
1193 · group
1195 · path: path interpreted as text (might be missing non-text characters,
1197 see bpath)
1198 · bpath: verbatim POSIX path, can contain any character except NUL
1200 · source: link target for links (identical to linktarget)
1202 · linktarget
1204 · flags
1206 · size
1208 · csize: compressed size
1210 · dsize: deduplicated size
1212 · dcsize: deduplicated compressed size
1214 · num_chunks: number of chunks in this file
1216 · unique_chunks: number of unique chunks in this file
1218 · mtime
1220 · ctime
1222 · atime
1224 · isomtime
1226 · isoctime
1228 · isoatime
1230 · md5
1232 · sha1
1234 · sha224
1236 · sha256
1238 · sha384
1240 · sha512
1242 · archiveid
1244 · archivename
1246 · extra: prepends {source} with " -> " for soft links and " link to "
1248 for hard links
1249 · health: either "healthy" (file ok) or "broken" (if file has all-zero
1251 replacement chunks)
1252 Examples
1254 $ borg list /path/to/repo
1255 Monday Mon, 2016-02-15 19:15:11
1256 repo Mon, 2016-02-15 19:26:54
1257 root-2016-02-15 Mon, 2016-02-15 19:36:29
1258 newname Mon, 2016-02-15 19:50:19
1259 ...
1260 $ borg list /path/to/repo::root-2016-02-15
1262 drwxr-xr-x root root 0 Mon, 2016-02-15 17:44:27 .
1263 drwxrwxr-x root root 0 Mon, 2016-02-15 19:04:49 bin
1264 -rwxr-xr-x root root 1029624 Thu, 2014-11-13 00:08:51 bin/bash
1265 lrwxrwxrwx root root 0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1266 -rwxr-xr-x root root 2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1267 ...
1268 $ borg list /path/to/repo::archiveA --format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
1270 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 .
1271 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 code
1272 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 code/myproject
1273 -rw-rw-r-- user user 1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1274 ...
1275
1277 borg [common options] diff [options] REPO::ARCHIVE1 ARCHIVE2 [PATH...]
1278 Description
1280 This command finds differences (file contents, user/group/mode) between
1281 archives.
1282 A repository location and an archive name must be specified for
1284 REPO::ARCHIVE1. ARCHIVE2 is just another archive name in same reposi‐
1285 tory (no repository location allowed).
1286 For archives created with Borg 1.1 or newer diff automatically detects
1288 whether the archives are created with the same chunker params. If so,
1289 only chunk IDs are compared, which is very fast.
1290 For archives prior to Borg 1.1 chunk contents are compared by default.
1292 If you did not create the archives with different chunker params, pass
1293 --same-chunker-params. Note that the chunker params changed from Borg
1294 0.xx to 1.0.
1295 See the output of the "borg help patterns" command for more help on
1297 exclude patterns.
1298 Examples
1300 $ borg init -e=none testrepo
1301 $ mkdir testdir
1302 $ cd testdir
1303 $ echo asdf > file1
1304 $ dd if=/dev/urandom bs=1M count=4 > file2
1305 $ touch file3
1306 $ borg create ../testrepo::archive1 .
1307 $ chmod a+x file1
1309 $ echo "something" >> file2
1310 $ borg create ../testrepo::archive2 .
1311 $ rm file3
1313 $ touch file4
1314 $ borg create ../testrepo::archive3 .
1315 $ cd ..
1317 $ borg diff testrepo::archive1 archive2
1318 [-rw-r--r-- -> -rwxr-xr-x] file1
1319 +135 B -252 B file2
1320 $ borg diff testrepo::archive2 archive3
1322 added 0 B file4
1323 removed 0 B file3
1324 $ borg diff testrepo::archive1 archive3
1326 [-rw-r--r-- -> -rwxr-xr-x] file1
1327 +135 B -252 B file2
1328 added 0 B file4
1329 removed 0 B file3
1330
1332 borg [common options] delete [options] [TARGET] [ARCHIVE...]
1333 Description
1335 This command deletes an archive from the repository or the complete
1336 repository. Disk space is reclaimed accordingly. If you delete the
1337 complete repository, the local cache for it (if any) is also deleted.
1338 When using --stats, you will get some statistics about how much data
1340 was deleted - the "Deleted data" deduplicated size there is most inter‐
1341 esting as that is how much your repository will shrink. Please note
1342 that the "All archives" stats refer to the state after deletion.
1343 Examples
1345 # delete a single backup archive:
1346 $ borg delete /path/to/repo::Monday
1347 # delete the whole repository and the related local cache:
1349 $ borg delete /path/to/repo
1350 You requested to completely DELETE the repository *including* all archives it contains:
1351 repo Mon, 2016-02-15 19:26:54
1352 root-2016-02-15 Mon, 2016-02-15 19:36:29
1353 newname Mon, 2016-02-15 19:50:19
1354 Type 'YES' if you understand this and want to continue: YES
1355
1357 borg [common options] prune [options] [REPOSITORY]
1358 Description
1360 The prune command prunes a repository by deleting all archives not
1361 matching any of the specified retention options. This command is nor‐
1362 mally used by automated backup scripts wanting to keep a certain number
1363 of historic backups.
1364 Also, prune automatically removes checkpoint archives (incomplete ar‐
1366 chives left behind by interrupted backup runs) except if the checkpoint
1367 is the latest archive (and thus still needed). Checkpoint archives are
1368 not considered when comparing archive counts against the retention lim‐
1369 its (--keep-X).
1370 If a prefix is set with -P, then only archives that start with the pre‐
1372 fix are considered for deletion and only those archives count towards
1373 the totals specified by the rules. Otherwise, all archives in the
1374 repository are candidates for deletion! There is no automatic distinc‐
1375 tion between archives representing different contents. These need to be
1376 distinguished by specifying matching prefixes.
1377 If you have multiple sequences of archives with different data sets
1379 (e.g. from different machines) in one shared repository, use one prune
1380 call per data set that matches only the respective archives using the
1381 -P option.
1382 The --keep-within option takes an argument of the form "<int><char>",
1384 where char is "H", "d", "w", "m", "y". For example, --keep-within 2d
1385 means to keep all archives that were created within the past 48 hours.
1386 "1m" is taken to mean "31d". The archives kept with this option do not
1387 count towards the totals specified by any other options.
1388 A good procedure is to thin out more and more the older your backups
1390 get. As an example, --keep-daily 7 means to keep the latest backup on
1391 each day, up to 7 most recent days with backups (days without backups
1392 do not count). The rules are applied from secondly to yearly, and
1393 backups selected by previous rules do not count towards those of later
1394 rules. The time that each backup starts is used for pruning purposes.
1395 Dates and times are interpreted in the local timezone, and weeks go
1396 from Monday to Sunday. Specifying a negative number of archives to keep
1397 means that there is no limit.
1398 The --keep-last N option is doing the same as --keep-secondly N (and it
1400 will keep the last N archives under the assumption that you do not cre‐
1401 ate more than one backup archive in the same second).
1402 When using --stats, you will get some statistics about how much data
1404 was deleted - the "Deleted data" deduplicated size there is most inter‐
1405 esting as that is how much your repository will shrink. Please note
1406 that the "All archives" stats refer to the state after pruning.
1407 Examples
1409 Be careful, prune is a potentially dangerous command, it will remove
1410 backup archives.
1411 The default of prune is to apply to all archives in the repository
1413 unless you restrict its operation to a subset of the archives using
1414 --prefix. When using --prefix, be careful to choose a good prefix -
1415 e.g. do not use a prefix "foo" if you do not also want to match "foo‐
1416 bar".
1417 It is strongly recommended to always run prune -v --list --dry-run ...
1419 first so you will see what it would do without it actually doing any‐
1420 thing.
1421 # Keep 7 end of day and 4 additional end of week archives.
1423 # Do a dry-run without actually deleting anything.
