1BORG(1) Borg - Deduplicating Archiver BORG(1)
2
6 borg - BorgBackup is a deduplicating backup program with optional com‐
7 pression and authenticated encryption.
8
10 Borg consists of a number of commands. Each command accepts a number of
11 arguments and options and interprets various environment variables.
12 The following sections will describe each command in detail.
13 Commands, options, parameters, paths and such are set in fixed-width.
15 Option values are underlined. Borg has few options accepting a fixed
16 set of values (e.g. --encryption of borg_init). Experimental features
17 are marked with red stripes on the sides, like this paragraph.
18 Experimental features are not stable, which means that they may be
20 changed in incompatible ways or even removed entirely without prior no‐
21 tice in following releases.
22 Positional Arguments and Options: Order matters
24 Borg only supports taking options (-s and --progress in the example) to
25 the left or right of all positional arguments (repo::archive and path
26 in the example), but not in between them:
27 borg create -s --progress repo::archive path # good and preferred
29 borg create repo::archive path -s --progress # also works
30 borg create -s repo::archive path --progress # works, but ugly
31 borg create repo::archive -s --progress path # BAD
32 This is due to a problem in the argparse module:
34 https://bugs.python.org/issue15112
35 Repository URLs
37 Local filesystem (or locally mounted network filesystem):
38 /path/to/repo - filesystem path to repo directory, absolute path
40 path/to/repo - filesystem path to repo directory, relative path
42 Also, stuff like ~/path/to/repo or ~other/path/to/repo works (this is
44 expanded by your shell).
45 Note: you may also prepend a file:// to a filesystem path to get URL
47 style.
48 Remote repositories accessed via ssh user@host:
50 user@host:/path/to/repo - remote repo, absolute path
52 ssh://user@host:port/path/to/repo - same, alternative syntax, port can
54 be given
55 Remote repositories with relative paths can be given using this syntax:
57 user@host:path/to/repo - path relative to current directory
59 user@host:~/path/to/repo - path relative to user's home directory
61 user@host:~other/path/to/repo - path relative to other's home directory
63 Note: giving user@host:/./path/to/repo or user@host:/~/path/to/repo or
65 user@host:/~other/path/to/repo is also supported, but not required
66 here.
67 Remote repositories with relative paths, alternative syntax with port:
69 ssh://user@host:port/./path/to/repo - path relative to current direc‐
71 tory
72 ssh://user@host:port/~/path/to/repo - path relative to user's home di‐
74 rectory
75 ssh://user@host:port/~other/path/to/repo - path relative to other's
77 home directory
78 If you frequently need the same repo URL, it is a good idea to set the
80 BORG_REPO environment variable to set a default for the repo URL:
81 export BORG_REPO='ssh://user@host:port/path/to/repo'
83 Then just leave away the repo URL if only a repo URL is needed and you
85 want to use the default - it will be read from BORG_REPO then.
86 Use :: syntax to give the repo URL when syntax requires giving a posi‐
88 tional argument for the repo (e.g. borg mount :: /mnt).
89 Repository / Archive Locations
91 Many commands want either a repository (just give the repo URL, see
92 above) or an archive location, which is a repo URL followed by ::ar‐
93 chive_name.
94 Archive names must not contain the / (slash) character. For simplicity,
96 maybe also avoid blanks or other characters that have special meaning
97 on the shell or in a filesystem (borg mount will use the archive name
98 as directory name).
99 If you have set BORG_REPO (see above) and an archive location is
101 needed, use ::archive_name - the repo URL part is then read from
102 BORG_REPO.
103 Logging
105 Borg writes all log output to stderr by default. But please note that
106 something showing up on stderr does not indicate an error condition
107 just because it is on stderr. Please check the log levels of the mes‐
108 sages and the return code of borg for determining error, warning or
109 success conditions.
110 If you want to capture the log output to a file, just redirect it:
112 borg create repo::archive myfiles 2>> logfile
114 Custom logging configurations can be implemented via BORG_LOGGING_CONF.
116 The log level of the builtin logging configuration defaults to WARNING.
118 This is because we want Borg to be mostly silent and only output warn‐
119 ings, errors and critical messages, unless output has been requested by
120 supplying an option that implies output (e.g. --list or --progress).
121 Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
123 Use --debug to set DEBUG log level - to get debug, info, warning, error
125 and critical level output.
126 Use --info (or -v or --verbose) to set INFO log level - to get info,
128 warning, error and critical level output.
129 Use --warning (default) to set WARNING log level - to get warning, er‐
131 ror and critical level output.
132 Use --error to set ERROR log level - to get error and critical level
134 output.
135 Use --critical to set CRITICAL log level - to get critical level out‐
137 put.
138 While you can set misc. log levels, do not expect that every command
140 will give different output on different log levels - it's just a possi‐
141 bility.
142 WARNING:
144 Options --critical and --error are provided for completeness, their
145 usage is not recommended as you might miss important information.
146 Return codes
148 Borg can exit with the following return codes (rc):
149 ┌────────────┬────────────────────────────┐
151 │Return code │ Meaning │
152 ├────────────┼────────────────────────────┤
153 │0 │ success (logged as INFO) │
154 ├────────────┼────────────────────────────┤
155 │1 │ warning (operation reached │
156 │ │ its normal end, but there │
157 │ │ were warnings -- you │
158 │ │ should check the log, │
159 │ │ logged as WARNING) │
160 ├────────────┼────────────────────────────┤
161 │2 │ error (like a fatal error, │
162 │ │ a local or remote excep‐ │
163 │ │ tion, the operation did │
164 │ │ not reach its normal end, │
165 │ │ logged as ERROR) │
166 ├────────────┼────────────────────────────┤
167 │128+N │ killed by signal N (e.g. │
168 │ │ 137 == kill -9) │
169 └────────────┴────────────────────────────┘
170 If you use --show-rc, the return code is also logged at the indicated
172 level as the last log entry.
173 Environment Variables
175 Borg uses some environment variables for automation:
176 General:
178 BORG_REPO
180 When set, use the value to give the default repository
181 location. If a command needs an archive parameter, you
182 can abbreviate as ::archive. If a command needs a reposi‐
183 tory parameter, you can either leave it away or abbrevi‐
184 ate as ::, if a positional parameter is required.
185 BORG_PASSPHRASE
187 When set, use the value to answer the passphrase question
188 for encrypted repositories. It is used when a passphrase
189 is needed to access an encrypted repo as well as when a
190 new passphrase should be initially set when initializing
191 an encrypted repo. See also BORG_NEW_PASSPHRASE.
192 BORG_PASSCOMMAND
194 When set, use the standard output of the command (trail‐
195 ing newlines are stripped) to answer the passphrase ques‐
196 tion for encrypted repositories. It is used when a
197 passphrase is needed to access an encrypted repo as well
198 as when a new passphrase should be initially set when
199 initializing an encrypted repo. Note that the command is
200 executed without a shell. So variables, like $HOME will
201 work, but ~ won't. If BORG_PASSPHRASE is also set, it
202 takes precedence. See also BORG_NEW_PASSPHRASE.
203 BORG_PASSPHRASE_FD
205 When set, specifies a file descriptor to read a
206 passphrase from. Programs starting borg may choose to
207 open an anonymous pipe and use it to pass a passphrase.
208 This is safer than passing via BORG_PASSPHRASE, because
209 on some systems (e.g. Linux) environment can be examined
210 by other processes. If BORG_PASSPHRASE or BORG_PASSCOM‐
211 MAND are also set, they take precedence.
212 BORG_NEW_PASSPHRASE
214 When set, use the value to answer the passphrase question
215 when a new passphrase is asked for. This variable is
216 checked first. If it is not set, BORG_PASSPHRASE and
217 BORG_PASSCOMMAND will also be checked. Main usecase for
218 this is to fully automate borg change-passphrase.
219 BORG_DISPLAY_PASSPHRASE
221 When set, use the value to answer the "display the
222 passphrase for verification" question when defining a new
223 passphrase for encrypted repositories.
224 BORG_HOSTNAME_IS_UNIQUE=no
226 Borg assumes that it can derive a unique hostname / iden‐
227 tity (see borg debug info). If this is not the case or
228 you do not want Borg to automatically remove stale locks,
229 set this to no.
230 BORG_HOST_ID
232 Borg usually computes a host id from the FQDN plus the
233 results of uuid.getnode() (which usually returns a unique
234 id based on the MAC address of the network interface. Ex‐
235 cept if that MAC happens to be all-zero - in that case it
236 returns a random value, which is not what we want (be‐
237 cause it kills automatic stale lock removal). So, if you
238 have a all-zero MAC address or other reasons to better
239 externally control the host id, just set this environment
240 variable to a unique value. If all your FQDNs are unique,
241 you can just use the FQDN. If not, use fqdn@uniqueid.
242 BORG_LOGGING_CONF
244 When set, use the given filename as INI-style logging
245 configuration. A basic example conf can be found at
246 docs/misc/logging.conf.
247 BORG_RSH
249 When set, use this command instead of ssh. This can be
250 used to specify ssh options, such as a custom identity
251 file ssh -i /path/to/private/key. See man ssh for other
252 options. Using the --rsh CMD commandline option overrides
253 the environment variable.
254 BORG_REMOTE_PATH
256 When set, use the given path as borg executable on the
257 remote (defaults to "borg" if unset). Using --re‐
258 mote-path PATH commandline option overrides the environ‐
259 ment variable.
260 BORG_FILES_CACHE_SUFFIX
262 When set to a value at least one character long, in‐
263 structs borg to use a specifically named (based on the
264 suffix) alternative files cache. This can be used to
265 avoid loading and saving cache entries for backup sources
266 other than the current sources.
267 BORG_FILES_CACHE_TTL
269 When set to a numeric value, this determines the maximum
270 "time to live" for the files cache entries (default: 20).
271 The files cache is used to quickly determine whether a
272 file is unchanged. The FAQ explains this more detailed
273 in: always_chunking
274 BORG_SHOW_SYSINFO
276 When set to no (default: yes), system information (like
277 OS, Python version, ...) in exceptions is not shown.
278 Please only use for good reasons as it makes issues
279 harder to analyze.
280 BORG_LIBC
282 borg uses ctypes.util.find_library to locate the 'c' li‐
283 brary (aka libc). find_library needs a shell and will
284 invoke some tools like ldconfig, gcc/cc or objdump. If a
285 shell or these tools are not available, you can give the
286 name of your libc via BORG_LIBC=libc.so.6 (for example)
287 and borg will not try the find_library call.
288 BORG_SELFTEST
290 This can be used to influence borg's builtin self-tests.
291 The default is to execute the tests at the beginning of
292 each borg command invocation.
293 BORG_SELFTEST=disabled can be used to switch off the
295 tests and rather save some time. Disabling is not recom‐
296 mended for normal borg users, but large scale borg stor‐
297 age providers can use this to optimize production servers
298 after at least doing a one-time test borg (with selftests
299 not disabled) when installing or upgrading machines / OS
300 / borg.
301 BORG_WORKAROUNDS
303 A list of comma separated strings that trigger work‐
304 arounds in borg, e.g. to work around bugs in other soft‐
305 ware.
306 Currently known strings are:
308 basesyncfile
310 Use the more simple BaseSyncFile code to avoid is‐
311 sues with sync_file_range. You might need this to
312 run borg on WSL (Windows Subsystem for Linux) or
313 in systemd.nspawn containers on some architectures
314 (e.g. ARM). Using this does not affect data
315 safety, but might result in a more bursty write to
316 disk behaviour (not continuously streaming to
317 disk).
318 Some automatic answerers (if set, they automatically answer confirma‐
320 tion questions):
321 BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
323 For "Warning: Attempting to access a previously unknown
324 unencrypted repository"
325 BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
327 For "Warning: The repository at location ... was previ‐
328 ously located at ..."
329 BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
331 For "This is a potentially dangerous function..." (check
332 --repair)
333 BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
335 For "You requested to completely DELETE the repository
336 including all archives it contains:"
337 Note: answers are case sensitive. setting an invalid answer
339 value might either give the default answer or ask you interac‐
340 tively, depending on whether retries are allowed (they by de‐
341 fault are allowed). So please test your scripts interactively
342 before making them a non-interactive script.
343 Directories and files:
345 BORG_BASE_DIR
347 Defaults to $HOME or ~$USER or ~ (in that order). If you
348 want to move all borg-specific folders to a custom path
349 at once, all you need to do is to modify BORG_BASE_DIR:
350 the other paths for cache, config etc. will adapt accord‐
351 ingly (assuming you didn't set them to a different custom
352 value).
353 BORG_CACHE_DIR
355 Defaults to $BORG_BASE_DIR/.cache/borg. If BORG_BASE_DIR
356 is not explicitly set while XDG env var XDG_CACHE_HOME is
357 set, then $XDG_CACHE_HOME/borg is being used instead.
358 This directory contains the local cache and might need a
359 lot of space for dealing with big repositories. Make sure
360 you're aware of the associated security aspects of the
361 cache location: cache_security
362 BORG_CONFIG_DIR
364 Defaults to $BORG_BASE_DIR/.config/borg. If BORG_BASE_DIR
365 is not explicitly set while XDG env var XDG_CONFIG_HOME
366 is set, then $XDG_CONFIG_HOME/borg is being used instead.
367 This directory contains all borg configuration directo‐
368 ries, see the FAQ for a security advisory about the data
369 in this directory: home_config_borg
370 BORG_SECURITY_DIR
372 Defaults to $BORG_CONFIG_DIR/security. This directory
373 contains information borg uses to track its usage of
374 NONCES ("numbers used once" - usually in encryption con‐
375 text) and other security relevant data.