1424 $ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo
1425 # Same as above but only apply to archive names starting with the hostname
1427 # of the machine followed by a "-" character:
1428 $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --prefix='{hostname}-' /path/to/repo
1429 # Keep 7 end of day, 4 additional end of week archives,
1431 # and an end of month archive for every month:
1432 $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1433 # Keep all backups in the last 10 days, 4 additional end of week archives,
1435 # and an end of month archive for every month:
1436 $ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1437 There is also a visualized prune example in docs/misc/prune-exam‐
1439 ple.txt:
1440 borg prune visualized
1442 =====================
1443 Assume it is 2016-01-01, today's backup has not yet been made and you have
1445 created at least one backup on each day in 2015 except on 2015-12-19 (no
1446 backup made on that day).
1447 This is what borg prune --keep-daily 14 --keep-monthly 6 would keep.
1449 Backups kept by the --keep-daily rule are marked by a "d" to the right,
1451 backups kept by the --keep-monthly rule are marked by a "m" to the right.
1452 Calendar view
1454 -------------
1455 2015
1457 January February March
1458 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1459 1 2 3 4 1 1
1460 5 6 7 8 9 10 11 2 3 4 5 6 7 8 2 3 4 5 6 7 8
1461 12 13 14 15 16 17 18 9 10 11 12 13 14 15 9 10 11 12 13 14 15
1462 19 20 21 22 23 24 25 16 17 18 19 20 21 22 16 17 18 19 20 21 22
1463 26 27 28 29 30 31 23 24 25 26 27 28 23 24 25 26 27 28 29
1464 30 31
1465 April May June
1467 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1468 1 2 3 4 5 1 2 3 1 2 3 4 5 6 7
1469 6 7 8 9 10 11 12 4 5 6 7 8 9 10 8 9 10 11 12 13 14
1470 13 14 15 16 17 18 19 11 12 13 14 15 16 17 15 16 17 18 19 20 21
1471 20 21 22 23 24 25 26 18 19 20 21 22 23 24 22 23 24 25 26 27 28
1472 27 28 29 30 25 26 27 28 29 30 31 29 30m
1473 July August September
1476 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1477 1 2 3 4 5 1 2 1 2 3 4 5 6
1478 6 7 8 9 10 11 12 3 4 5 6 7 8 9 7 8 9 10 11 12 13
1479 13 14 15 16 17 18 19 10 11 12 13 14 15 16 14 15 16 17 18 19 20
1480 20 21 22 23 24 25 26 17 18 19 20 21 22 23 21 22 23 24 25 26 27
1481 27 28 29 30 31m 24 25 26 27 28 29 30 28 29 30m
1482 31m
1483 October November December
1485 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1486 1 2 3 4 1 1 2 3 4 5 6
1487 5 6 7 8 9 10 11 2 3 4 5 6 7 8 7 8 9 10 11 12 13
1488 12 13 14 15 16 17 18 9 10 11 12 13 14 15 14 15 16 17d18d19 20d
1489 19 20 21 22 23 24 25 16 17 18 19 20 21 22 21d22d23d24d25d26d27d
1490 26 27 28 29 30 31m 23 24 25 26 27 28 29 28d29d30d31d
1491 30m
1492 List view
1494 ---------
1495 --keep-daily 14 --keep-monthly 6
1497 -------------------------------------------------
1498 1. 2015-12-31 (2015-12-31 kept by daily rule)
1499 2. 2015-12-30 1. 2015-11-30
1500 3. 2015-12-29 2. 2015-10-31
1501 4. 2015-12-28 3. 2015-09-30
1502 5. 2015-12-27 4. 2015-08-31
1503 6. 2015-12-26 5. 2015-07-31
1504 7. 2015-12-25 6. 2015-06-30
1505 8. 2015-12-24
1506 9. 2015-12-23
1507 10. 2015-12-22
1508 11. 2015-12-21
1509 12. 2015-12-20
1510 (no backup made on 2015-12-19)
1511 13. 2015-12-18
1512 14. 2015-12-17
1513 Notes
1516 -----
1517 2015-12-31 is kept due to the --keep-daily 14 rule (because it is applied
1519 first), not due to the --keep-monthly rule.
1520 Because of that, the --keep-monthly 6 rule keeps Nov, Oct, Sep, Aug, Jul and
1522 Jun. December is not considered for this rule, because that backup was already
1523 kept because of the daily rule.
1524 2015-12-17 is kept to satisfy the --keep-daily 14 rule - because no backup was
1526 made on 2015-12-19. If a backup had been made on that day, it would not keep
1527 the one from 2015-12-17.
1528 We did not include yearly, weekly, hourly, minutely or secondly rules to keep
1530 this example simple. They all work in basically the same way.
1531 The weekly rule is easy to understand roughly, but hard to understand in all
1533 details. If interested, read "ISO 8601:2000 standard week-based year".
1534
1537 borg [common options] info [options] [REPOSITORY_OR_ARCHIVE]
1538 Description
1540 This command displays detailed information about the specified archive
1541 or repository.
1542 Please note that the deduplicated sizes of the individual archives do
1544 not add up to the deduplicated size of the repository ("all archives"),
1545 because the two are meaning different things:
1546 This archive / deduplicated size = amount of data stored ONLY for this
1548 archive = unique chunks of this archive. All archives / deduplicated
1549 size = amount of data stored in the repo = all chunks in the reposi‐
1550 tory.
1551 Borg archives can only contain a limited amount of file metadata. The
1553 size of an archive relative to this limit depends on a number of fac‐
1554 tors, mainly the number of files, the lengths of paths and other meta‐
1555 data stored for files. This is shown as utilization of maximum sup‐
1556 ported archive size.
1557 Examples
1559 $ borg info /path/to/repo::2017-06-29T11:00-srv
1560 Archive name: 2017-06-29T11:00-srv
1561 Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1562 Comment:
1563 Hostname: myhostname
1564 Username: root
1565 Time (start): Thu, 2017-06-29 11:03:07
1566 Time (end): Thu, 2017-06-29 11:03:13
1567 Duration: 5.66 seconds
1568 Number of files: 17037
1569 Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1570 Utilization of max. archive size: 0%
1571 ------------------------------------------------------------------------------
1572 Original size Compressed size Deduplicated size
1573 This archive: 12.53 GB 12.49 GB 1.62 kB
1574 All archives: 121.82 TB 112.41 TB 215.42 GB
1575 Unique chunks Total chunks
1577 Chunk index: 1015213 626934122
1578 $ borg info /path/to/repo --last 1
1580 Archive name: 2017-06-29T11:00-srv
1581 Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1582 Comment:
1583 Hostname: myhostname
1584 Username: root
1585 Time (start): Thu, 2017-06-29 11:03:07
1586 Time (end): Thu, 2017-06-29 11:03:13
1587 Duration: 5.66 seconds
1588 Number of files: 17037
1589 Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1590 Utilization of max. archive size: 0%
1591 ------------------------------------------------------------------------------
1592 Original size Compressed size Deduplicated size
1593 This archive: 12.53 GB 12.49 GB 1.62 kB
1594 All archives: 121.82 TB 112.41 TB 215.42 GB
1595 Unique chunks Total chunks
1597 Chunk index: 1015213 626934122
1598 $ borg info /path/to/repo
1600 Repository ID: d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1601 Location: /path/to/repo
1602 Encrypted: Yes (repokey)
1603 Cache: /root/.cache/borg/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1604 Security dir: /root/.config/borg/security/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1605 ------------------------------------------------------------------------------
1606 Original size Compressed size Deduplicated size
1607 All archives: 121.82 TB 112.41 TB 215.42 GB
1608 Unique chunks Total chunks
1610 Chunk index: 1015213 626934122
1611
1613 borg [common options] mount [options] REPOSITORY_OR_ARCHIVE MOUNTPOINT [PATH...]
1614 Description
1616 This command mounts an archive as a FUSE filesystem. This can be useful
1617 for browsing an archive or restoring individual files. Unless the
1618 --foreground option is given the command will run in the background
1619 until the filesystem is umounted.
1620 The command borgfs provides a wrapper for borg mount. This can also be
1622 used in fstab entries: /path/to/repo /mnt/point fuse.borgfs
1623 defaults,noauto 0 0
1624 To allow a regular user to use fstab entries, add the user option:
1626 /path/to/repo /mnt/point fuse.borgfs defaults,noauto,user 0 0
1627 For FUSE configuration and mount options, see the mount.fuse(8) manual
1629 page.
1630 Additional mount options supported by borg:
1632 · versions: when used with a repository mount, this gives a merged,
1634 versioned view of the files in the archives. EXPERIMENTAL, layout may
1635 change in future.
1636 · allow_damaged_files: by default damaged files (where missing chunks
1638 were replaced with runs of zeros by borg check --repair) are not
1639 readable and return EIO (I/O error). Set this option to read such
1640 files.
1641 · ignore_permissions: for security reasons the "default_permissions"
1643 mount option is internally enforced by borg. "ignore_permissions" can
1644 be given to not enforce "default_permissions".
1645 The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is meant for
1647 advanced users to tweak the performance. It sets the number of cached
1648 data chunks; additional memory usage can be up to ~8 MiB times this
1649 number. The default is the number of CPU cores.
1650 When the daemonized process receives a signal or crashes, it does not
1652 unmount. Unmounting in these cases could cause an active rsync or sim‐
1653 ilar process to unintentionally delete data.
1654 When running in the foreground ^C/SIGINT unmounts cleanly, but other
1656 signals or crashes do not.
1657
1659 borg [common options] umount [options] MOUNTPOINT
1660 Description
1662 This command un-mounts a FUSE filesystem that was mounted with borg
1663 mount.
1664 This is a convenience wrapper that just calls the platform-specific
1666 shell command - usually this is either umount or fusermount -u.
1667 Examples
1669 # Mounting the repository shows all archives.
1670 # Archives are loaded lazily, expect some delay when navigating to an archive
1671 # for the first time.
1672 $ borg mount /path/to/repo /tmp/mymountpoint
1673 $ ls /tmp/mymountpoint
1674 root-2016-02-14 root-2016-02-15
1675 $ borg umount /tmp/mymountpoint
1676 # Mounting a specific archive is possible as well.
1678 $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
1679 $ ls /tmp/mymountpoint
1680 bin boot etc home lib lib64 lost+found media mnt opt
1681 root sbin srv tmp usr var
1682 $ borg umount /tmp/mymountpoint
1683 # The experimental "versions view" merges all archives in the repository
1685 # and provides a versioned view on files.
1686 $ borg mount -o versions /path/to/repo /tmp/mymountpoint
1687 $ ls -l /tmp/mymountpoint/home/user/doc.txt/
1688 total 24
1689 -rw-rw-r-- 1 user group 12357 Aug 26 21:19 doc.cda00bc9.txt
1690 -rw-rw-r-- 1 user group 12204 Aug 26 21:04 doc.fa760f28.txt
1691 $ borg umount /tmp/mymountpoint
1692 # Archive filters are supported.
1694 # These are especially handy for the "versions view",
1695 # which does not support lazy processing of archives.
1696 $ borg mount -o versions --glob-archives '*-my-home' --last 10 /path/to/repo /tmp/mymountpoint
1697 # Exclusion options are supported.
1699 # These can speed up mounting and lower memory needs significantly.
1700 $ borg mount /path/to/repo /tmp/mymountpoint only/that/path
1701 $ borg mount --exclude '...' /path/to/repo /tmp/mymountpoint
1702 borgfs
1704 $ echo '/mnt/backup /tmp/myrepo fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1705 $ echo '/mnt/backup::root-2016-02-15 /tmp/myarchive fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1706 $ mount /tmp/myrepo
1707 $ mount /tmp/myarchive
1708 $ ls /tmp/myrepo
1709 root-2016-02-01 root-2016-02-2015
1710 $ ls /tmp/myarchive
1711 bin boot etc home lib lib64 lost+found media mnt opt root sbin srv tmp usr var
1712 NOTE:
1714 borgfs will be automatically provided if you used a distribution
1715 package, pip or setup.py to install Borg. Users of the standalone
1716 binary will have to manually create a symlink (see pyin‐
1717 staller-binary).
1718
1720 borg [common options] key change-passphrase [options] [REPOSITORY]
1721 Description
1723 The key files used for repository encryption are optionally passphrase
1724 protected. This command can be used to change this passphrase.
1725 Please note that this command only changes the passphrase, but not any
1727 secret protected by it (like e.g. encryption/MAC keys or chunker seed).
1728 Thus, changing the passphrase after passphrase and borg key got compro‐
1729 mised does not protect future (nor past) backups to the same reposi‐
1730 tory.
1731 Examples
1733 # Create a key file protected repository
1734 $ borg init --encryption=keyfile -v /path/to/repo
1735 Initializing repository at "/path/to/repo"
1736 Enter new passphrase:
1737 Enter same passphrase again:
1738 Remember your passphrase. Your data will be inaccessible without it.
1739 Key in "/root/.config/borg/keys/mnt_backup" created.
1740 Keep this key safe. Your data will be inaccessible without it.
1741 Synchronizing chunks cache...
1742 Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
1743 Done.
1744 # Change key file passphrase
1746 $ borg key change-passphrase -v /path/to/repo
1747 Enter passphrase for key /root/.config/borg/keys/mnt_backup:
1748 Enter new passphrase:
1749 Enter same passphrase again:
1750 Remember your passphrase. Your data will be inaccessible without it.
1751 Key updated
1752 Fully automated using environment variables:
1754 $ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
1756 # now "old" is the current passphrase.
1757 $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
1758 # now "new" is the current passphrase.
1759
1761 borg [common options] key export [options] [REPOSITORY] [PATH]
1762 Description
1764 If repository encryption is used, the repository is inaccessible with‐
1765 out the key. This command allows to backup this essential key. Note
1766 that the backup produced does not include the passphrase itself (i.e.
1767 the exported key stays encrypted). In order to regain access to a
1768 repository, one needs both the exported key and the original
1769 passphrase.
1770 There are two backup formats. The normal backup format is suitable for
1772 digital storage as a file. The --paper backup format is optimized for
1773 printing and typing in while importing, with per line checks to reduce
1774 problems with manual input.
1775 For repositories using keyfile encryption the key is saved locally on
1777 the system that is capable of doing backups. To guard against loss of
1778 this key, the key needs to be backed up independently of the main data
1779 backup.
1780 For repositories using the repokey encryption the key is saved in the
1782 repository in the config file. A backup is thus not strictly needed,
1783 but guards against the repository becoming inaccessible if the file is
1784 damaged for some reason.
1785
1787 borg [common options] key import [options] [REPOSITORY] [PATH]
1788 Description
1790 This command allows to restore a key previously backed up with the
1791 export command.
1792 If the --paper option is given, the import will be an interactive
1794 process in which each line is checked for plausibility before proceed‐
1795 ing to the next line. For this format PATH must not be given.
1796
1798 borg [common options] upgrade [options] [REPOSITORY]
1799 Description
1801 Upgrade an existing, local Borg repository.
1802 When you do not need borg upgrade
1804 Not every change requires that you run borg upgrade.
1805 You do not need to run it when:
1807 · moving your repository to a different place
1809 · upgrading to another point release (like 1.0.x to 1.0.y), except when
1811 noted otherwise in the changelog
1812 · upgrading from 1.0.x to 1.1.x, except when noted otherwise in the
1814 changelog
1815 Borg 1.x.y upgrades
1817 Use borg upgrade --tam REPO to require manifest authentication intro‐
1818 duced with Borg 1.0.9 to address security issues. This means that modi‐
1819 fying the repository after doing this with a version prior to 1.0.9
1820 will raise a validation error, so only perform this upgrade after
1821 updating all clients using the repository to 1.0.9 or newer.
1822 This upgrade should be done on each client for safety reasons.
1824 If a repository is accidentally modified with a pre-1.0.9 client after
1826 this upgrade, use borg upgrade --tam --force REPO to remedy it.
1827 If you routinely do this you might not want to enable this upgrade
1829 (which will leave you exposed to the security issue). You can reverse
1830 the upgrade by issuing borg upgrade --disable-tam REPO.
1831 See
1833 https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
1834 for details.
1835 Attic and Borg 0.xx to Borg 1.x
1837 This currently supports converting an Attic repository to Borg and also
1838 helps with converting Borg 0.xx to 1.0.