376 BORG_KEYS_DIR
378 Defaults to $BORG_CONFIG_DIR/keys. This directory con‐
379 tains keys for encrypted repositories.
380 BORG_KEY_FILE
382 When set, use the given filename as repository key file.
383 TMPDIR This is where temporary files are stored (might need a
385 lot of temporary space for some operations), see tempfile
386 for details.
387 Building:
389 BORG_OPENSSL_PREFIX
391 Adds given OpenSSL header file directory to the default
392 locations (setup.py).
393 BORG_LIBLZ4_PREFIX
395 Adds given prefix directory to the default locations. If
396 a 'include/lz4.h' is found Borg will be linked against
397 the system liblz4 instead of a bundled implementation.
398 (setup.py)
399 BORG_LIBB2_PREFIX
401 Adds given prefix directory to the default locations. If
402 a 'include/blake2.h' is found Borg will be linked against
403 the system libb2 instead of a bundled implementation.
404 (setup.py)
405 BORG_LIBZSTD_PREFIX
407 Adds given prefix directory to the default locations. If
408 a 'include/zstd.h' is found Borg will be linked against
409 the system libzstd instead of a bundled implementation.
410 (setup.py)
411 Please note:
413 • Be very careful when using the "yes" sayers, the warnings with prompt
415 exist for your / your data's security/safety.
416 • Also be very careful when putting your passphrase into a script, make
418 sure it has appropriate file permissions (e.g. mode 600, root:root).
419 File systems
421 We strongly recommend against using Borg (or any other database-like
422 software) on non-journaling file systems like FAT, since it is not pos‐
423 sible to assume any consistency in case of power failures (or a sudden
424 disconnect of an external drive or similar failures).
425 While Borg uses a data store that is resilient against these failures
427 when used on journaling file systems, it is not possible to guarantee
428 this with some hardware -- independent of the software used. We don't
429 know a list of affected hardware.
430 If you are suspicious whether your Borg repository is still consistent
432 and readable after one of the failures mentioned above occurred, run
433 borg check --verify-data to make sure it is consistent.
434 Requirements for Borg repository file systems
436 • Long file names
438 • At least three directory levels with short names
440 • Typically, file sizes up to a few hundred MB. Large repositories may
442 require large files (>2 GB).
443 • Up to 1000 files per directory (10000 for repositories initialized
445 with Borg 1.0)
446 • mkdir(2) should be atomic, since it is used for locking
448 • Hardlinks are needed for borg_upgrade (if --inplace option is not
450 used). Also hardlinks are used for more safe and secure file updat‐
451 ing (e.g. of the repo config file), but the code tries to work also
452 if hardlinks are not supported.
453 Units
455 To display quantities, Borg takes care of respecting the usual conven‐
456 tions of scale. Disk sizes are displayed in decimal, using powers of
457 ten (so kB means 1000 bytes). For memory usage, binary prefixes are
458 used, and are indicated using the IEC binary prefixes, using powers of
459 two (so KiB means 1024 bytes).
460 Date and Time
462 We format date and time conforming to ISO-8601, that is: YYYY-MM-DD and
463 HH:MM:SS (24h clock).
464 For more information about that, see: https://xkcd.com/1179/
466 Unless otherwise noted, we display local date and time. Internally, we
468 store and process date and time as UTC.
469 Resource Usage
471 Borg might use a lot of resources depending on the size of the data set
472 it is dealing with.
473 If one uses Borg in a client/server way (with a ssh: repository), the
475 resource usage occurs in part on the client and in another part on the
476 server.
477 If one uses Borg as a single process (with a filesystem repo), all the
479 resource usage occurs in that one process, so just add up client +
480 server to get the approximate resource usage.
481 CPU client:
483 • borg create: does chunking, hashing, compression, crypto (high
485 CPU usage)
486 • chunks cache sync: quite heavy on CPU, doing lots of hashtable
488 operations.
489 • borg extract: crypto, decompression (medium to high CPU usage)
491 • borg check: similar to extract, but depends on options given.
493 • borg prune / borg delete archive: low to medium CPU usage
495 • borg delete repo: done on the server
497 It won't go beyond 100% of 1 core as the code is currently sin‐
499 gle-threaded. Especially higher zlib and lzma compression lev‐
500 els use significant amounts of CPU cycles. Crypto might be cheap
501 on the CPU (if hardware accelerated) or expensive (if not).
502 CPU server:
504 It usually doesn't need much CPU, it just deals with the
505 key/value store (repository) and uses the repository index for
506 that.
507 borg check: the repository check computes the checksums of all
509 chunks (medium CPU usage) borg delete repo: low CPU usage
510 CPU (only for client/server operation):
512 When using borg in a client/server way with a ssh:-type repo,
513 the ssh processes used for the transport layer will need some
514 CPU on the client and on the server due to the crypto they are
515 doing - esp. if you are pumping big amounts of data.
516 Memory (RAM) client:
518 The chunks index and the files index are read into memory for
519 performance reasons. Might need big amounts of memory (see be‐
520 low). Compression, esp. lzma compression with high levels might
521 need substantial amounts of memory.
522 Memory (RAM) server:
524 The server process will load the repository index into memory.
525 Might need considerable amounts of memory, but less than on the
526 client (see below).
527 Chunks index (client only):
529 Proportional to the amount of data chunks in your repo. Lots of
530 chunks in your repo imply a big chunks index. It is possible to
531 tweak the chunker params (see create options).
532 Files index (client only):
534 Proportional to the amount of files in your last backups. Can be
535 switched off (see create options), but next backup might be much
536 slower if you do. The speed benefit of using the files cache is
537 proportional to file size.
538 Repository index (server only):
540 Proportional to the amount of data chunks in your repo. Lots of
541 chunks in your repo imply a big repository index. It is possi‐
542 ble to tweak the chunker params (see create options) to influ‐
543 ence the amount of chunks being created.
544 Temporary files (client):
546 Reading data and metadata from a FUSE mounted repository will
547 consume up to the size of all deduplicated, small chunks in the
548 repository. Big chunks won't be locally cached.
549 Temporary files (server):
551 A non-trivial amount of data will be stored on the remote temp
552 directory for each client that connects to it. For some remotes,
553 this can fill the default temporary directory at /tmp. This can
554 be remediated by ensuring the $TMPDIR, $TEMP, or $TMP environ‐
555 ment variable is properly set for the sshd process. For some
556 OSes, this can be done just by setting the correct value in the
557 .bashrc (or equivalent login config file for other shells), how‐
558 ever in other cases it may be necessary to first enable Permi‐
559 tUserEnvironment yes in your sshd_config file, then add environ‐
560 ment="TMPDIR=/my/big/tmpdir" at the start of the public key to
561 be used in the authorized_hosts file.
562 Cache files (client only):
564 Contains the chunks index and files index (plus a collection of
565 single- archive chunk indexes which might need huge amounts of
566 disk space, depending on archive count and size - see FAQ about
567 how to reduce).
568 Network (only for client/server operation):
570 If your repository is remote, all deduplicated (and optionally
571 compressed/ encrypted) data of course has to go over the connec‐
572 tion (ssh:// repo url). If you use a locally mounted network
573 filesystem, additionally some copy operations used for transac‐
574 tion support also go over the connection. If you backup multiple
575 sources to one target repository, additional traffic happens for
576 cache resynchronization.
577 Support for file metadata
579 Besides regular file and directory structures, Borg can preserve
580 • symlinks (stored as symlink, the symlink is not followed)
582 • special files:
584 • character and block device files (restored via mknod)
586 • FIFOs ("named pipes")
588 • special file contents can be backed up in --read-special mode. By
590 default the metadata to create them with mknod(2), mkfifo(2) etc.
591 is stored.
592 • hardlinked regular files, devices, FIFOs (considering all items in
594 the same archive)
595 • timestamps in nanosecond precision: mtime, atime, ctime
597 • other timestamps: birthtime (on platforms supporting it)
599 • permissions:
601 • IDs of owning user and owning group
603 • names of owning user and owning group (if the IDs can be resolved)
605 • Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
607 On some platforms additional features are supported:
609 ┌─────────────────┬──────────┬───────────┬───────────┐
614 │Platform │ ACLs [5] │ xattr [6] │ Flags [7] │
615 ├─────────────────┼──────────┼───────────┼───────────┤
616 │Linux │ Yes │ Yes │ Yes [1] │
617 ├─────────────────┼──────────┼───────────┼───────────┤
618 │Mac OS X │ Yes │ Yes │ Yes (all) │
619 ├─────────────────┼──────────┼───────────┼───────────┤
620 │FreeBSD │ Yes │ Yes │ Yes (all) │
621 ├─────────────────┼──────────┼───────────┼───────────┤
622 │OpenBSD │ n/a │ n/a │ Yes (all) │
623 ├─────────────────┼──────────┼───────────┼───────────┤
624 │NetBSD │ n/a │ No [2] │ Yes (all) │
625 ├─────────────────┼──────────┼───────────┼───────────┤
626 │Solaris and de‐ │ No [3] │ No [3] │ n/a │
627 │rivatives │ │ │ │
628 ├─────────────────┼──────────┼───────────┼───────────┤
629 │Windows (cygwin) │ No [4] │ No │ No │
630 └─────────────────┴──────────┴───────────┴───────────┘
631 Other Unix-like operating systems may work as well, but have not been
633 tested at all.
634 Note that most of the platform-dependent features also depend on the
636 file system. For example, ntfs-3g on Linux isn't able to convey NTFS
637 ACLs.
638 [1] Only "nodump", "immutable", "compressed" and "append" are sup‐
640 ported. Feature request #618 for more flags.
641 [2] Feature request #1332
643 [3] Feature request #1337
645 [4] Cygwin tries to map NTFS ACLs to permissions with varying degrees
647 of success.
648 [5] The native access control list mechanism of the OS. This normally
650 limits access to non-native ACLs. For example, NTFS ACLs aren't
651 completely accessible on Linux with ntfs-3g.
652 [6] extended attributes; key-value pairs attached to a file, mainly
654 used by the OS. This includes resource forks on Mac OS X.
655 [7] aka BSD flags. The Linux set of flags [1] is portable across plat‐
657 forms. The BSDs define additional flags.
658 In case you are interested in more details (like formulas), please
660 see internals. For details on the available JSON output, refer to
661 json_output.
662 Common options
664 All Borg commands share these options:
665 -h, --help
667 show this help message and exit
668 --critical
670 work on log level CRITICAL
671 --error
673 work on log level ERROR
674 --warning
676 work on log level WARNING (default)
677 --info, -v, --verbose
679 work on log level INFO
680 --debug
682 enable debug output, work on log level DEBUG
683 --debug-topic TOPIC
685 enable TOPIC debugging (can be specified multiple times). The
686 logger path is borg.debug.<TOPIC> if TOPIC is not fully quali‐
687 fied.
688 -p, --progress
690 show progress information
691 --log-json
693 Output one JSON object per log line instead of formatted text.
694 --lock-wait SECONDS
696 wait at most SECONDS for acquiring a repository/cache lock (de‐
697 fault: 1).
698 --bypass-lock
700 Bypass locking mechanism
701 --show-version
703 show/log the borg version
704 --show-rc
706 show/log the return code (rc)
707 --umask M
709 set umask to M (local and remote, default: 0077)
710 --remote-path PATH
712 use PATH as borg executable on the remote (default: "borg")
713 --remote-ratelimit RATE
715 set remote network upload rate limit in kiByte/s (default: 0=un‐
716 limited)
717 --consider-part-files
719 treat part files like normal files (e.g. to list/extract them)
720 --debug-profile FILE
722 Write execution profile in Borg format into FILE. For local use
723 a Python-compatible file can be generated by suffixing FILE with
724 ".pyprof".
725 --rsh RSH
727 Use this command to connect to the 'borg serve' process (de‐
728 fault: 'ssh')
729 Option --bypass-lock allows you to access the repository while bypass‐
731 ing borg's locking mechanism. This is necessary if your repository is
732 on a read-only storage where you don't have write permissions or capa‐
733 bilities and therefore cannot create a lock. Examples are repositories
734 stored on a Bluray disc or a read-only network storage. Avoid this op‐
735 tion if you are able to use locks as that is the safer way; see the
736 warning below.
737 WARNING:
739 If you do use --bypass-lock, you are responsible to ensure that no
740 other borg instances have write access to the repository. Otherwise,
741 you might experience errors and read broken data if changes to that
742 repository are being made at the same time.
743 Examples
745 # Create an archive and log: borg version, files list, return code
746 $ borg create --show-version --list --show-rc /path/to/repo::my-files files
747
749 borg [common options] init [options] [REPOSITORY]
750 Description
752 This command initializes an empty repository. A repository is a
753 filesystem directory containing the deduplicated data from zero or more
754 archives.
755 Encryption can be enabled at repository init time. It cannot be changed
757 later.
758 It is not recommended to work without encryption. Repository encryption
760 protects you e.g. against the case that an attacker has access to your
761 backup repository.
762 Borg relies on randomly generated key material and uses that for chunk‐
764 ing, id generation, encryption and authentication. The key material is
765 encrypted using the passphrase you give before it is stored on-disk.
766 You need to be careful with the key / the passphrase:
768 If you want "passphrase-only" security, use one of the repokey modes.
770 The key will be stored inside the repository (in its "config" file). In
771 above mentioned attack scenario, the attacker will have the key (but
772 not the passphrase).
773 If you want "passphrase and having-the-key" security, use one of the
775 keyfile modes. The key will be stored in your home directory (in .con‐
776 fig/borg/keys). In the attack scenario, the attacker who has just ac‐
777 cess to your repo won't have the key (and also not the passphrase).
778 Make a backup copy of the key file (keyfile mode) or repo config file
780 (repokey mode) and keep it at a safe place, so you still have the key
781 in case it gets corrupted or lost. Also keep the passphrase at a safe
782 place. The backup that is encrypted with that key won't help you with
783 that, of course.
784 Make sure you use a good passphrase. Not too short, not too simple. The
786 real encryption / decryption key is encrypted with / locked by your
787 passphrase. If an attacker gets your key, he can't unlock and use it
788 without knowing the passphrase.
789 Be careful with special or non-ascii characters in your passphrase:
791 • Borg processes the passphrase as unicode (and encodes it as utf-8),
793 so it does not have problems dealing with even the strangest charac‐
794 ters.
795 • BUT: that does not necessarily apply to your OS / VM / keyboard con‐
797 figuration.
798 So better use a long passphrase made from simple ascii chars than one
800 that includes non-ascii stuff or characters that are hard/impossible to
801 enter on a different keyboard layout.
802 You can change your passphrase for existing repos at any time, it won't
804 affect the encryption/decryption key or other secrets.
805 Encryption modes
807 You can choose from the encryption modes seen in the table below on a
808 per-repo basis. The mode determines encryption algorithm, hash/MAC al‐
809 gorithm and also the key storage location.
810 Example: borg init --encryption repokey ...
812 ┌─────────┬──────────────────┬──────────────────┬──────────────────┐
814 │Hash/MAC │ Not encrypted no │ Not encrypted, │ Encrypted (AEAD │
815 │ │ auth │ but authenti‐ │ w/ AES) and au‐ │
816 │ │ │ cated │ thenticated │
817 ├─────────┼──────────────────┼──────────────────┼──────────────────┤
818 │SHA-256 │ none │ authenticated │ repokey keyfile │
819 ├─────────┼──────────────────┼──────────────────┼──────────────────┤
820 │BLAKE2b │ n/a │ authenti‐ │ repokey-blake2 │
821 │ │ │ cated-blake2 │ keyfile-blake2 │
822 └─────────┴──────────────────┴──────────────────┴──────────────────┘
823 Modes marked like this in the above table are new in Borg 1.1 and are
825 not backwards-compatible with Borg 1.0.x.
826 On modern Intel/AMD CPUs (except very cheap ones), AES is usually hard‐
828 ware-accelerated. BLAKE2b is faster than SHA256 on Intel/AMD 64-bit
829 CPUs (except AMD Ryzen and future CPUs with SHA extensions), which
830 makes authenticated-blake2 faster than none and authenticated.
831 On modern ARM CPUs, NEON provides hardware acceleration for SHA256 mak‐
833 ing it faster than BLAKE2b-256 there. NEON accelerates AES as well.
834 Hardware acceleration is always used automatically when available.
836 repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for
838 authentication in an encrypt-then-MAC (EtM) construction. The chunk ID
839 hash is HMAC-SHA256 as well (with a separate key). These modes are
840 compatible with Borg 1.0.x.
841 repokey-blake2 and keyfile-blake2 are also authenticated encryption
843 modes, but use BLAKE2b-256 instead of HMAC-SHA256 for authentication.
844 The chunk ID hash is a keyed BLAKE2b-256 hash. These modes are new and
845 not compatible with Borg 1.0.x.
846 authenticated mode uses no encryption, but authenticates repository
848 contents through the same HMAC-SHA256 hash as the repokey and keyfile
849 modes (it uses it as the chunk ID hash). The key is stored like re‐
850 pokey. This mode is new and not compatible with Borg 1.0.x.
851 authenticated-blake2 is like authenticated, but uses the keyed
853 BLAKE2b-256 hash from the other blake2 modes. This mode is new and not
854 compatible with Borg 1.0.x.
855 none mode uses no encryption and no authentication. It uses SHA256 as
857 chunk ID hash. This mode is not recommended, you should rather consider
858 using an authenticated or authenticated/encrypted mode. This mode has
859 possible denial-of-service issues when running borg create on contents
860 controlled by an attacker. Use it only for new repositories where no
861 encryption is wanted and when compatibility with 1.0.x is important. If
862 compatibility with 1.0.x is not important, use authenticated-blake2 or
863 authenticated instead. This mode is compatible with Borg 1.0.x.
864 Examples
866 # Local repository, repokey encryption, BLAKE2b (often faster, since Borg 1.1)
867 $ borg init --encryption=repokey-blake2 /path/to/repo
868 # Local repository (no encryption)
870 $ borg init --encryption=none /path/to/repo
871 # Remote repository (accesses a remote borg via ssh)
873 # repokey: stores the (encrypted) key into <REPO_DIR>/config
874 $ borg init --encryption=repokey-blake2 user@hostname:backup
875 # Remote repository (accesses a remote borg via ssh)
877 # keyfile: stores the (encrypted) key into ~/.config/borg/keys/
878 $ borg init --encryption=keyfile user@hostname:backup
879
881 borg [common options] create [options] ARCHIVE [PATH...]
882 Description
884 This command creates a backup archive containing all files found while
885 recursively traversing all paths specified. Paths are added to the ar‐
886 chive as they are given, that means if relative paths are desired, the
887 command has to be run from the correct directory.
888 When giving '-' as path, borg will read data from standard input and
890 create a file 'stdin' in the created archive from that data. See sec‐
891 tion Reading from stdin below for details.
892 The archive will consume almost no disk space for files or parts of
894 files that have already been stored in other archives.
895 The archive name needs to be unique. It must not end in '.checkpoint'
897 or '.checkpoint.N' (with N being a number), because these names are
898 used for checkpoints and treated in special ways.
899 In the archive name, you may use the following placeholders: {now},
901 {utcnow}, {fqdn}, {hostname}, {user} and some others.
902 Backup speed is increased by not reprocessing files that are already
904 part of existing archives and weren't modified. The detection of unmod‐
905 ified files is done by comparing multiple file metadata values with
906 previous values kept in the files cache.
907 This comparison can operate in different modes as given by
909 --files-cache:
910 • ctime,size,inode (default)
912 • mtime,size,inode (default behaviour of borg versions older than
914 1.1.0rc4)
915 • ctime,size (ignore the inode number)
917 • mtime,size (ignore the inode number)
919 • rechunk,ctime (all files are considered modified - rechunk, cache
921 ctime)
922 • rechunk,mtime (all files are considered modified - rechunk, cache
924 mtime)
925 • disabled (disable the files cache, all files considered modified -
927 rechunk)
928 inode number: better safety, but often unstable on network filesystems
930 Normally, detecting file modifications will take inode information into
932 consideration to improve the reliability of file change detection.
933 This is problematic for files located on sshfs and similar network file
934 systems which do not provide stable inode numbers, such files will al‐
935 ways be considered modified. You can use modes without inode in this
936 case to improve performance, but reliability of change detection might
937 be reduced.
938 ctime vs. mtime: safety vs. speed
940 • ctime is a rather safe way to detect changes to a file (metadata and
942 contents) as it can not be set from userspace. But, a metadata-only
943 change will already update the ctime, so there might be some unneces‐
944 sary chunking/hashing even without content changes. Some filesystems
945 do not support ctime (change time). E.g. doing a chown or chmod to a
946 file will change its ctime.
947 • mtime usually works and only updates if file contents were changed.
949 But mtime can be arbitrarily set from userspace, e.g. to set mtime
950 back to the same value it had before a content change happened. This
951 can be used maliciously as well as well-meant, but in both cases
952 mtime based cache modes can be problematic.
953 The mount points of filesystems or filesystem snapshots should be the
955 same for every creation of a new archive to ensure fast operation. This
956 is because the file cache that is used to determine changed files
957 quickly uses absolute filenames. If this is not possible, consider
958 creating a bind mount to a stable location.
959 The --progress option shows (from left to right) Original, Compressed
961 and Deduplicated (O, C and D, respectively), then the Number of files
962 (N) processed so far, followed by the currently processed path.
963 When using --stats, you will get some statistics about how much data
965 was added - the "This Archive" deduplicated size there is most inter‐
966 esting as that is how much your repository will grow. Please note that
967 the "All archives" stats refer to the state after creation. Also, the
968 --stats and --dry-run options are mutually exclusive because the data
969 is not actually compressed and deduplicated during a dry run.
970 See the output of the "borg help patterns" command for more help on ex‐
972 clude patterns.
973 See the output of the "borg help placeholders" command for more help on
975 placeholders.
976 The --exclude patterns are not like tar. In tar --exclude .bundler/gems
978 will exclude foo/.bundler/gems. In borg it will not, you need to use
979 --exclude '*/.bundler/gems' to get the same effect. See borg help pat‐
980 terns for more information.
981 In addition to using --exclude patterns, it is possible to use --ex‐
983 clude-if-present to specify the name of a filesystem object (e.g. a
984 file or folder name) which, when contained within another folder, will
985 prevent the containing folder from being backed up. By default, the
986 containing folder and all of its contents will be omitted from the
987 backup. If, however, you wish to only include the objects specified by
988 --exclude-if-present in your backup, and not include any other contents
989 of the containing folder, this can be enabled through using the
990 --keep-exclude-tags option.
991 The -x or --one-file-system option excludes directories, that are
993 mountpoints (and everything in them). It detects mountpoints by com‐
994 paring the device number from the output of stat() of the directory and
995 its parent directory. Specifically, it excludes directories for which
996 stat() reports a device number different from the device number of
997 their parent. Be aware that in Linux (and possibly elsewhere) there are
998 directories with device number different from their parent, which the
999 kernel does not consider a mountpoint and also the other way around.
1000 Examples are bind mounts (possibly same device number, but always a
1001 mountpoint) and ALL subvolumes of a btrfs (different device number from
1002 parent but not necessarily a mountpoint). Therefore when using
1003 --one-file-system, one should make doubly sure that the backup works as
1004 intended especially when using btrfs. This is even more important, if
1005 the btrfs layout was created by someone else, e.g. a distribution in‐
1006 staller.
1007 Item flags
1009 --list outputs a list of all files, directories and other file system
1010 items it considered (no matter whether they had content changes or
1011 not). For each item, it prefixes a single-letter flag that indicates
1012 type and/or status of the item.
1013 If you are interested only in a subset of that output, you can give
1015 e.g. --filter=AME and it will only show regular files with A, M or E
1016 status (see below).
1017 A uppercase character represents the status of a regular file relative
1019 to the "files" cache (not relative to the repo -- this is an issue if
1020 the files cache is not used). Metadata is stored in any case and for
1021 'A' and 'M' also new data chunks are stored. For 'U' all data chunks
1022 refer to already existing chunks.
1023 • 'A' = regular file, added (see also a_status_oddity in the FAQ)
1025 • 'M' = regular file, modified
1027 • 'U' = regular file, unchanged
1029 • 'E' = regular file, an error happened while accessing/reading this
1031 file
1032 A lowercase character means a file type other than a regular file, borg
1034 usually just stores their metadata:
1035 • 'd' = directory
1037 • 'b' = block device
1039 • 'c' = char device
1041 • 'h' = regular file, hardlink (to already seen inodes)
1043 • 's' = symlink
1045 • 'f' = fifo
1047 Other flags used include:
1049 • 'i' = backup data was read from standard input (stdin)
1051 • '-' = dry run, item was not backed up
1053 • 'x' = excluded, item was not backed up
1055 • '?' = missing status code (if you see this, please file a bug re‐
1057 port!)
1058 Reading from stdin
1060 To read from stdin, specify - as path and pipe directly to borg:
1061 backup-vm --id myvm --stdout | borg create REPO::ARCHIVE -
1063 Note that piping to borg creates an archive even if the command piping
1065 to borg exits with a failure. In this case, one can end up with trun‐
1066 cated output being backed up.
1067 Reading from stdin yields just a stream of data without file metadata
1069 associated with it, and the files cache is not needed at all. So it is
1070 safe to disable it via --no-files-cache and speed up backup creation a
1071 bit.
1072 By default, the content read from stdin is stored in a file called
1074 'stdin'. Use --stdin-name to change the name.
1075 Examples
1077 # Backup ~/Documents into an archive named "my-documents"
1078 $ borg create /path/to/repo::my-documents ~/Documents
1079 # same, but list all files as we process them
1081 $ borg create --list /path/to/repo::my-documents ~/Documents
1082 # Backup ~/Documents and ~/src but exclude pyc files
1084 $ borg create /path/to/repo::my-files \
1085 ~/Documents \
1086 ~/src \
1087 --exclude '*.pyc'
1088 # Backup home directories excluding image thumbnails (i.e. only
1090 # /home/<one directory>/.thumbnails is excluded, not /home/*/*/.thumbnails etc.)
1091 $ borg create /path/to/repo::my-files /home \
1092 --exclude 'sh:/home/*/.thumbnails'
1093 # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
1095 # use zlib compression (good, but slow) - default is lz4 (fast, low compression ratio)
1096 $ borg create -C zlib,6 --one-file-system /path/to/repo::root-{now:%Y-%m-%d} /
1097 # Backup a remote host locally ("pull" style) using sshfs
1099 $ mkdir sshfs-mount
1100 $ sshfs root@example.com:/ sshfs-mount
1101 $ cd sshfs-mount
1102 $ borg create /path/to/repo::example.com-root-{now:%Y-%m-%d} .
1103 $ cd ..