1839 Currently, only LOCAL repositories can be upgraded (issue #465).
1841 Please note that borg create (since 1.0.0) uses bigger chunks by
1843 default than old borg or attic did, so the new chunks won't deduplicate
1844 with the old chunks in the upgraded repository. See --chunker-params
1845 option of borg create and borg recreate.
1846 borg upgrade will change the magic strings in the repository's segments
1848 to match the new Borg magic strings. The keyfiles found in
1849 $ATTIC_KEYS_DIR or ~/.attic/keys/ will also be converted and copied to
1850 $BORG_KEYS_DIR or ~/.config/borg/keys.
1851 The cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic
1853 to $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between Borg
1854 and Attic changed, so it is possible the first backup after the conver‐
1855 sion takes longer than expected due to the cache resync.
1856 Upgrade should be able to resume if interrupted, although it will still
1858 iterate over all segments. If you want to start from scratch, use borg
1859 delete over the copied repository to make sure the cache files are also
1860 removed:
1861 borg delete borg
1862 Unless --inplace is specified, the upgrade process first creates a
1864 backup copy of the repository, in REPOSITORY.before-upgrade-DATETIME,
1865 using hardlinks. This requires that the repository and its parent
1866 directory reside on same filesystem so the hardlink copy can work.
1867 This takes longer than in place upgrades, but is much safer and gives
1868 progress information (as opposed to cp -al). Once you are satisfied
1869 with the conversion, you can safely destroy the backup copy.
1870 WARNING: Running the upgrade in place will make the current copy unus‐
1872 able with older version, with no way of going back to previous ver‐
1873 sions. This can PERMANENTLY DAMAGE YOUR REPOSITORY! Attic CAN NOT READ
1874 BORG REPOSITORIES, as the magic strings have changed. You have been
1875 warned.
1876 Examples
1878 # Upgrade the borg repository to the most recent version.
1879 $ borg upgrade -v /path/to/repo
1880 making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
1881 opening attic repository with borg and converting
1882 no key file found for repository
1883 converting repo index /path/to/repo/index.0
1884 converting 1 segments...
1885 converting borg 0.xx to borg current
1886 no key file found for repository
1887 Upgrading a passphrase encrypted attic repo
1889 attic offered a "passphrase" encryption mode, but this was removed in
1890 borg 1.0 and replaced by the "repokey" mode (which stores the
1891 passphrase-protected encryption key into the repository config).
1892 Thus, to upgrade a "passphrase" attic repo to a "repokey" borg repo, 2
1894 steps are needed, in this order:
1895 · borg upgrade repo
1897 · borg key migrate-to-repokey repo
1899
1901 borg [common options] recreate [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1902 Description
1904 Recreate the contents of existing archives.
1905 This is an experimental feature. Do not use this on your only backup.
1907 --exclude, --exclude-from, --exclude-if-present, --keep-exclude-tags,
1909 and PATH have the exact same semantics as in "borg create". If PATHs
1910 are specified the resulting archive will only contain files from these
1911 PATHs.
1912 Note that all paths in an archive are relative, therefore absolute pat‐
1914 terns/paths will not match (--exclude, --exclude-from, PATHs).
1915 --recompress allows to change the compression of existing data in ar‐
1917 chives. Due to how Borg stores compressed size information this might
1918 display incorrect information for archives that were not recreated at
1919 the same time. There is no risk of data loss by this.
1920 --chunker-params will re-chunk all files in the archive, this can be
1922 used to have upgraded Borg 0.xx or Attic archives deduplicate with Borg
1923 1.x archives.
1924 USE WITH CAUTION. Depending on the PATHs and patterns given, recreate
1926 can be used to permanently delete files from archives. When in doubt,
1927 use --dry-run --verbose --list to see how patterns/PATHS are inter‐
1928 preted.
1929 The archive being recreated is only removed after the operation com‐
1931 pletes. The archive that is built during the operation exists at the
1932 same time at "<ARCHIVE>.recreate". The new archive will have a differ‐
1933 ent archive ID.
1934 With --target the original archive is not replaced, instead a new ar‐
1936 chive is created.
1937 When rechunking space usage can be substantial, expect at least the
1939 entire deduplicated size of the archives using the previous chunker
1940 params. When recompressing expect approx. (throughput / check‐
1941 point-interval) in space usage, assuming all chunks are recompressed.
1942 If you recently ran borg check --repair and it had to fix lost chunks
1944 with all-zero replacement chunks, please first run another backup for
1945 the same data and re-run borg check --repair afterwards to heal any ar‐
1946 chives that had lost chunks which are still generated from the input
1947 data.
1948 Important: running borg recreate to re-chunk will remove the
1950 chunks_healthy metadata of all items with replacement chunks, so heal‐
1951 ing will not be possible any more after re-chunking (it is also
1952 unlikely it would ever work: due to the change of chunking parameters,
1953 the missing chunk likely will never be seen again even if you still
1954 have the data that produced it).
1955 Examples
1957 # Make old (Attic / Borg 0.xx) archives deduplicate with Borg 1.x archives.
1958 # Archives created with Borg 1.1+ and the default chunker params are skipped
1959 # (archive ID stays the same).
1960 $ borg recreate /mnt/backup --chunker-params default --progress
1961 # Create a backup with little but fast compression
1963 $ borg create /mnt/backup::archive /some/files --compression lz4
1964 # Then compress it - this might take longer, but the backup has already completed,
1965 # so no inconsistencies from a long-running backup job.
1966 $ borg recreate /mnt/backup::archive --recompress --compression zlib,9
1967 # Remove unwanted files from all archives in a repository.
1969 # Note the relative path for the --exclude option - archives only contain relative paths.
1970 $ borg recreate /mnt/backup --exclude home/icke/Pictures/drunk_photos
1971 # Change archive comment
1973 $ borg create --comment "This is a comment" /mnt/backup::archivename ~
1974 $ borg info /mnt/backup::archivename
1975 Name: archivename
1976 Fingerprint: ...
1977 Comment: This is a comment
1978 ...
1979 $ borg recreate --comment "This is a better comment" /mnt/backup::archivename
1980 $ borg info /mnt/backup::archivename
1981 Name: archivename
1982 Fingerprint: ...
1983 Comment: This is a better comment
1984 ...
1985
1987 borg [common options] export-tar [options] ARCHIVE FILE [PATH...]
1988 Description
1990 This command creates a tarball from an archive.
1991 When giving '-' as the output FILE, Borg will write a tar stream to
1993 standard output.
1994 By default (--tar-filter=auto) Borg will detect whether the FILE should
1996 be compressed based on its file extension and pipe the tarball through
1997 an appropriate filter before writing it to FILE:
1998 · .tar.gz: gzip
2000 · .tar.bz2: bzip2
2002 · .tar.xz: xz
2004 Alternatively a --tar-filter program may be explicitly specified. It
2006 should read the uncompressed tar stream from stdin and write a com‐
2007 pressed/filtered tar stream to stdout.
2008 The generated tarball uses the GNU tar format.
2010 export-tar is a lossy conversion: BSD flags, ACLs, extended attributes
2012 (xattrs), atime and ctime are not exported. Timestamp resolution is
2013 limited to whole seconds, not the nanosecond resolution otherwise sup‐
2014 ported by Borg.
2015 A --sparse option (as found in borg extract) is not supported.
2017 By default the entire archive is extracted but a subset of files and
2019 directories can be selected by passing a list of PATHs as arguments.
2020 The file selection can further be restricted by using the --exclude
2021 option.
2022 See the output of the "borg help patterns" command for more help on
2024 exclude patterns.
2025 --progress can be slower than no progress display, since it makes one
2027 additional pass over the archive metadata.
2028 Examples
2030 # export as uncompressed tar
2031 $ borg export-tar /path/to/repo::Monday Monday.tar
2032 # exclude some types, compress using gzip
2034 $ borg export-tar /path/to/repo::Monday Monday.tar.gz --exclude '*.so'
2035 # use higher compression level with gzip
2037 $ borg export-tar --tar-filter="gzip -9" testrepo::linux Monday.tar.gz
2038 # export a tar, but instead of storing it on disk,
2040 # upload it to a remote site using curl.