1104 $ fusermount -u sshfs-mount
1105 # Make a big effort in fine granular deduplication (big chunk management
1107 # overhead, needs a lot of RAM and disk space, see formula in internals
1108 # docs - same parameters as borg < 1.0 or attic):
1109 $ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff
1110 # Backup a raw device (must not be active/in use/mounted at that time)
1112 $ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -
1113 # No compression (none)
1115 $ borg create --compression none /path/to/repo::arch ~
1116 # Super fast, low compression (lz4, default)
1118 $ borg create /path/to/repo::arch ~
1119 # Less fast, higher compression (zlib, N = 0..9)
1121 $ borg create --compression zlib,N /path/to/repo::arch ~
1122 # Even slower, even higher compression (lzma, N = 0..9)
1124 $ borg create --compression lzma,N /path/to/repo::arch ~
1125 # Only compress compressible data with lzma,N (N = 0..9)
1127 $ borg create --compression auto,lzma,N /path/to/repo::arch ~
1128 # Use short hostname, user name and current time in archive name
1130 $ borg create /path/to/repo::{hostname}-{user}-{now} ~
1131 # Similar, use the same datetime format that is default as of borg 1.1
1132 $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
1133 # As above, but add nanoseconds
1134 $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~
1135 # Backing up relative paths by moving into the correct directory first
1137 $ cd /home/user/Documents
1138 # The root directory of the archive will be "projectA"
1139 $ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA
1140
1142 borg [common options] extract [options] ARCHIVE [PATH...]
1143 Description
1145 This command extracts the contents of an archive. By default the entire
1146 archive is extracted but a subset of files and directories can be se‐
1147 lected by passing a list of PATHs as arguments. The file selection can
1148 further be restricted by using the --exclude option.
1149 See the output of the "borg help patterns" command for more help on ex‐
1151 clude patterns.
1152 By using --dry-run, you can do all extraction steps except actually
1154 writing the output data: reading metadata and data chunks from the
1155 repo, checking the hash/hmac, decrypting, decompressing.
1156 --progress can be slower than no progress display, since it makes one
1158 additional pass over the archive metadata.
1159 NOTE:
1161 Currently, extract always writes into the current working directory
1162 ("."), so make sure you cd to the right place before calling borg
1163 extract.
1164 Examples
1166 # Extract entire archive
1167 $ borg extract /path/to/repo::my-files
1168 # Extract entire archive and list files while processing
1170 $ borg extract --list /path/to/repo::my-files
1171 # Verify whether an archive could be successfully extracted, but do not write files to disk
1173 $ borg extract --dry-run /path/to/repo::my-files
1174 # Extract the "src" directory
1176 $ borg extract /path/to/repo::my-files home/USERNAME/src
1177 # Extract the "src" directory but exclude object files
1179 $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'
1180 # Restore a raw device (must not be active/in use/mounted at that time)
1182 $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M
1183
1185 borg [common options] check [options] [REPOSITORY_OR_ARCHIVE]
1186 Description
1188 The check command verifies the consistency of a repository and the cor‐
1189 responding archives.
1190 check --repair is a potentially dangerous function and might lead to
1192 data loss (for kinds of corruption it is not capable of dealing with).
1193 BE VERY CAREFUL!
1194 Pursuant to the previous warning it is also highly recommended to test
1196 the reliability of the hardware running this software with stress test‐
1197 ing software such as memory testers. Unreliable hardware can also lead
1198 to data loss especially when this command is run in repair mode.
1199 First, the underlying repository data files are checked:
1201 • For all segments, the segment magic header is checked.
1203 • For all objects stored in the segments, all metadata (e.g. CRC and
1205 size) and all data is read. The read data is checked by size and CRC.
1206 Bit rot and other types of accidental damage can be detected this
1207 way.
1208 • In repair mode, if an integrity error is detected in a segment, try
1210 to recover as many objects from the segment as possible.
1211 • In repair mode, make sure that the index is consistent with the data
1213 stored in the segments.
1214 • If checking a remote repo via ssh:, the repo check is executed on the
1216 server without causing significant network traffic.
1217 • The repository check can be skipped using the --archives-only option.
1219 Second, the consistency and correctness of the archive metadata is ver‐
1221 ified:
1222 • Is the repo manifest present? If not, it is rebuilt from archive
1224 metadata chunks (this requires reading and decrypting of all metadata
1225 and data).
1226 • Check if archive metadata chunk is present; if not, remove archive
1228 from manifest.
1229 • For all files (items) in the archive, for all chunks referenced by
1231 these files, check if chunk is present. In repair mode, if a chunk is
1232 not present, replace it with a same-size replacement chunk of zeroes.
1233 If a previously lost chunk reappears (e.g. via a later backup), in
1234 repair mode the all-zero replacement chunk will be replaced by the
1235 correct chunk. This requires reading of archive and file metadata,
1236 but not data.
1237 • In repair mode, when all the archives were checked, orphaned chunks
1239 are deleted from the repo. One cause of orphaned chunks are input
1240 file related errors (like read errors) in the archive creation
1241 process.
1242 • In verify-data mode, a complete cryptographic verification of the ar‐
1244 chive data integrity is performed. This conflicts with --reposi‐
1245 tory-only as this mode only makes sense if the archive checks are en‐
1246 abled. The full details of this mode are documented below.
1247 • If checking a remote repo via ssh:, the archive check is executed on
1249 the client machine because it requires decryption, and this is always
1250 done client-side as key access is needed.
1251 • The archive checks can be time consuming; they can be skipped using
1253 the --repository-only option.
1254 The --verify-data option will perform a full integrity verification (as
1256 opposed to checking the CRC32 of the segment) of data, which means
1257 reading the data from the repository, decrypting and decompressing it.
1258 This is a cryptographic verification, which will detect (accidental)
1259 corruption. For encrypted repositories it is tamper-resistant as well,
1260 unless the attacker has access to the keys. It is also very slow.
1261
1263 borg [common options] rename [options] ARCHIVE NEWNAME
1264 Description
1266 This command renames an archive in the repository.
1267 This results in a different archive ID.
1269 Examples
1271 $ borg create /path/to/repo::archivename ~
1272 $ borg list /path/to/repo
1273 archivename Mon, 2016-02-15 19:50:19
1274 $ borg rename /path/to/repo::archivename newname
1276 $ borg list /path/to/repo
1277 newname Mon, 2016-02-15 19:50:19
1278
1280 borg [common options] list [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1281 Description
1283 This command lists the contents of a repository or an archive.
1284 See the "borg help patterns" command for more help on exclude patterns.
1286 The following keys are available for --format:
1288 • NEWLINE: OS dependent line separator
1290 • NL: alias of NEWLINE
1292 • NUL: NUL character for creating print0 / xargs -0 like output, see
1294 barchive/bpath
1295 • SPACE
1297 • TAB
1299 • CR
1301 • LF
1303 Keys for listing repository archives:
1305 • archive: archive name interpreted as text (might be missing non-text
1307 characters, see barchive)
1308 • name: alias of "archive"
1310 • barchive: verbatim archive name, can contain any character except NUL
1312 • comment: archive comment interpreted as text (might be missing
1314 non-text characters, see bcomment)
1315 • bcomment: verbatim archive comment, can contain any character except
1317 NUL
1318 • id: internal ID of the archive
1320 • start: time (start) of creation of the archive
1322 • time: alias of "start"
1324 • end: time (end) of creation of the archive
1326 • hostname: hostname of host on which this archive was created
1328 • username: username of user who created this archive
1330 Keys for listing archive files:
1332 • type
1334 • mode
1336 • uid
1338 • gid
1340 • user
1342 • group
1344 • path: path interpreted as text (might be missing non-text characters,
1346 see bpath)
1347 • bpath: verbatim POSIX path, can contain any character except NUL
1349 • source: link target for links (identical to linktarget)
1351 • linktarget
1353 • flags
1355 • size
1357 • csize: compressed size
1359 • dsize: deduplicated size
1361 • dcsize: deduplicated compressed size
1363 • num_chunks: number of chunks in this file
1365 • unique_chunks: number of unique chunks in this file
1367 • mtime
1369 • ctime
1371 • atime
1373 • isomtime
1375 • isoctime
1377 • isoatime
1379 • blake2b
1381 • blake2s
1383 • md5
1385 • sha1
1387 • sha224
1389 • sha256
1391 • sha384
1393 • sha3_224
1395 • sha3_256
1397 • sha3_384
1399 • sha3_512
1401 • sha512
1403 • shake_128
1405 • shake_256
1407 • archiveid
1409 • archivename
1411 • extra: prepends {source} with " -> " for soft links and " link to "
1413 for hard links
1414 • health: either "healthy" (file ok) or "broken" (if file has all-zero
1416 replacement chunks)
1417 Examples
1419 $ borg list /path/to/repo
1420 Monday Mon, 2016-02-15 19:15:11
1421 repo Mon, 2016-02-15 19:26:54
1422 root-2016-02-15 Mon, 2016-02-15 19:36:29
1423 newname Mon, 2016-02-15 19:50:19
1424 ...
1425 $ borg list /path/to/repo::root-2016-02-15
1427 drwxr-xr-x root root 0 Mon, 2016-02-15 17:44:27 .
1428 drwxrwxr-x root root 0 Mon, 2016-02-15 19:04:49 bin
1429 -rwxr-xr-x root root 1029624 Thu, 2014-11-13 00:08:51 bin/bash
1430 lrwxrwxrwx root root 0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1431 -rwxr-xr-x root root 2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1432 ...
1433 $ borg list /path/to/repo::root-2016-02-15 --pattern "- bin/ba*"
1435 drwxr-xr-x root root 0 Mon, 2016-02-15 17:44:27 .
1436 drwxrwxr-x root root 0 Mon, 2016-02-15 19:04:49 bin
1437 lrwxrwxrwx root root 0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1438 -rwxr-xr-x root root 2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1439 ...
1440 $ borg list /path/to/repo::archiveA --format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
1442 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 .
1443 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 code
1444 drwxrwxr-x user user 0 Sun, 2015-02-01 11:00:00 code/myproject
1445 -rw-rw-r-- user user 1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1446 ...
1447
1449 borg [common options] diff [options] REPO::ARCHIVE1 ARCHIVE2 [PATH...]
1450 Description
1452 This command finds differences (file contents, user/group/mode) between
1453 archives.
1454 A repository location and an archive name must be specified for
1456 REPO::ARCHIVE1. ARCHIVE2 is just another archive name in same reposi‐
1457 tory (no repository location allowed).
1458 For archives created with Borg 1.1 or newer diff automatically detects
1460 whether the archives are created with the same chunker params. If so,
1461 only chunk IDs are compared, which is very fast.
1462 For archives prior to Borg 1.1 chunk contents are compared by default.
1464 If you did not create the archives with different chunker params, pass
1465 --same-chunker-params. Note that the chunker params changed from Borg
1466 0.xx to 1.0.
1467 See the output of the "borg help patterns" command for more help on ex‐
1469 clude patterns.
1470 Examples
1472 $ borg init -e=none testrepo
1473 $ mkdir testdir
1474 $ cd testdir
1475 $ echo asdf > file1
1476 $ dd if=/dev/urandom bs=1M count=4 > file2
1477 $ touch file3
1478 $ borg create ../testrepo::archive1 .
1479 $ chmod a+x file1
1481 $ echo "something" >> file2
1482 $ borg create ../testrepo::archive2 .
1483 $ echo "testing 123" >> file1
1485 $ rm file3
1486 $ touch file4
1487 $ borg create ../testrepo::archive3 .
1488 $ cd ..
1490 $ borg diff testrepo::archive1 archive2
1491 [-rw-r--r-- -> -rwxr-xr-x] file1
1492 +135 B -252 B file2
1493 $ borg diff testrepo::archive2 archive3
1495 +17 B -5 B file1
1496 added 0 B file4
1497 removed 0 B file3
1498 $ borg diff testrepo::archive1 archive3
1500 +17 B -5 B [-rw-r--r-- -> -rwxr-xr-x] file1
1501 +135 B -252 B file2
1502 added 0 B file4
1503 removed 0 B file3
1504 $ borg diff --json-lines testrepo::archive1 archive3
1506 {"path": "file1", "changes": [{"type": "modified", "added": 17, "removed": 5}, {"type": "mode", "old_mode": "-rw-r--r--", "new_mode": "-rwxr-xr-x"}]}
1507 {"path": "file2", "changes": [{"type": "modified", "added": 135, "removed": 252}]}
1508 {"path": "file4", "changes": [{"type": "added", "size": 0}]}
1509 {"path": "file3", "changes": [{"type": "removed", "size": 0}]}
1510
1512 borg [common options] delete [options] [REPOSITORY_OR_ARCHIVE] [ARCHIVE...]
1513 Description
1515 This command deletes an archive from the repository or the complete
1516 repository. Disk space is reclaimed accordingly. If you delete the
1517 complete repository, the local cache for it (if any) is also deleted.
1518 When using --stats, you will get some statistics about how much data
1520 was deleted - the "Deleted data" deduplicated size there is most inter‐
1521 esting as that is how much your repository will shrink. Please note
1522 that the "All archives" stats refer to the state after deletion.
1523 Examples
1525 # delete a single backup archive:
1526 $ borg delete /path/to/repo::Monday
1527 # delete the whole repository and the related local cache:
1529 $ borg delete /path/to/repo
1530 You requested to completely DELETE the repository *including* all archives it contains:
1531 repo Mon, 2016-02-15 19:26:54
1532 root-2016-02-15 Mon, 2016-02-15 19:36:29
1533 newname Mon, 2016-02-15 19:50:19
1534 Type 'YES' if you understand this and want to continue: YES
1535
1537 borg [common options] prune [options] [REPOSITORY]
1538 Description
1540 The prune command prunes a repository by deleting all archives not
1541 matching any of the specified retention options. This command is nor‐
1542 mally used by automated backup scripts wanting to keep a certain number
1543 of historic backups.
1544 Also, prune automatically removes checkpoint archives (incomplete ar‐
1546 chives left behind by interrupted backup runs) except if the checkpoint
1547 is the latest archive (and thus still needed). Checkpoint archives are
1548 not considered when comparing archive counts against the retention lim‐
1549 its (--keep-X).
1550 If a prefix is set with -P, then only archives that start with the pre‐
1552 fix are considered for deletion and only those archives count towards
1553 the totals specified by the rules. Otherwise, all archives in the
1554 repository are candidates for deletion! There is no automatic distinc‐
1555 tion between archives representing different contents. These need to be
1556 distinguished by specifying matching prefixes.
1557 If you have multiple sequences of archives with different data sets
1559 (e.g. from different machines) in one shared repository, use one prune
1560 call per data set that matches only the respective archives using the
1561 -P option.
1562 The --keep-within option takes an argument of the form "<int><char>",
1564 where char is "H", "d", "w", "m", "y". For example, --keep-within 2d
1565 means to keep all archives that were created within the past 48 hours.
1566 "1m" is taken to mean "31d". The archives kept with this option do not
1567 count towards the totals specified by any other options.
1568 A good procedure is to thin out more and more the older your backups
1570 get. As an example, --keep-daily 7 means to keep the latest backup on
1571 each day, up to 7 most recent days with backups (days without backups
1572 do not count). The rules are applied from secondly to yearly, and
1573 backups selected by previous rules do not count towards those of later
1574 rules. The time that each backup starts is used for pruning purposes.
1575 Dates and times are interpreted in the local timezone, and weeks go
1576 from Monday to Sunday. Specifying a negative number of archives to keep
1577 means that there is no limit.
1578 The --keep-last N option is doing the same as --keep-secondly N (and it
1580 will keep the last N archives under the assumption that you do not cre‐
1581 ate more than one backup archive in the same second).
1582 When using --stats, you will get some statistics about how much data
1584 was deleted - the "Deleted data" deduplicated size there is most inter‐
1585 esting as that is how much your repository will shrink. Please note
1586 that the "All archives" stats refer to the state after pruning.
1587 Examples
1589 Be careful, prune is a potentially dangerous command, it will remove
1590 backup archives.
1591 The default of prune is to apply to all archives in the repository un‐
1593 less you restrict its operation to a subset of the archives using
1594 --prefix. When using --prefix, be careful to choose a good prefix -
1595 e.g. do not use a prefix "foo" if you do not also want to match "foo‐
1596 bar".
1597 It is strongly recommended to always run prune -v --list --dry-run ...
1599 first so you will see what it would do without it actually doing any‐
1600 thing.
1601 # Keep 7 end of day and 4 additional end of week archives.
1603 # Do a dry-run without actually deleting anything.
1604 $ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo
1605 # Same as above but only apply to archive names starting with the hostname
1607 # of the machine followed by a "-" character:
1608 $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --prefix='{hostname}-' /path/to/repo
1609 # Keep 7 end of day, 4 additional end of week archives,
1611 # and an end of month archive for every month:
1612 $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1613 # Keep all backups in the last 10 days, 4 additional end of week archives,
1615 # and an end of month archive for every month:
1616 $ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1617 There is also a visualized prune example in docs/misc/prune-exam‐
1619 ple.txt:
1620 borg prune visualized
1622 =====================
1623 Assume it is 2016-01-01, today's backup has not yet been made and you have
1625 created at least one backup on each day in 2015 except on 2015-12-19 (no
1626 backup made on that day).
1627 This is what borg prune --keep-daily 14 --keep-monthly 6 would keep.
1629 Backups kept by the --keep-daily rule are marked by a "d" to the right,
1631 backups kept by the --keep-monthly rule are marked by a "m" to the right.
1632 Calendar view
1634 -------------
1635 2015
1637 January February March
1638 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1639 1 2 3 4 1 1
1640 5 6 7 8 9 10 11 2 3 4 5 6 7 8 2 3 4 5 6 7 8
1641 12 13 14 15 16 17 18 9 10 11 12 13 14 15 9 10 11 12 13 14 15
1642 19 20 21 22 23 24 25 16 17 18 19 20 21 22 16 17 18 19 20 21 22
1643 26 27 28 29 30 31 23 24 25 26 27 28 23 24 25 26 27 28 29
1644 30 31
1645 April May June
1647 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1648 1 2 3 4 5 1 2 3 1 2 3 4 5 6 7
1649 6 7 8 9 10 11 12 4 5 6 7 8 9 10 8 9 10 11 12 13 14
1650 13 14 15 16 17 18 19 11 12 13 14 15 16 17 15 16 17 18 19 20 21
1651 20 21 22 23 24 25 26 18 19 20 21 22 23 24 22 23 24 25 26 27 28
1652 27 28 29 30 25 26 27 28 29 30 31 29 30m
1653 July August September
1656 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1657 1 2 3 4 5 1 2 1 2 3 4 5 6
1658 6 7 8 9 10 11 12 3 4 5 6 7 8 9 7 8 9 10 11 12 13
1659 13 14 15 16 17 18 19 10 11 12 13 14 15 16 14 15 16 17 18 19 20
1660 20 21 22 23 24 25 26 17 18 19 20 21 22 23 21 22 23 24 25 26 27
1661 27 28 29 30 31m 24 25 26 27 28 29 30 28 29 30m
1662 31m
1663 October November December
1665 Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su
1666 1 2 3 4 1 1 2 3 4 5 6
1667 5 6 7 8 9 10 11 2 3 4 5 6 7 8 7 8 9 10 11 12 13
1668 12 13 14 15 16 17 18 9 10 11 12 13 14 15 14 15 16 17d18d19 20d
1669 19 20 21 22 23 24 25 16 17 18 19 20 21 22 21d22d23d24d25d26d27d
1670 26 27 28 29 30 31m 23 24 25 26 27 28 29 28d29d30d31d
1671 30m
1672 List view
1674 ---------
1675 --keep-daily 14 --keep-monthly 6
1677 -------------------------------------------------
1678 1. 2015-12-31 (2015-12-31 kept by daily rule)
1679 2. 2015-12-30 1. 2015-11-30
1680 3. 2015-12-29 2. 2015-10-31
1681 4. 2015-12-28 3. 2015-09-30
1682 5. 2015-12-27 4. 2015-08-31
1683 6. 2015-12-26 5. 2015-07-31
1684 7. 2015-12-25 6. 2015-06-30
1685 8. 2015-12-24
1686 9. 2015-12-23
1687 10. 2015-12-22
1688 11. 2015-12-21
1689 12. 2015-12-20
1690 (no backup made on 2015-12-19)
1691 13. 2015-12-18
1692 14. 2015-12-17
1693 Notes
1696 -----
1697 2015-12-31 is kept due to the --keep-daily 14 rule (because it is applied
1699 first), not due to the --keep-monthly rule.
1700 Because of that, the --keep-monthly 6 rule keeps Nov, Oct, Sep, Aug, Jul and
1702 Jun. December is not considered for this rule, because that backup was already
1703 kept because of the daily rule.
1704 2015-12-17 is kept to satisfy the --keep-daily 14 rule - because no backup was
1706 made on 2015-12-19. If a backup had been made on that day, it would not keep
1707 the one from 2015-12-17.
1708 We did not include yearly, weekly, hourly, minutely or secondly rules to keep
1710 this example simple. They all work in basically the same way.
1711 The weekly rule is easy to understand roughly, but hard to understand in all
1713 details. If interested, read "ISO 8601:2000 standard week-based year".
1714
1717 borg [common options] info [options] [REPOSITORY_OR_ARCHIVE]
1718 Description
1720 This command displays detailed information about the specified archive
1721 or repository.
1722 Please note that the deduplicated sizes of the individual archives do
1724 not add up to the deduplicated size of the repository ("all archives"),
1725 because the two are meaning different things:
1726 This archive / deduplicated size = amount of data stored ONLY for this
1728 archive = unique chunks of this archive. All archives / deduplicated
1729 size = amount of data stored in the repo = all chunks in the reposi‐
1730 tory.
1731 Borg archives can only contain a limited amount of file metadata. The
1733 size of an archive relative to this limit depends on a number of fac‐
1734 tors, mainly the number of files, the lengths of paths and other meta‐
1735 data stored for files. This is shown as utilization of maximum sup‐
1736 ported archive size.
1737 Examples
1739 $ borg info /path/to/repo::2017-06-29T11:00-srv
1740 Archive name: 2017-06-29T11:00-srv
1741 Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1742 Comment:
1743 Hostname: myhostname
1744 Username: root
1745 Time (start): Thu, 2017-06-29 11:03:07
1746 Time (end): Thu, 2017-06-29 11:03:13
1747 Duration: 5.66 seconds
1748 Number of files: 17037
1749 Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1750 Utilization of max. archive size: 0%
1751 ------------------------------------------------------------------------------
1752 Original size Compressed size Deduplicated size
1753 This archive: 12.53 GB 12.49 GB 1.62 kB
1754 All archives: 121.82 TB 112.41 TB 215.42 GB
1755 Unique chunks Total chunks
1757 Chunk index: 1015213 626934122
1758 $ borg info /path/to/repo --last 1
1760 Archive name: 2017-06-29T11:00-srv
1761 Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
1762 Comment:
1763 Hostname: myhostname
1764 Username: root
1765 Time (start): Thu, 2017-06-29 11:03:07
1766 Time (end): Thu, 2017-06-29 11:03:13
1767 Duration: 5.66 seconds
1768 Number of files: 17037
1769 Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
1770 Utilization of max. archive size: 0%
1771 ------------------------------------------------------------------------------
1772 Original size Compressed size Deduplicated size
1773 This archive: 12.53 GB 12.49 GB 1.62 kB
1774 All archives: 121.82 TB 112.41 TB 215.42 GB
1775 Unique chunks Total chunks
1777 Chunk index: 1015213 626934122
1778 $ borg info /path/to/repo
1780 Repository ID: d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1781 Location: /path/to/repo
1782 Encrypted: Yes (repokey)
1783 Cache: /root/.cache/borg/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1784 Security dir: /root/.config/borg/security/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
1785 ------------------------------------------------------------------------------
1786 Original size Compressed size Deduplicated size
1787 All archives: 121.82 TB 112.41 TB 215.42 GB
1788 Unique chunks Total chunks
1790 Chunk index: 1015213 626934122
1791
1793 borg [common options] mount [options] REPOSITORY_OR_ARCHIVE MOUNTPOINT [PATH...]
1794 Description
1796 This command mounts an archive as a FUSE filesystem. This can be useful
1797 for browsing an archive or restoring individual files. Unless the
1798 --foreground option is given the command will run in the background un‐
1799 til the filesystem is umounted.
1800 The command borgfs provides a wrapper for borg mount. This can also be
1802 used in fstab entries: /path/to/repo /mnt/point fuse.borgfs de‐
1803 faults,noauto 0 0
1804 To allow a regular user to use fstab entries, add the user option:
1806 /path/to/repo /mnt/point fuse.borgfs defaults,noauto,user 0 0
1807 For FUSE configuration and mount options, see the mount.fuse(8) manual
1809 page.
1810 Additional mount options supported by borg:
1812 • versions: when used with a repository mount, this gives a merged,
1814 versioned view of the files in the archives. EXPERIMENTAL, layout may
1815 change in future.
1816 • allow_damaged_files: by default damaged files (where missing chunks
1818 were replaced with runs of zeros by borg check --repair) are not
1819 readable and return EIO (I/O error). Set this option to read such
1820 files.
1821 • ignore_permissions: for security reasons the "default_permissions"
1823 mount option is internally enforced by borg. "ignore_permissions" can
1824 be given to not enforce "default_permissions".
1825 The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is meant for ad‐
1827 vanced users to tweak the performance. It sets the number of cached
1828 data chunks; additional memory usage can be up to ~8 MiB times this
1829 number. The default is the number of CPU cores.
1830 When the daemonized process receives a signal or crashes, it does not
1832 unmount. Unmounting in these cases could cause an active rsync or sim‐
1833 ilar process to unintentionally delete data.
1834 When running in the foreground ^C/SIGINT unmounts cleanly, but other
1836 signals or crashes do not.
1837
1839 borg [common options] umount [options] MOUNTPOINT
1840 Description
1842 This command un-mounts a FUSE filesystem that was mounted with borg
1843 mount.
1844 This is a convenience wrapper that just calls the platform-specific
1846 shell command - usually this is either umount or fusermount -u.
1847 Examples
1849 # Mounting the repository shows all archives.
1850 # Archives are loaded lazily, expect some delay when navigating to an archive
1851 # for the first time.
1852 $ borg mount /path/to/repo /tmp/mymountpoint
1853 $ ls /tmp/mymountpoint
1854 root-2016-02-14 root-2016-02-15
1855 $ borg umount /tmp/mymountpoint
1856 # Mounting a specific archive is possible as well.
1858 $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
1859 $ ls /tmp/mymountpoint
1860 bin boot etc home lib lib64 lost+found media mnt opt
1861 root sbin srv tmp usr var
1862 $ borg umount /tmp/mymountpoint
1863 # The experimental "versions view" merges all archives in the repository
1865 # and provides a versioned view on files.
1866 $ borg mount -o versions /path/to/repo /tmp/mymountpoint
1867 $ ls -l /tmp/mymountpoint/home/user/doc.txt/
1868 total 24
1869 -rw-rw-r-- 1 user group 12357 Aug 26 21:19 doc.cda00bc9.txt
1870 -rw-rw-r-- 1 user group 12204 Aug 26 21:04 doc.fa760f28.txt
1871 $ borg umount /tmp/mymountpoint
1872 # Archive filters are supported.