2041 $ borg export-tar /path/to/repo::Monday - | curl --data-binary @- https://somewhere/to/POST
2042 # remote extraction via "tarpipe"
2044 $ borg export-tar /path/to/repo::Monday - | ssh somewhere "cd extracted; tar x"
2045
2047 borg [common options] serve [options]
2048 Description
2050 This command starts a repository server process. This command is usu‐
2051 ally not used manually.
2052 Examples
2054 borg serve has special support for ssh forced commands (see autho‐
2055 rized_keys example below): it will detect that you use such a forced
2056 command and extract the value of the --restrict-to-path option(s).
2057 It will then parse the original command that came from the client,
2059 makes sure that it is also borg serve and enforce path restriction(s)
2060 as given by the forced command. That way, other options given by the
2061 client (like --info or --umask) are preserved (and are not fixed by the
2062 forced command).
2063 Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in
2065 the original command sent by the client are not interpreted, but
2066 ignored. If BORG_XXX environment variables should be set on the borg
2067 serve side, then these must be set in system-specific locations like
2068 /etc/environment or in the forced command itself (example below).
2069 # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
2071 # Use key options to disable unneeded and potentially dangerous SSH functionality.
2072 # This will help to secure an automated remote backup system.
2073 $ cat ~/.ssh/authorized_keys
2074 command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]
2075 # Set a BORG_XXX environment variable on the "borg serve" side
2077 $ cat ~/.ssh/authorized_keys
2078 command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
2079 NOTE:
2081 The examples above use the restrict directive. This does automati‐
2082 cally block potential dangerous ssh features, even when they are
2083 added in a future update. Thus, this option should be preferred.
2084 If you're using openssh-server < 7.2, however, you have to explic‐
2086 itly specify the ssh features to restrict and cannot simply use the
2087 restrict option as it has been introduced in v7.2. We recommend to
2088 use no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forward‐
2089 ing,no-user-rc in this case.
2090 SSH Configuration
2092 borg serve's pipes (stdin/stdout/stderr) are connected to the sshd
2093 process on the server side. In the event that the SSH connection
2094 between borg serve and the client is disconnected or stuck abnormally
2095 (for example, due to a network outage), it can take a long time for
2096 sshd to notice the client is disconnected. In the meantime, sshd con‐
2097 tinues running, and as a result so does the borg serve process holding
2098 the lock on the repository. This can cause subsequent borg operations
2099 on the remote repository to fail with the error: Failed to cre‐
2100 ate/acquire the lock.
2101 In order to avoid this, it is recommended to perform the following
2103 additional SSH configuration:
2104 Either in the client side's ~/.ssh/config file, or in the client's
2106 /etc/ssh/ssh_config file:
2107 Host backupserver
2109 ServerAliveInterval 10
2110 ServerAliveCountMax 30
2111 Replacing backupserver with the hostname, FQDN or IP address of the
2113 borg server.
2114 This will cause the client to send a keepalive to the server every 10
2116 seconds. If 30 consecutive keepalives are sent without a response (a
2117 time of 300 seconds), the ssh client process will be terminated, caus‐
2118 ing the borg process to terminate gracefully.
2119 On the server side's sshd configuration file (typically
2121 /etc/ssh/sshd_config):
2122 ClientAliveInterval 10
2124 ClientAliveCountMax 30
2125 This will cause the server to send a keep alive to the client every 10
2127 seconds. If 30 consecutive keepalives are sent without a response (a
2128 time of 300 seconds), the server's sshd process will be terminated,
2129 causing the borg serve process to terminate gracefully and release the
2130 lock on the repository.
2131 If you then run borg commands with --lock-wait 600, this gives suffi‐
2133 cient time for the borg serve processes to terminate after the SSH con‐
2134 nection is torn down after the 300 second wait for the keepalives to
2135 fail.
2136 You may, of course, modify the timeout values demonstrated above to
2138 values that suit your environment and use case.
2139
2141 borg [common options] config [options] REPOSITORY [NAME] [VALUE]
2142 Description
2144 This command gets and sets options in a local repository or cache con‐
2145 fig file. For security reasons, this command only works on local
2146 repositories.
2147 To delete a config value entirely, use --delete. To list the values of
2149 the configuration file or the default values, use --list. To get and
2150 existing key, pass only the key name. To set a key, pass both the key
2151 name and the new value. Keys can be specified in the format "sec‐
2152 tion.name" or simply "name"; the section will default to "repository"
2153 and "cache" for the repo and cache configs, respectively.
2154 By default, borg config manipulates the repository config file. Using
2156 --cache edits the repository cache's config file instead.
2157 NOTE:
2159 The repository & cache config files are some of the only directly
2160 manipulable parts of a repository that aren't versioned or backed
2161 up, so be careful when making changes!
2162 Examples
2164 # find cache directory
2165 $ cd ~/.cache/borg/$(borg config /path/to/repo id)
2166 # reserve some space
2168 $ borg config /path/to/repo additional_free_space 2G
2169 # make a repo append-only
2171 $ borg config /path/to/repo append_only 1
2172
2174 borg [common options] with-lock [options] REPOSITORY COMMAND [ARGS...]
2175 Description
2177 This command runs a user-specified command while the repository lock is
2178 held.
2179 It will first try to acquire the lock (make sure that no other opera‐
2181 tion is running in the repo), then execute the given command as a sub‐
2182 process and wait for its termination, release the lock and return the
2183 user command's return code as borg's return code.
2184 NOTE:
2186 If you copy a repository with the lock held, the lock will be
2187 present in the copy. Thus, before using borg on the copy from a dif‐
2188 ferent host, you need to use "borg break-lock" on the copied reposi‐
2189 tory, because Borg is cautious and does not automatically remove
2190 stale locks made by a different host.
2191
2193 borg [common options] break-lock [options] [REPOSITORY]
2194 Description
2196 This command breaks the repository and cache locks. Please use care‐
2197 fully and only while no borg process (on any machine) is trying to
2198 access the Cache or the Repository.
2199
2201 borg [common options] benchmark crud [options] REPO PATH
2202 Description
2204 This command benchmarks borg CRUD (create, read, update, delete) opera‐
2205 tions.
2206 It creates input data below the given PATH and backups this data into
2208 the given REPO. The REPO must already exist (it could be a fresh empty
2209 repo or an existing repo, the command will create / read / update /
2210 delete some archives named borg-benchmark-crud* there.
2211 Make sure you have free space there, you'll need about 1GB each (+
2213 overhead).
2214 If your repository is encrypted and borg needs a passphrase to unlock
2216 the key, use:
2217 BORG_PASSPHRASE=mysecret borg benchmark crud REPO PATH
2219 Measurements are done with different input file sizes and counts. The
2221 file contents are very artificial (either all zero or all random), thus
2222 the measurement results do not necessarily reflect performance with
2223 real data. Also, due to the kind of content used, no compression is
2224 used in these benchmarks.
2225 C- == borg create (1st archive creation, no compression, do not use
2227 files cache)
2228 C-Z- == all-zero files. full dedup, this is primarily measuring
2229 reader/chunker/hasher. C-R- == random files. no dedup, measur‐
2230 ing throughput through all processing stages.
2231 R- == borg extract (extract archive, dry-run, do everything, but do not
2233 write files to disk)
2234 R-Z- == all zero files. Measuring heavily duplicated files.
2235 R-R- == random files. No duplication here, measuring throughput
2236 through all processing stages, except writing to disk.
2237 U- == borg create (2nd archive creation of unchanged input files, mea‐
2239 sure files cache speed)
2240 The throughput value is kind of virtual here, it does not actu‐
2241 ally read the file. U-Z- == needs to check the 2 all-zero
2242 chunks' existence in the repo. U-R- == needs to check existence
2243 of a lot of different chunks in the repo.
2244 D- == borg delete archive (delete last remaining archive, measure dele‐
2246 tion + compaction)
2247 D-Z- == few chunks to delete / few segments to compact/remove.
2248 D-R- == many chunks to delete / many segments to compact/remove.
2249 Please note that there might be quite some variance in these measure‐
2251 ments. Try multiple measurements and having a otherwise idle machine
2252 (and network, if you use it).