1874 # These are especially handy for the "versions view",
1875 # which does not support lazy processing of archives.
1876 $ borg mount -o versions --glob-archives '*-my-home' --last 10 /path/to/repo /tmp/mymountpoint
1877 # Exclusion options are supported.
1879 # These can speed up mounting and lower memory needs significantly.
1880 $ borg mount /path/to/repo /tmp/mymountpoint only/that/path
1881 $ borg mount --exclude '...' /path/to/repo /tmp/mymountpoint
1882 borgfs
1884 $ echo '/mnt/backup /tmp/myrepo fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1885 $ echo '/mnt/backup::root-2016-02-15 /tmp/myarchive fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
1886 $ mount /tmp/myrepo
1887 $ mount /tmp/myarchive
1888 $ ls /tmp/myrepo
1889 root-2016-02-01 root-2016-02-2015
1890 $ ls /tmp/myarchive
1891 bin boot etc home lib lib64 lost+found media mnt opt root sbin srv tmp usr var
1892 NOTE:
1894 borgfs will be automatically provided if you used a distribution
1895 package, pip or setup.py to install Borg. Users of the standalone
1896 binary will have to manually create a symlink (see pyinstaller-bi‐
1897 nary).
1898
1900 borg [common options] key change-passphrase [options] [REPOSITORY]
1901 Description
1903 The key files used for repository encryption are optionally passphrase
1904 protected. This command can be used to change this passphrase.
1905 Please note that this command only changes the passphrase, but not any
1907 secret protected by it (like e.g. encryption/MAC keys or chunker seed).
1908 Thus, changing the passphrase after passphrase and borg key got compro‐
1909 mised does not protect future (nor past) backups to the same reposi‐
1910 tory.
1911 Examples
1913 # Create a key file protected repository
1914 $ borg init --encryption=keyfile -v /path/to/repo
1915 Initializing repository at "/path/to/repo"
1916 Enter new passphrase:
1917 Enter same passphrase again:
1918 Remember your passphrase. Your data will be inaccessible without it.
1919 Key in "/root/.config/borg/keys/mnt_backup" created.
1920 Keep this key safe. Your data will be inaccessible without it.
1921 Synchronizing chunks cache...
1922 Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
1923 Done.
1924 # Change key file passphrase
1926 $ borg key change-passphrase -v /path/to/repo
1927 Enter passphrase for key /root/.config/borg/keys/mnt_backup:
1928 Enter new passphrase:
1929 Enter same passphrase again:
1930 Remember your passphrase. Your data will be inaccessible without it.
1931 Key updated
1932 Fully automated using environment variables:
1934 $ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
1936 # now "old" is the current passphrase.
1937 $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
1938 # now "new" is the current passphrase.
1939
1941 borg [common options] key export [options] [REPOSITORY] [PATH]
1942 Description
1944 If repository encryption is used, the repository is inaccessible with‐
1945 out the key. This command allows to backup this essential key. Note
1946 that the backup produced does not include the passphrase itself (i.e.
1947 the exported key stays encrypted). In order to regain access to a
1948 repository, one needs both the exported key and the original
1949 passphrase.
1950 There are two backup formats. The normal backup format is suitable for
1952 digital storage as a file. The --paper backup format is optimized for
1953 printing and typing in while importing, with per line checks to reduce
1954 problems with manual input.
1955 For repositories using keyfile encryption the key is saved locally on
1957 the system that is capable of doing backups. To guard against loss of
1958 this key, the key needs to be backed up independently of the main data
1959 backup.
1960 For repositories using the repokey encryption the key is saved in the
1962 repository in the config file. A backup is thus not strictly needed,
1963 but guards against the repository becoming inaccessible if the file is
1964 damaged for some reason.
1965
1967 borg [common options] key import [options] [REPOSITORY] [PATH]
1968 Description
1970 This command allows to restore a key previously backed up with the ex‐
1971 port command.
1972 If the --paper option is given, the import will be an interactive
1974 process in which each line is checked for plausibility before proceed‐
1975 ing to the next line. For this format PATH must not be given.
1976
1978 borg [common options] upgrade [options] [REPOSITORY]
1979 Description
1981 Upgrade an existing, local Borg repository.
1982 When you do not need borg upgrade
1984 Not every change requires that you run borg upgrade.
1985 You do not need to run it when:
1987 • moving your repository to a different place
1989 • upgrading to another point release (like 1.0.x to 1.0.y), except when
1991 noted otherwise in the changelog
1992 • upgrading from 1.0.x to 1.1.x, except when noted otherwise in the
1994 changelog
1995 Borg 1.x.y upgrades
1997 Use borg upgrade --tam REPO to require manifest authentication intro‐
1998 duced with Borg 1.0.9 to address security issues. This means that modi‐
1999 fying the repository after doing this with a version prior to 1.0.9
2000 will raise a validation error, so only perform this upgrade after up‐
2001 dating all clients using the repository to 1.0.9 or newer.
2002 This upgrade should be done on each client for safety reasons.
2004 If a repository is accidentally modified with a pre-1.0.9 client after
2006 this upgrade, use borg upgrade --tam --force REPO to remedy it.
2007 If you routinely do this you might not want to enable this upgrade
2009 (which will leave you exposed to the security issue). You can reverse
2010 the upgrade by issuing borg upgrade --disable-tam REPO.
2011 See
2013 https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
2014 for details.
2015 Attic and Borg 0.xx to Borg 1.x
2017 This currently supports converting an Attic repository to Borg and also
2018 helps with converting Borg 0.xx to 1.0.
2019 Currently, only LOCAL repositories can be upgraded (issue #465).
2021 Please note that borg create (since 1.0.0) uses bigger chunks by de‐
2023 fault than old borg or attic did, so the new chunks won't deduplicate
2024 with the old chunks in the upgraded repository. See --chunker-params
2025 option of borg create and borg recreate.
2026 borg upgrade will change the magic strings in the repository's segments
2028 to match the new Borg magic strings. The keyfiles found in $AT‐
2029 TIC_KEYS_DIR or ~/.attic/keys/ will also be converted and copied to
2030 $BORG_KEYS_DIR or ~/.config/borg/keys.
2031 The cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic
2033 to $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between Borg
2034 and Attic changed, so it is possible the first backup after the conver‐
2035 sion takes longer than expected due to the cache resync.
2036 Upgrade should be able to resume if interrupted, although it will still
2038 iterate over all segments. If you want to start from scratch, use borg
2039 delete over the copied repository to make sure the cache files are also
2040 removed:
2041 borg delete borg
2043 Unless --inplace is specified, the upgrade process first creates a
2045 backup copy of the repository, in REPOSITORY.before-upgrade-DATETIME,
2046 using hardlinks. This requires that the repository and its parent di‐
2047 rectory reside on same filesystem so the hardlink copy can work. This
2048 takes longer than in place upgrades, but is much safer and gives
2049 progress information (as opposed to cp -al). Once you are satisfied
2050 with the conversion, you can safely destroy the backup copy.
2051 WARNING: Running the upgrade in place will make the current copy unus‐
2053 able with older version, with no way of going back to previous ver‐
2054 sions. This can PERMANENTLY DAMAGE YOUR REPOSITORY! Attic CAN NOT READ
2055 BORG REPOSITORIES, as the magic strings have changed. You have been
2056 warned.
2057 Examples
2059 # Upgrade the borg repository to the most recent version.
2060 $ borg upgrade -v /path/to/repo
2061 making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
2062 opening attic repository with borg and converting
2063 no key file found for repository
2064 converting repo index /path/to/repo/index.0
2065 converting 1 segments...
2066 converting borg 0.xx to borg current
2067 no key file found for repository
2068 Upgrading a passphrase encrypted attic repo
2070 attic offered a "passphrase" encryption mode, but this was removed in
2071 borg 1.0 and replaced by the "repokey" mode (which stores the
2072 passphrase-protected encryption key into the repository config).
2073 Thus, to upgrade a "passphrase" attic repo to a "repokey" borg repo, 2
2075 steps are needed, in this order:
2076 • borg upgrade repo
2078 • borg key migrate-to-repokey repo
2080
2082 borg [common options] recreate [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
2083 Description
2085 Recreate the contents of existing archives.
2086 recreate is a potentially dangerous function and might lead to data
2088 loss (if used wrongly). BE VERY CAREFUL!
2089 --exclude, --exclude-from, --exclude-if-present, --keep-exclude-tags
2091 and PATH have the exact same semantics as in "borg create", but they
2092 only check for files in the archives and not in the local file system.
2093 If PATHs are specified, the resulting archives will only contain files
2094 from these PATHs.
2095 Note that all paths in an archive are relative, therefore absolute pat‐
2097 terns/paths will not match (--exclude, --exclude-from, PATHs).
2098 --recompress allows to change the compression of existing data in ar‐
2100 chives. Due to how Borg stores compressed size information this might
2101 display incorrect information for archives that were not recreated at
2102 the same time. There is no risk of data loss by this.
2103 --chunker-params will re-chunk all files in the archive, this can be
2105 used to have upgraded Borg 0.xx or Attic archives deduplicate with Borg
2106 1.x archives.
2107 USE WITH CAUTION. Depending on the PATHs and patterns given, recreate
2109 can be used to permanently delete files from archives. When in doubt,
2110 use --dry-run --verbose --list to see how patterns/PATHS are inter‐
2111 preted. See list_item_flags in borg create for details.
2112 The archive being recreated is only removed after the operation com‐
2114 pletes. The archive that is built during the operation exists at the
2115 same time at "<ARCHIVE>.recreate". The new archive will have a differ‐
2116 ent archive ID.
2117 With --target the original archive is not replaced, instead a new ar‐
2119 chive is created.
2120 When rechunking space usage can be substantial, expect at least the en‐
2122 tire deduplicated size of the archives using the previous chunker
2123 params. When recompressing expect approx. (throughput / checkpoint-in‐
2124 terval) in space usage, assuming all chunks are recompressed.
2125 If you recently ran borg check --repair and it had to fix lost chunks
2127 with all-zero replacement chunks, please first run another backup for
2128 the same data and re-run borg check --repair afterwards to heal any ar‐
2129 chives that had lost chunks which are still generated from the input
2130 data.
2131 Important: running borg recreate to re-chunk will remove the
2133 chunks_healthy metadata of all items with replacement chunks, so heal‐
2134 ing will not be possible any more after re-chunking (it is also un‐
2135 likely it would ever work: due to the change of chunking parameters,
2136 the missing chunk likely will never be seen again even if you still
2137 have the data that produced it).
2138 Examples
2140 # Make old (Attic / Borg 0.xx) archives deduplicate with Borg 1.x archives.
2141 # Archives created with Borg 1.1+ and the default chunker params are skipped
2142 # (archive ID stays the same).
2143 $ borg recreate /mnt/backup --chunker-params default --progress
2144 # Create a backup with little but fast compression
2146 $ borg create /mnt/backup::archive /some/files --compression lz4
2147 # Then compress it - this might take longer, but the backup has already completed,
2148 # so no inconsistencies from a long-running backup job.
2149 $ borg recreate /mnt/backup::archive --recompress --compression zlib,9
2150 # Remove unwanted files from all archives in a repository.
2152 # Note the relative path for the --exclude option - archives only contain relative paths.
2153 $ borg recreate /mnt/backup --exclude home/icke/Pictures/drunk_photos
2154 # Change archive comment
2156 $ borg create --comment "This is a comment" /mnt/backup::archivename ~
2157 $ borg info /mnt/backup::archivename
2158 Name: archivename
2159 Fingerprint: ...
2160 Comment: This is a comment
2161 ...
2162 $ borg recreate --comment "This is a better comment" /mnt/backup::archivename
2163 $ borg info /mnt/backup::archivename
2164 Name: archivename
2165 Fingerprint: ...
2166 Comment: This is a better comment
2167 ...
2168
2170 borg [common options] export-tar [options] ARCHIVE FILE [PATH...]
2171 Description
2173 This command creates a tarball from an archive.
2174 When giving '-' as the output FILE, Borg will write a tar stream to
2176 standard output.
2177 By default (--tar-filter=auto) Borg will detect whether the FILE should
2179 be compressed based on its file extension and pipe the tarball through
2180 an appropriate filter before writing it to FILE:
2181 • .tar.gz: gzip
2183 • .tar.bz2: bzip2
2185 • .tar.xz: xz
2187 Alternatively a --tar-filter program may be explicitly specified. It
2189 should read the uncompressed tar stream from stdin and write a com‐
2190 pressed/filtered tar stream to stdout.
2191 The generated tarball uses the GNU tar format.
2193 export-tar is a lossy conversion: BSD flags, ACLs, extended attributes
2195 (xattrs), atime and ctime are not exported. Timestamp resolution is
2196 limited to whole seconds, not the nanosecond resolution otherwise sup‐
2197 ported by Borg.
2198 A --sparse option (as found in borg extract) is not supported.
2200 By default the entire archive is extracted but a subset of files and
2202 directories can be selected by passing a list of PATHs as arguments.
2203 The file selection can further be restricted by using the --exclude op‐
2204 tion.
2205 See the output of the "borg help patterns" command for more help on ex‐
2207 clude patterns.
2208 --progress can be slower than no progress display, since it makes one
2210 additional pass over the archive metadata.
2211 Examples
2213 # export as uncompressed tar
2214 $ borg export-tar /path/to/repo::Monday Monday.tar
2215 # exclude some types, compress using gzip
2217 $ borg export-tar /path/to/repo::Monday Monday.tar.gz --exclude '*.so'
2218 # use higher compression level with gzip
2220 $ borg export-tar --tar-filter="gzip -9" testrepo::linux Monday.tar.gz
2221 # export a tar, but instead of storing it on disk,
2223 # upload it to a remote site using curl.
2224 $ borg export-tar /path/to/repo::Monday - | curl --data-binary @- https://somewhere/to/POST
2225 # remote extraction via "tarpipe"
2227 $ borg export-tar /path/to/repo::Monday - | ssh somewhere "cd extracted; tar x"
2228
2230 borg [common options] serve [options]
2231 Description
2233 This command starts a repository server process. This command is usu‐
2234 ally not used manually.
2235 Examples
2237 borg serve has special support for ssh forced commands (see autho‐
2238 rized_keys example below): it will detect that you use such a forced
2239 command and extract the value of the --restrict-to-path option(s).
2240 It will then parse the original command that came from the client,
2242 makes sure that it is also borg serve and enforce path restriction(s)
2243 as given by the forced command. That way, other options given by the
2244 client (like --info or --umask) are preserved (and are not fixed by the
2245 forced command).
2246 Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in
2248 the original command sent by the client are not interpreted, but ig‐
2249 nored. If BORG_XXX environment variables should be set on the borg
2250 serve side, then these must be set in system-specific locations like
2251 /etc/environment or in the forced command itself (example below).
2252 # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
2254 # Use key options to disable unneeded and potentially dangerous SSH functionality.
2255 # This will help to secure an automated remote backup system.
2256 $ cat ~/.ssh/authorized_keys
2257 command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]
2258 # Set a BORG_XXX environment variable on the "borg serve" side
2260 $ cat ~/.ssh/authorized_keys
2261 command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
2262 NOTE:
2264 The examples above use the restrict directive. This does automati‐
2265 cally block potential dangerous ssh features, even when they are
2266 added in a future update. Thus, this option should be preferred.
2267 If you're using openssh-server < 7.2, however, you have to explic‐
2269 itly specify the ssh features to restrict and cannot simply use the
2270 restrict option as it has been introduced in v7.2. We recommend to
2271 use no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forward‐
2272 ing,no-user-rc in this case.
2273 SSH Configuration
2275 borg serve's pipes (stdin/stdout/stderr) are connected to the sshd
2276 process on the server side. In the event that the SSH connection be‐
2277 tween borg serve and the client is disconnected or stuck abnormally
2278 (for example, due to a network outage), it can take a long time for
2279 sshd to notice the client is disconnected. In the meantime, sshd con‐
2280 tinues running, and as a result so does the borg serve process holding
2281 the lock on the repository. This can cause subsequent borg operations
2282 on the remote repository to fail with the error: Failed to create/ac‐
2283 quire the lock.
2284 In order to avoid this, it is recommended to perform the following ad‐
2286 ditional SSH configuration:
2287 Either in the client side's ~/.ssh/config file, or in the client's
2289 /etc/ssh/ssh_config file:
2290 Host backupserver
2292 ServerAliveInterval 10
2293 ServerAliveCountMax 30
2294 Replacing backupserver with the hostname, FQDN or IP address of the
2296 borg server.
2297 This will cause the client to send a keepalive to the server every 10
2299 seconds. If 30 consecutive keepalives are sent without a response (a
2300 time of 300 seconds), the ssh client process will be terminated, caus‐
2301 ing the borg process to terminate gracefully.
2302 On the server side's sshd configuration file (typically
2304 /etc/ssh/sshd_config):
2305 ClientAliveInterval 10
2307 ClientAliveCountMax 30
2308 This will cause the server to send a keep alive to the client every 10
2310 seconds. If 30 consecutive keepalives are sent without a response (a
2311 time of 300 seconds), the server's sshd process will be terminated,
2312 causing the borg serve process to terminate gracefully and release the
2313 lock on the repository.
2314 If you then run borg commands with --lock-wait 600, this gives suffi‐
2316 cient time for the borg serve processes to terminate after the SSH con‐
2317 nection is torn down after the 300 second wait for the keepalives to
2318 fail.
2319 You may, of course, modify the timeout values demonstrated above to
2321 values that suit your environment and use case.
2322
2324 borg [common options] config [options] [REPOSITORY] [NAME] [VALUE]
2325 Description
2327 This command gets and sets options in a local repository or cache con‐
2328 fig file. For security reasons, this command only works on local
2329 repositories.
2330 To delete a config value entirely, use --delete. To list the values of
2332 the configuration file or the default values, use --list. To get and
2333 existing key, pass only the key name. To set a key, pass both the key
2334 name and the new value. Keys can be specified in the format "sec‐
2335 tion.name" or simply "name"; the section will default to "repository"
2336 and "cache" for the repo and cache configs, respectively.
2337 By default, borg config manipulates the repository config file. Using
2339 --cache edits the repository cache's config file instead.
2340 NOTE:
2342 The repository & cache config files are some of the only directly
2343 manipulable parts of a repository that aren't versioned or backed
2344 up, so be careful when making changes!
2345 Examples
2347 # find cache directory
2348 $ cd ~/.cache/borg/$(borg config /path/to/repo id)
2349 # reserve some space
2351 $ borg config /path/to/repo additional_free_space 2G
2352 # make a repo append-only
2354 $ borg config /path/to/repo append_only 1
2355
2357 borg [common options] with-lock [options] REPOSITORY COMMAND [ARGS...]
2358 Description
2360 This command runs a user-specified command while the repository lock is
2361 held.
2362 It will first try to acquire the lock (make sure that no other opera‐
2364 tion is running in the repo), then execute the given command as a sub‐
2365 process and wait for its termination, release the lock and return the
2366 user command's return code as borg's return code.
2367 NOTE:
2369 If you copy a repository with the lock held, the lock will be
2370 present in the copy. Thus, before using borg on the copy from a dif‐
2371 ferent host, you need to use "borg break-lock" on the copied reposi‐
2372 tory, because Borg is cautious and does not automatically remove
2373 stale locks made by a different host.
2374
2376 borg [common options] break-lock [options] [REPOSITORY]
2377 Description
2379 This command breaks the repository and cache locks. Please use care‐
2380 fully and only while no borg process (on any machine) is trying to ac‐
2381 cess the Cache or the Repository.
2382
2384 borg [common options] benchmark crud [options] REPOSITORY PATH
2385 Description
2387 This command benchmarks borg CRUD (create, read, update, delete) opera‐
2388 tions.
2389 It creates input data below the given PATH and backups this data into
2391 the given REPO. The REPO must already exist (it could be a fresh empty
2392 repo or an existing repo, the command will create / read / update /
2393 delete some archives named borg-benchmark-crud* there.
2394 Make sure you have free space there, you'll need about 1GB each (+
2396 overhead).
2397 If your repository is encrypted and borg needs a passphrase to unlock
2399 the key, use:
2400 BORG_PASSPHRASE=mysecret borg benchmark crud REPO PATH
2402 Measurements are done with different input file sizes and counts. The
2404 file contents are very artificial (either all zero or all random), thus
2405 the measurement results do not necessarily reflect performance with
2406 real data. Also, due to the kind of content used, no compression is
2407 used in these benchmarks.
2408 C- == borg create (1st archive creation, no compression, do not use
2410 files cache)
2411 C-Z- == all-zero files. full dedup, this is primarily measuring
2412 reader/chunker/hasher. C-R- == random files. no dedup, measur‐
2413 ing throughput through all processing stages.
2414 R- == borg extract (extract archive, dry-run, do everything, but do not
2416 write files to disk)
2417 R-Z- == all zero files. Measuring heavily duplicated files.
2418 R-R- == random files. No duplication here, measuring throughput
2419 through all processing stages, except writing to disk.
2420 U- == borg create (2nd archive creation of unchanged input files, mea‐
2422 sure files cache speed)
2423 The throughput value is kind of virtual here, it does not actu‐
2424 ally read the file. U-Z- == needs to check the 2 all-zero
2425 chunks' existence in the repo. U-R- == needs to check existence
2426 of a lot of different chunks in the repo.
2427 D- == borg delete archive (delete last remaining archive, measure dele‐
2429 tion + compaction)
2430 D-Z- == few chunks to delete / few segments to compact/remove.
2431 D-R- == many chunks to delete / many segments to compact/remove.
2432 Please note that there might be quite some variance in these measure‐
2434 ments. Try multiple measurements and having a otherwise idle machine
2435 (and network, if you use it).
2436
2438 borg help patterns
2439 The path/filenames used as input for the pattern matching start from
2440 the currently active recursion root. You usually give the recursion
2441 root(s) when invoking borg and these can be either relative or absolute
2442 paths.
2443 So, when you give relative/ as root, the paths going into the matcher
2445 will look like relative/.../file.ext. When you give /absolute/ as root,
2446 they will look like /absolute/.../file.ext. This is meant when we talk
2447 about "full path" below.
2448 File paths in Borg archives are always stored normalized and relative.
2450 This means that e.g. borg create /path/to/repo ../some/path will store
2451 all files as some/path/.../file.ext and borg create /path/to/repo
2452 /home/user will store all files as home/user/.../file.ext. Therefore,
2453 always use relative paths in your patterns when matching archive con‐
2454 tent in commands like extract or mount. Starting with Borg 1.2 this be‐
2455 haviour will be changed to accept both absolute and relative paths.
2456 File patterns support these styles: fnmatch, shell, regular expres‐
2458 sions, path prefixes and path full-matches. By default, fnmatch is used
2459 for --exclude patterns and shell-style is used for the experimental
2460 --pattern option.
2461 If followed by a colon (':') the first two characters of a pattern are
2463 used as a style selector. Explicit style selection is necessary when a
2464 non-default style is desired or when the desired pattern starts with
2465 two alphanumeric characters followed by a colon (i.e. aa:something/*).
2466 Fnmatch, selector fm:
2468 This is the default style for --exclude and --exclude-from.
2469 These patterns use a variant of shell pattern syntax, with '*'
2470 matching any number of characters, '?' matching any single char‐
2471 acter, '[...]' matching any single character specified, includ‐
2472 ing ranges, and '[!...]' matching any character not specified.
2473 For the purpose of these patterns, the path separator (backslash
2474 for Windows and '/' on other systems) is not treated specially.
2475 Wrap meta-characters in brackets for a literal match (i.e. [?]
2476 to match the literal character ?). For a path to match a pat‐
2477 tern, the full path must match, or it must match from the start
2478 of the full path to just before a path separator. Except for the
2479 root path, paths will never end in the path separator when
2480 matching is attempted. Thus, if a given pattern ends in a path
2481 separator, a '*' is appended before matching is attempted.
2482 Shell-style patterns, selector sh:
2484 This is the default style for --pattern and --patterns-from.
2485 Like fnmatch patterns these are similar to shell patterns. The
2486 difference is that the pattern may include **/ for matching zero
2487 or more directory levels, * for matching zero or more arbitrary
2488 characters with the exception of any path separator.
2489 Regular expressions, selector re:
2491 Regular expressions similar to those found in Perl are sup‐
2492 ported. Unlike shell patterns regular expressions are not re‐
2493 quired to match the full path and any substring match is suffi‐
2494 cient. It is strongly recommended to anchor patterns to the
2495 start ('^'), to the end ('$') or both. Path separators (back‐
2496 slash for Windows and '/' on other systems) in paths are always
2497 normalized to a forward slash ('/') before applying a pattern.
2498 The regular expression syntax is described in the Python docu‐
2499 mentation for the re module.
2500 Path prefix, selector pp:
2502 This pattern style is useful to match whole sub-directories. The
2503 pattern pp:root/somedir matches root/somedir and everything
2504 therein.
2505 Path full-match, selector pf:
2507 This pattern style is (only) useful to match full paths. This
2508 is kind of a pseudo pattern as it can not have any variable or
2509 unspecified parts - the full path must be given.
2510 pf:root/file.ext matches root/file.ext only.
2511 Implementation note: this is implemented via very time-efficient
2513 O(1) hashtable lookups (this means you can have huge amounts of
2514 such patterns without impacting performance much). Due to that,
2515 this kind of pattern does not respect any context or order. If
2516 you use such a pattern to include a file, it will always be in‐
2517 cluded (if the directory recursion encounters it). Other in‐
2518 clude/exclude patterns that would normally match will be ig‐
2519 nored. Same logic applies for exclude.
2520 NOTE:
2522 re:, sh: and fm: patterns are all implemented on top of the Python
2523 SRE engine. It is very easy to formulate patterns for each of these
2524 types which requires an inordinate amount of time to match paths. If
2525 untrusted users are able to supply patterns, ensure they cannot sup‐
2526 ply re: patterns. Further, ensure that sh: and fm: patterns only
2527 contain a handful of wildcards at most.
2528 Exclusions can be passed via the command line option --exclude. When
2530 used from within a shell, the patterns should be quoted to protect them
2531 from expansion.
2532 The --exclude-from option permits loading exclusion patterns from a
2534 text file with one pattern per line. Lines empty or starting with the
2535 number sign ('#') after removing whitespace on both ends are ignored.
2536 The optional style selector prefix is also supported for patterns
2537 loaded from a file. Due to whitespace removal, paths with whitespace at
2538 the beginning or end can only be excluded using regular expressions.
2539 To test your exclusion patterns without performing an actual backup you
2541 can run borg create --list --dry-run ....