2253
2255 borg help patterns
2256 The path/filenames used as input for the pattern matching start from
2257 the currently active recursion root. You usually give the recursion
2258 root(s) when invoking borg and these can be either relative or absolute
2259 paths.
2260 So, when you give relative/ as root, the paths going into the matcher
2262 will look like relative/.../file.ext. When you give /absolute/ as root,
2263 they will look like /absolute/.../file.ext. This is meant when we talk
2264 about "full path" below.
2265 File patterns support these styles: fnmatch, shell, regular expres‐
2267 sions, path prefixes and path full-matches. By default, fnmatch is used
2268 for --exclude patterns and shell-style is used for the experimental
2269 --pattern option.
2270 If followed by a colon (':') the first two characters of a pattern are
2272 used as a style selector. Explicit style selection is necessary when a
2273 non-default style is desired or when the desired pattern starts with
2274 two alphanumeric characters followed by a colon (i.e. aa:something/*).
2275 Fnmatch, selector fm:
2277 This is the default style for --exclude and --exclude-from.
2278 These patterns use a variant of shell pattern syntax, with '*'
2279 matching any number of characters, '?' matching any single char‐
2280 acter, '[...]' matching any single character specified, includ‐
2281 ing ranges, and '[!...]' matching any character not specified.
2282 For the purpose of these patterns, the path separator (backslash
2283 for Windows and '/' on other systems) is not treated specially.
2284 Wrap meta-characters in brackets for a literal match (i.e. [?]
2285 to match the literal character ?). For a path to match a pat‐
2286 tern, the full path must match, or it must match from the start
2287 of the full path to just before a path separator. Except for the
2288 root path, paths will never end in the path separator when
2289 matching is attempted. Thus, if a given pattern ends in a path
2290 separator, a '*' is appended before matching is attempted.
2291 Shell-style patterns, selector sh:
2293 This is the default style for --pattern and --patterns-from.
2294 Like fnmatch patterns these are similar to shell patterns. The
2295 difference is that the pattern may include **/ for matching zero
2296 or more directory levels, * for matching zero or more arbitrary
2297 characters with the exception of any path separator.
2298 Regular expressions, selector re:
2300 Regular expressions similar to those found in Perl are sup‐
2301 ported. Unlike shell patterns regular expressions are not
2302 required to match the full path and any substring match is suf‐
2303 ficient. It is strongly recommended to anchor patterns to the
2304 start ('^'), to the end ('$') or both. Path separators (back‐
2305 slash for Windows and '/' on other systems) in paths are always
2306 normalized to a forward slash ('/') before applying a pattern.
2307 The regular expression syntax is described in the Python docu‐
2308 mentation for the re module.
2309 Path prefix, selector pp:
2311 This pattern style is useful to match whole sub-directories. The
2312 pattern pp:root/somedir matches root/somedir and everything
2313 therein.
2314 Path full-match, selector pf:
2316 This pattern style is (only) useful to match full paths. This
2317 is kind of a pseudo pattern as it can not have any variable or
2318 unspecified parts - the full path must be given.
2319 pf:root/file.ext matches root/file.txt only.
2320 Implementation note: this is implemented via very time-efficient
2322 O(1) hashtable lookups (this means you can have huge amounts of
2323 such patterns without impacting performance much). Due to that,
2324 this kind of pattern does not respect any context or order. If
2325 you use such a pattern to include a file, it will always be
2326 included (if the directory recursion encounters it). Other
2327 include/exclude patterns that would normally match will be
2328 ignored. Same logic applies for exclude.
2329 NOTE:
2331 re:, sh: and fm: patterns are all implemented on top of the Python
2332 SRE engine. It is very easy to formulate patterns for each of these
2333 types which requires an inordinate amount of time to match paths. If
2334 untrusted users are able to supply patterns, ensure they cannot sup‐
2335 ply re: patterns. Further, ensure that sh: and fm: patterns only
2336 contain a handful of wildcards at most.
2337 Exclusions can be passed via the command line option --exclude. When
2339 used from within a shell the patterns should be quoted to protect them
2340 from expansion.
2341 The --exclude-from option permits loading exclusion patterns from a
2343 text file with one pattern per line. Lines empty or starting with the
2344 number sign ('#') after removing whitespace on both ends are ignored.
2345 The optional style selector prefix is also supported for patterns
2346 loaded from a file. Due to whitespace removal paths with whitespace at
2347 the beginning or end can only be excluded using regular expressions.
2348 Examples:
2350 # Exclude '/home/user/file.o' but not '/home/user/file.odt':
2352 $ borg create -e '*.o' backup /
2353 # Exclude '/home/user/junk' and '/home/user/subdir/junk' but
2355 # not '/home/user/importantjunk' or '/etc/junk':
2356 $ borg create -e '/home/*/junk' backup /
2357 # Exclude the contents of '/home/user/cache' but not the directory itself:
2359 $ borg create -e /home/user/cache/ backup /
2360 # The file '/home/user/cache/important' is *not* backed up:
2362 $ borg create -e /home/user/cache/ backup / /home/user/cache/important
2363 # The contents of directories in '/home' are not backed up when their name
2365 # ends in '.tmp'
2366 $ borg create --exclude 're:^/home/[^/]+\.tmp/' backup /
2367 # Load exclusions from file
2369 $ cat >exclude.txt <<EOF
2370 # Comment line
2371 /home/*/junk
2372 *.tmp
2373 fm:aa:something/*
2374 re:^/home/[^/]\.tmp/
2375 sh:/home/*/.thumbnails
2376 EOF
2377 $ borg create --exclude-from exclude.txt backup /
2378 A more general and easier to use way to define filename matching pat‐
2379 terns exists with the experimental --pattern and --patterns-from
2380 options. Using these, you may specify the backup roots (starting
2381 points) and patterns for inclusion/exclusion. A root path starts with
2382 the prefix R, followed by a path (a plain path, not a file pattern). An
2383 include rule starts with the prefix +, an exclude rule starts with the
2384 prefix -, an exclude-norecurse rule starts with !, all followed by a
2385 pattern. Inclusion patterns are useful to include paths that are con‐
2386 tained in an excluded path. The first matching pattern is used so if an
2387 include pattern matches before an exclude pattern, the file is backed
2388 up. If an exclude-norecurse pattern matches a directory, it won't
2389 recurse into it and won't discover any potential matches for include
2390 rules below that directory.
2391 Note that the default pattern style for --pattern and --patterns-from
2393 is shell style (sh:), so those patterns behave similar to rsync
2394 include/exclude patterns. The pattern style can be set via the P pre‐
2395 fix.
2396 Patterns (--pattern) and excludes (--exclude) from the command line are
2398 considered first (in the order of appearance). Then patterns from
2399 --patterns-from are added. Exclusion patterns from --exclude-from files
2400 are appended last.
2401 Examples:
2403 # backup pics, but not the ones from 2018, except the good ones:
2405 # note: using = is essential to avoid cmdline argument parsing issues.
2406 borg create --pattern=+pics/2018/good --pattern=-pics/2018 repo::arch pics
2407 # use a file with patterns:
2409 borg create --patterns-from patterns.lst repo::arch
2410 The patterns.lst file could look like that:
2412 # "sh:" pattern style is the default, so the following line is not needed:
2414 P sh
2415 R /
2416 # can be rebuild
2417 - /home/*/.cache
2418 # they're downloads for a reason
2419 - /home/*/Downloads
2420 # susan is a nice person
2421 # include susans home
2422 + /home/susan
2423 # don't backup the other home directories
2424 - /home/*
2425 borg help placeholders
2427 Repository (or Archive) URLs, --prefix, --glob-archives, --comment and
2428 --remote-path values support these placeholders:
2429 {hostname}
2431 The (short) hostname of the machine.
2432 {fqdn} The full name of the machine.
2434 {reverse-fqdn}
2436 The full name of the machine in reverse domain name notation.
2437 {now} The current local date and time, by default in ISO-8601 format.
2439 You can also supply your own format string, e.g.
2440 {now:%Y-%m-%d_%H:%M:%S}
2441 {utcnow}
2443 The current UTC date and time, by default in ISO-8601 format.
2444 You can also supply your own format string, e.g. {utc‐
2445 now:%Y-%m-%d_%H:%M:%S}
2446 {user} The user name (or UID, if no name is available) of the user run‐
2448 ning borg.
2449 {pid} The current process ID.
2451 {borgversion}
2453 The version of borg, e.g.: 1.0.8rc1
2454 {borgmajor}
2456 The version of borg, only the major version, e.g.: 1
2457 {borgminor}
2459 The version of borg, only major and minor version, e.g.: 1.0
2460 {borgpatch}
2462 The version of borg, only major, minor and patch version, e.g.:
2463 1.0.8
2464 If literal curly braces need to be used, double them for escaping:
2466 borg create /path/to/repo::{{literal_text}}
2468 Examples:
2470 borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
2472 borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
2473 borg prune --prefix '{hostname}-' ...
2474 NOTE:
2476 systemd uses a difficult, non-standard syntax for command lines in
2477 unit files (refer to the systemd.unit(5) manual page).
2478 When invoking borg from unit files, pay particular attention to
2480 escaping, especially when using the now/utcnow placeholders, since
2481 systemd performs its own %-based variable replacement even in quoted
2482 text. To avoid interference from systemd, double all percent signs
2483 ({hostname}-{now:%Y-%m-%d_%H:%M:%S} becomes {host‐
2484 name}-{now:%%Y-%%m-%%d_%%H:%%M:%%S}).
2485 borg help compression
2487 It is no problem to mix different compression methods in one repo,
2488 deduplication is done on the source data chunks (not on the compressed
2489 or encrypted data).
2490 If some specific chunk was once compressed and stored into the repo,
2492 creating another backup that also uses this chunk will not change the
2493 stored chunk. So if you use different compression specs for the back‐
2494 ups, whichever stores a chunk first determines its compression. See
2495 also borg recreate.
2496 Compression is lz4 by default. If you want something else, you have to
2498 specify what you want.
2499 Valid compression specifiers are:
2501 none Do not compress.
2503 lz4 Use lz4 compression. Very high speed, very low compression.
2505 (default)
2506 zstd[,L]
2508 Use zstd ("zstandard") compression, a modern wide-range algo‐
2509 rithm. If you do not explicitely give the compression level L
2510 (ranging from 1 to 22), it will use level 3. Archives com‐
2511 pressed with zstd are not compatible with borg < 1.1.4.
2512 zlib[,L]
2514 Use zlib ("gz") compression. Medium speed, medium compression.
2515 If you do not explicitely give the compression level L (ranging
2516 from 0 to 9), it will use level 6. Giving level 0 (means "no
2517 compression", but still has zlib protocol overhead) is usually
2518 pointless, you better use "none" compression.
2519 lzma[,L]
2521 Use lzma ("xz") compression. Low speed, high compression. If
2522 you do not explicitely give the compression level L (ranging
2523 from 0 to 9), it will use level 6. Giving levels above 6 is
2524 pointless and counterproductive because it does not compress
2525 better due to the buffer size used by borg - but it wastes lots
2526 of CPU cycles and RAM.
2527 auto,C[,L]
2529 Use a built-in heuristic to decide per chunk whether to compress
2530 or not. The heuristic tries with lz4 whether the data is com‐
2531 pressible. For incompressible data, it will not use compression
2532 (uses "none"). For compressible data, it uses the given C[,L]
2533 compression - with C[,L] being any valid compression specifier.
2534 Examples:
2536 borg create --compression lz4 REPO::ARCHIVE data
2538 borg create --compression zstd REPO::ARCHIVE data
2539 borg create --compression zstd,10 REPO::ARCHIVE data
2540 borg create --compression zlib REPO::ARCHIVE data
2541 borg create --compression zlib,1 REPO::ARCHIVE data
2542 borg create --compression auto,lzma,6 REPO::ARCHIVE data
2543 borg create --compression auto,lzma ...
2544
2546 There is a borg debug command that has some subcommands which are all
2547 not intended for normal use and potentially very dangerous if used
2548 incorrectly.
2549 For example, borg debug put-obj and borg debug delete-obj will only do
2551 what their name suggests: put objects into repo / delete objects from
2552 repo.
2553 Please note:
2555 · they will not update the chunks cache (chunks index) about the object
2557 · they will not update the manifest (so no automatic chunks index
2559 resync is triggered)
2560 · they will not check whether the object is in use (e.g. before
2562 delete-obj)
2563 · they will not update any metadata which may point to the object
2565 They exist to improve debugging capabilities without direct system
2567 access, e.g. in case you ever run into some severe malfunction. Use
2568 them only if you know what you are doing or if a trusted Borg developer
2569 tells you what to do.
2570 Borg has a --debug-topic TOPIC option to enable specific debugging mes‐
2572 sages. Topics are generally not documented.
2573 A --debug-profile FILE option exists which writes a profile of the main
2575 program's execution to a file. The format of these files is not
2576 directly compatible with the Python profiling tools, since these use
2577 the "marshal" format, which is not intended to be secure (quoting the
2578 Python docs: "Never unmarshal data received from an untrusted or unau‐
2579 thenticated source.").
2580 The borg debug profile-convert command can be used to take a Borg pro‐
2582 file and convert it to a profile file that is compatible with the
2583 Python tools.
2584 Additionally, if the filename specified for --debug-profile ends with
2586 ".pyprof" a Python compatible profile is generated. This is only
2587 intended for local use by developers.
2588
2590 Here are misc. notes about topics that are maybe not covered in enough
2591 detail in the usage section.
2592 --chunker-params
2594 The chunker params influence how input files are cut into pieces
2595 (chunks) which are then considered for deduplication. They also have a
2596 big impact on resource usage (RAM and disk space) as the amount of
2597 resources needed is (also) determined by the total amount of chunks in
2598 the repository (see cache-memory-usage for details).
2599 --chunker-params=10,23,16,4095 results in a fine-grained deduplication|
2601 and creates a big amount of chunks and thus uses a lot of resources to
2602 manage them. This is good for relatively small data volumes and if the
2603 machine has a good amount of free RAM and disk space.
2604 --chunker-params=19,23,21,4095 (default) results in a coarse-grained
2606 deduplication and creates a much smaller amount of chunks and thus uses
2607 less resources. This is good for relatively big data volumes and if the
2608 machine has a relatively low amount of free RAM and disk space.
2609 If you already have made some archives in a repository and you then
2611 change chunker params, this of course impacts deduplication as the
2612 chunks will be cut differently.
2613 In the worst case (all files are big and were touched in between back‐
2615 ups), this will store all content into the repository again.
2616 Usually, it is not that bad though:
2618 · usually most files are not touched, so it will just re-use the old
2620 chunks it already has in the repo
2621 · files smaller than the (both old and new) minimum chunksize result in
2623 only one chunk anyway, so the resulting chunks are same and dedupli‐
2624 cation will apply
2625 If you switch chunker params to save resources for an existing repo
2627 that already has some backup archives, you will see an increasing
2628 effect over time, when more and more files have been touched and stored
2629 again using the bigger chunksize and all references to the smaller
2630 older chunks have been removed (by deleting / pruning archives).
2631 If you want to see an immediate big effect on resource usage, you bet‐
2633 ter start a new repository when changing chunker params.
2634 For more details, see chunker_details.
2636 --noatime / --noctime
2638 You can use these borg create options to not store the respective time‐
2639 stamp into the archive, in case you do not really need it.
2640 Besides saving a little space for the not archived timestamp, it might
2642 also affect metadata stream deduplication: if only this timestamp
2643 changes between backups and is stored into the metadata stream, the
2644 metadata stream chunks won't deduplicate just because of that.
2645 --nobsdflags
2647 You can use this to not query and store (or not extract and set) bsd‐
2648 flags - in case you don't need them or if they are broken somehow for
2649 your fs.
2650 On Linux, dealing with the bsflags needs some additional syscalls.
2652 Especially when dealing with lots of small files, this causes a notica‐
2653 ble overhead, so you can use this option also for speeding up opera‐
2654 tions.
2655 --umask
2657 If you use --umask, make sure that all repository-modifying borg com‐
2658 mands (create, delete, prune) that access the repository in question
2659 use the same --umask value.
2660 If multiple machines access the same repository, this should hold true
2662 for all of them.
2663 --read-special
2665 The --read-special option is special - you do not want to use it for
2666 normal full-filesystem backups, but rather after carefully picking some
2667 targets for it.
2668 The option --read-special triggers special treatment for block and char
2670 device files as well as FIFOs. Instead of storing them as such a device
2671 (or FIFO), they will get opened, their content will be read and in the
2672 backup archive they will show up like a regular file.
2673 Symlinks will also get special treatment if (and only if) they point to
2675 such a special file: instead of storing them as a symlink, the target
2676 special file will get processed as described above.
2677 One intended use case of this is backing up the contents of one or mul‐
2679 tiple block devices, like e.g. LVM snapshots or inactive LVs or disk
2680 partitions.
2681 You need to be careful about what you include when using --read-spe‐
2683 cial, e.g. if you include /dev/zero, your backup will never terminate.
2684 Restoring such files' content is currently only supported one at a time
2686 via --stdout option (and you have to redirect stdout to where ever it
2687 shall go, maybe directly into an existing device file of your choice or
2688 indirectly via dd).
2689 To some extent, mounting a backup archive with the backups of special
2691 files via borg mount and then loop-mounting the image files from inside
2692 the mount point will work. If you plan to access a lot of data in
2693 there, it likely will scale and perform better if you do not work via
2694 the FUSE mount.
2695 Example
2697 Imagine you have made some snapshots of logical volumes (LVs) you want
2698 to backup.
2699 NOTE:
2701 For some scenarios, this is a good method to get "crash-like" con‐
2702 sistency (I call it crash-like because it is the same as you would
2703 get if you just hit the reset button or your machine would abrubtly
2704 and completely crash). This is better than no consistency at all
2705 and a good method for some use cases, but likely not good enough if
2706 you have databases running.
2707 Then you create a backup archive of all these snapshots. The backup
2709 process will see a "frozen" state of the logical volumes, while the
2710 processes working in the original volumes continue changing the data
2711 stored there.
2712 You also add the output of lvdisplay to your backup, so you can see the
2714 LV sizes in case you ever need to recreate and restore them.
2715 After the backup has completed, you remove the snapshots again.
2717 $ # create snapshots here
2719 $ lvdisplay > lvdisplay.txt
2720 $ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
2721 $ # remove snapshots here
2722 Now, let's see how to restore some LVs from such a backup.
2724 $ borg extract /path/to/repo::arch lvdisplay.txt
2726 $ # create empty LVs with correct sizes here (look into lvdisplay.txt).
2727 $ # we assume that you created an empty root and home LV and overwrite it now:
2728 $ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
2729 $ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home
2730 Append-only mode
2732 A repository can be made "append-only", which means that Borg will
2733 never overwrite or delete committed data (append-only refers to the
2734 segment files, but borg will also reject to delete the repository com‐
2735 pletely). This is useful for scenarios where a backup client machine
2736 backups remotely to a backup server using borg serve, since a hacked
2737 client machine cannot delete backups on the server permanently.
2738 To activate append-only mode, set append_only to 1 in the repository
2740 config:
2741 borg config /path/to/repo append_only 1
2743 Note that you can go back-and-forth between normal and append-only
2745 operation with borg config; it's not a "one way trip."
2746 In append-only mode Borg will create a transaction log in the transac‐
2748 tions file, where each line is a transaction and a UTC timestamp.
2749 In addition, borg serve can act as if a repository is in append-only
2751 mode with its option --append-only. This can be very useful for
2752 fine-tuning access control in .ssh/authorized_keys
2753 command="borg serve --append-only ..." ssh-rsa <key used for not-always-trustable backup clients>
2755 command="borg serve ..." ssh-rsa <key used for backup management>
2756 Running borg init via a borg serve --append-only server will not create
2758 an append-only repository. Running borg init --append-only creates an
2759 append-only repository regardless of server settings.
2760 Example
2762 Suppose an attacker remotely deleted all backups, but your repository
2763 was in append-only mode. A transaction log in this situation might look
2764 like this:
2765 transaction 1, UTC time 2016-03-31T15:53:27.383532
2767 transaction 5, UTC time 2016-03-31T15:53:52.588922
2768 transaction 11, UTC time 2016-03-31T15:54:23.887256
2769 transaction 12, UTC time 2016-03-31T15:55:54.022540
2770 transaction 13, UTC time 2016-03-31T15:55:55.472564
2771 From your security logs you conclude the attacker gained access at
2773 15:54:00 and all the backups where deleted or replaced by compromised
2774 backups. From the log you know that transactions 11 and later are com‐
2775 promised. Note that the transaction ID is the name of the last file in
2776 the transaction. For example, transaction 11 spans files 6 to 11.
2777 In a real attack you'll likely want to keep the compromised repository
2779 intact to analyze what the attacker tried to achieve. It's also a good
2780 idea to make this copy just in case something goes wrong during the
2781 recovery. Since recovery is done by deleting some files, a hard link
2782 copy (cp -al) is sufficient.
2783 The first step to reset the repository to transaction 5, the last
2785 uncompromised transaction, is to remove the hints.N, index.N and
2786 ``
2787 integrity.N``files in the repository (these files are always expend‐
2788 able). In this example N is 13.
2789 Then remove or move all segment files from the segment directories in
2791 data/ starting with file 6:
2792 rm data/**/{6..13}
2794 That's all to do in the repository.
2796 If you want to access this rollbacked repository from a client that
2798 already has a cache for this repository, the cache will reflect a newer
2799 repository state than what you actually have in the repository now,
2800 after the rollback.
2801 Thus, you need to clear the cache:
2803 borg delete --cache-only repo
2805 The cache will get rebuilt automatically. Depending on repo size and
2807 archive count, it may take a while.
2808 You also will need to remove ~/.config/borg/security/REPOID/mani‐
2810 fest-timestamp.
2811 Drawbacks
2813 As data is only appended, and nothing removed, commands like prune or
2814 delete won't free disk space, they merely tag data as deleted in a new
2815 transaction.
2816 Be aware that as soon as you write to the repo in non-append-only mode
2818 (e.g. prune, delete or create archives from an admin machine), it will
2819 remove the deleted objects permanently (including the ones that were
2820 already marked as deleted, but not removed, in append-only mode). Auto‐
2821 mated edits to the repository (such as a cron job running borg prune)
2822 will render append-only mode moot if data is deleted.
2823 Even if an archive appears to be available, it is possible an attacker
2825 could delete just a few chunks from an archive and silently corrupt its
2826 data. While in append-only mode, this is reversible, but borg check
2827 should be run before a writing/pruning operation on an append-only
2828 repository to catch accidental or malicious corruption:
2829 # run without append-only mode
2831 borg check --verify-data repo && borg compact repo
2832 Aside from checking repository & archive integrity you may want to also
2834 manually check backups to ensure their content seems correct.
2835 Further considerations
2837 Append-only mode is not respected by tools other than Borg. rm still
2838 works on the repository. Make sure that backup client machines only get
2839 to access the repository via borg serve.
2840 Ensure that no remote access is possible if the repository is temporar‐
2842 ily set to normal mode for e.g. regular pruning.
2843 Further protections can be implemented, but are outside of Borg's
2845 scope. For example, file system snapshots or wrapping borg serve to set
2846 special permissions or ACLs on new data files.
2847 SSH batch mode
2849 When running Borg using an automated script, ssh might still ask for a
2850 password, even if there is an SSH key for the target server. Use this
2851 to make scripts more robust:
2852 export BORG_RSH='ssh -oBatchMode=yes'
2854
2856 The Borg Collective (see AUTHORS file)
2857
2859 2010-2014 Jonas Borgström, 2015-2019 The Borg Collective (see AUTHORS
2860 file)
28611.1.10 2019-05-16 BORG(1)