2542 Examples:
2544 # Exclude '/home/user/file.o' but not '/home/user/file.odt':
2546 $ borg create -e '*.o' backup /
2547 # Exclude '/home/user/junk' and '/home/user/subdir/junk' but
2549 # not '/home/user/importantjunk' or '/etc/junk':
2550 $ borg create -e '/home/*/junk' backup /
2551 # Exclude the contents of '/home/user/cache' but not the directory itself:
2553 $ borg create -e /home/user/cache/ backup /
2554 # The file '/home/user/cache/important' is *not* backed up:
2556 $ borg create -e /home/user/cache/ backup / /home/user/cache/important
2557 # The contents of directories in '/home' are not backed up when their name
2559 # ends in '.tmp'
2560 $ borg create --exclude 're:^/home/[^/]+\.tmp/' backup /
2561 # Load exclusions from file
2563 $ cat >exclude.txt <<EOF
2564 # Comment line
2565 /home/*/junk
2566 *.tmp
2567 fm:aa:something/*
2568 re:^/home/[^/]+\.tmp/
2569 sh:/home/*/.thumbnails
2570 # Example with spaces, no need to escape as it is processed by borg
2571 some file with spaces.txt
2572 EOF
2573 $ borg create --exclude-from exclude.txt backup /
2574 A more general and easier to use way to define filename matching pat‐
2575 terns exists with the experimental --pattern and --patterns-from op‐
2576 tions. Using these, you may specify the backup roots (starting points)
2577 and patterns for inclusion/exclusion. A root path starts with the pre‐
2578 fix R, followed by a path (a plain path, not a file pattern). An in‐
2579 clude rule starts with the prefix +, an exclude rule starts with the
2580 prefix -, an exclude-norecurse rule starts with !, all followed by a
2581 pattern.
2582 NOTE:
2584 Via --pattern or --patterns-from you can define BOTH inclusion and
2585 exclusion of files using pattern prefixes + and -. With --exclude
2586 and --exclude-from ONLY excludes are defined.
2587 Inclusion patterns are useful to include paths that are contained in an
2589 excluded path. The first matching pattern is used so if an include pat‐
2590 tern matches before an exclude pattern, the file is backed up. If an
2591 exclude-norecurse pattern matches a directory, it won't recurse into it
2592 and won't discover any potential matches for include rules below that
2593 directory.
2594 Note that the default pattern style for --pattern and --patterns-from
2596 is shell style (sh:), so those patterns behave similar to rsync in‐
2597 clude/exclude patterns. The pattern style can be set via the P prefix.
2598 Patterns (--pattern) and excludes (--exclude) from the command line are
2600 considered first (in the order of appearance). Then patterns from
2601 --patterns-from are added. Exclusion patterns from --exclude-from files
2602 are appended last.
2603 Examples:
2605 # backup pics, but not the ones from 2018, except the good ones:
2607 # note: using = is essential to avoid cmdline argument parsing issues.
2608 borg create --pattern=+pics/2018/good --pattern=-pics/2018 repo::arch pics
2609 # use a file with patterns:
2611 borg create --patterns-from patterns.lst repo::arch
2612 The patterns.lst file could look like that:
2614 # "sh:" pattern style is the default, so the following line is not needed:
2616 P sh
2617 R /
2618 # can be rebuild
2619 - /home/*/.cache
2620 # they're downloads for a reason
2621 - /home/*/Downloads
2622 # susan is a nice person
2623 # include susans home
2624 + /home/susan
2625 # don't backup the other home directories
2626 - /home/*
2627 # don't even look in /proc
2628 ! /proc
2629 borg help placeholders
2631 Repository (or Archive) URLs, --prefix, --glob-archives, --comment and
2632 --remote-path values support these placeholders:
2633 {hostname}
2635 The (short) hostname of the machine.
2636 {fqdn} The full name of the machine.
2638 {reverse-fqdn}
2640 The full name of the machine in reverse domain name notation.
2641 {now} The current local date and time, by default in ISO-8601 format.
2643 You can also supply your own format string, e.g.
2644 {now:%Y-%m-%d_%H:%M:%S}
2645 {utcnow}
2647 The current UTC date and time, by default in ISO-8601 format.
2648 You can also supply your own format string, e.g. {utc‐
2649 now:%Y-%m-%d_%H:%M:%S}
2650 {user} The user name (or UID, if no name is available) of the user run‐
2652 ning borg.
2653 {pid} The current process ID.
2655 {borgversion}
2657 The version of borg, e.g.: 1.0.8rc1
2658 {borgmajor}
2660 The version of borg, only the major version, e.g.: 1
2661 {borgminor}
2663 The version of borg, only major and minor version, e.g.: 1.0
2664 {borgpatch}
2666 The version of borg, only major, minor and patch version, e.g.:
2667 1.0.8
2668 If literal curly braces need to be used, double them for escaping:
2670 borg create /path/to/repo::{{literal_text}}
2672 Examples:
2674 borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
2676 borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
2677 borg prune --prefix '{hostname}-' ...
2678 NOTE:
2680 systemd uses a difficult, non-standard syntax for command lines in
2681 unit files (refer to the systemd.unit(5) manual page).
2682 When invoking borg from unit files, pay particular attention to es‐
2684 caping, especially when using the now/utcnow placeholders, since
2685 systemd performs its own %-based variable replacement even in quoted
2686 text. To avoid interference from systemd, double all percent signs
2687 ({hostname}-{now:%Y-%m-%d_%H:%M:%S} becomes {host‐
2688 name}-{now:%%Y-%%m-%%d_%%H:%%M:%%S}).
2689 borg help compression
2691 It is no problem to mix different compression methods in one repo,
2692 deduplication is done on the source data chunks (not on the compressed
2693 or encrypted data).
2694 If some specific chunk was once compressed and stored into the repo,
2696 creating another backup that also uses this chunk will not change the
2697 stored chunk. So if you use different compression specs for the back‐
2698 ups, whichever stores a chunk first determines its compression. See
2699 also borg recreate.
2700 Compression is lz4 by default. If you want something else, you have to
2702 specify what you want.
2703 Valid compression specifiers are:
2705 none Do not compress.
2707 lz4 Use lz4 compression. Very high speed, very low compression. (de‐
2709 fault)
2710 zstd[,L]
2712 Use zstd ("zstandard") compression, a modern wide-range algo‐
2713 rithm. If you do not explicitely give the compression level L
2714 (ranging from 1 to 22), it will use level 3. Archives com‐
2715 pressed with zstd are not compatible with borg < 1.1.4.
2716 zlib[,L]
2718 Use zlib ("gz") compression. Medium speed, medium compression.
2719 If you do not explicitely give the compression level L (ranging
2720 from 0 to 9), it will use level 6. Giving level 0 (means "no
2721 compression", but still has zlib protocol overhead) is usually
2722 pointless, you better use "none" compression.
2723 lzma[,L]
2725 Use lzma ("xz") compression. Low speed, high compression. If
2726 you do not explicitely give the compression level L (ranging
2727 from 0 to 9), it will use level 6. Giving levels above 6 is
2728 pointless and counterproductive because it does not compress
2729 better due to the buffer size used by borg - but it wastes lots
2730 of CPU cycles and RAM.
2731 auto,C[,L]
2733 Use a built-in heuristic to decide per chunk whether to compress
2734 or not. The heuristic tries with lz4 whether the data is com‐
2735 pressible. For incompressible data, it will not use compression
2736 (uses "none"). For compressible data, it uses the given C[,L]
2737 compression - with C[,L] being any valid compression specifier.
2738 Examples:
2740 borg create --compression lz4 REPO::ARCHIVE data
2742 borg create --compression zstd REPO::ARCHIVE data
2743 borg create --compression zstd,10 REPO::ARCHIVE data
2744 borg create --compression zlib REPO::ARCHIVE data
2745 borg create --compression zlib,1 REPO::ARCHIVE data
2746 borg create --compression auto,lzma,6 REPO::ARCHIVE data
2747 borg create --compression auto,lzma ...
2748
2750 There is a borg debug command that has some subcommands which are all
2751 not intended for normal use and potentially very dangerous if used in‐
2752 correctly.
2753 For example, borg debug put-obj and borg debug delete-obj will only do
2755 what their name suggests: put objects into repo / delete objects from
2756 repo.
2757 Please note:
2759 • they will not update the chunks cache (chunks index) about the object
2761 • they will not update the manifest (so no automatic chunks index
2763 resync is triggered)
2764 • they will not check whether the object is in use (e.g. before
2766 delete-obj)
2767 • they will not update any metadata which may point to the object
2769 They exist to improve debugging capabilities without direct system ac‐
2771 cess, e.g. in case you ever run into some severe malfunction. Use them
2772 only if you know what you are doing or if a trusted Borg developer
2773 tells you what to do.
2774 Borg has a --debug-topic TOPIC option to enable specific debugging mes‐
2776 sages. Topics are generally not documented.
2777 A --debug-profile FILE option exists which writes a profile of the main
2779 program's execution to a file. The format of these files is not di‐
2780 rectly compatible with the Python profiling tools, since these use the
2781 "marshal" format, which is not intended to be secure (quoting the
2782 Python docs: "Never unmarshal data received from an untrusted or unau‐
2783 thenticated source.").
2784 The borg debug profile-convert command can be used to take a Borg pro‐
2786 file and convert it to a profile file that is compatible with the
2787 Python tools.
2788 Additionally, if the filename specified for --debug-profile ends with
2790 ".pyprof" a Python compatible profile is generated. This is only in‐
2791 tended for local use by developers.
2792
2794 Here are misc. notes about topics that are maybe not covered in enough
2795 detail in the usage section.
2796 --chunker-params
2798 The chunker params influence how input files are cut into pieces
2799 (chunks) which are then considered for deduplication. They also have a
2800 big impact on resource usage (RAM and disk space) as the amount of re‐
2801 sources needed is (also) determined by the total amount of chunks in
2802 the repository (see cache-memory-usage for details).
2803 --chunker-params=10,23,16,4095 results in a fine-grained deduplication|
2805 and creates a big amount of chunks and thus uses a lot of resources to
2806 manage them. This is good for relatively small data volumes and if the
2807 machine has a good amount of free RAM and disk space.
2808 --chunker-params=19,23,21,4095 (default) results in a coarse-grained
2810 deduplication and creates a much smaller amount of chunks and thus uses
2811 less resources. This is good for relatively big data volumes and if the
2812 machine has a relatively low amount of free RAM and disk space.
2813 If you already have made some archives in a repository and you then
2815 change chunker params, this of course impacts deduplication as the
2816 chunks will be cut differently.
2817 In the worst case (all files are big and were touched in between back‐
2819 ups), this will store all content into the repository again.
2820 Usually, it is not that bad though:
2822 • usually most files are not touched, so it will just re-use the old
2824 chunks it already has in the repo
2825 • files smaller than the (both old and new) minimum chunksize result in
2827 only one chunk anyway, so the resulting chunks are same and dedupli‐
2828 cation will apply
2829 If you switch chunker params to save resources for an existing repo
2831 that already has some backup archives, you will see an increasing ef‐
2832 fect over time, when more and more files have been touched and stored
2833 again using the bigger chunksize and all references to the smaller
2834 older chunks have been removed (by deleting / pruning archives).
2835 If you want to see an immediate big effect on resource usage, you bet‐
2837 ter start a new repository when changing chunker params.
2838 For more details, see chunker_details.
2840 --noatime / --noctime
2842 You can use these borg create options to not store the respective time‐
2843 stamp into the archive, in case you do not really need it.
2844 Besides saving a little space for the not archived timestamp, it might
2846 also affect metadata stream deduplication: if only this timestamp
2847 changes between backups and is stored into the metadata stream, the
2848 metadata stream chunks won't deduplicate just because of that.
2849 --nobsdflags
2851 You can use this to not query and store (or not extract and set) bsd‐
2852 flags - in case you don't need them or if they are broken somehow for
2853 your fs.
2854 On Linux, dealing with the bsflags needs some additional syscalls. Es‐
2856 pecially when dealing with lots of small files, this causes a notice‐
2857 able overhead, so you can use this option also for speeding up opera‐
2858 tions.
2859 --umask
2861 If you use --umask, make sure that all repository-modifying borg com‐
2862 mands (create, delete, prune) that access the repository in question
2863 use the same --umask value.
2864 If multiple machines access the same repository, this should hold true
2866 for all of them.
2867 --read-special
2869 The --read-special option is special - you do not want to use it for
2870 normal full-filesystem backups, but rather after carefully picking some
2871 targets for it.
2872 The option --read-special triggers special treatment for block and char
2874 device files as well as FIFOs. Instead of storing them as such a device
2875 (or FIFO), they will get opened, their content will be read and in the
2876 backup archive they will show up like a regular file.
2877 Symlinks will also get special treatment if (and only if) they point to
2879 such a special file: instead of storing them as a symlink, the target
2880 special file will get processed as described above.
2881 One intended use case of this is backing up the contents of one or mul‐
2883 tiple block devices, like e.g. LVM snapshots or inactive LVs or disk
2884 partitions.
2885 You need to be careful about what you include when using --read-spe‐
2887 cial, e.g. if you include /dev/zero, your backup will never terminate.
2888 Restoring such files' content is currently only supported one at a time
2890 via --stdout option (and you have to redirect stdout to where ever it
2891 shall go, maybe directly into an existing device file of your choice or
2892 indirectly via dd).
2893 To some extent, mounting a backup archive with the backups of special
2895 files via borg mount and then loop-mounting the image files from inside
2896 the mount point will work. If you plan to access a lot of data in
2897 there, it likely will scale and perform better if you do not work via
2898 the FUSE mount.
2899 Example
2901 Imagine you have made some snapshots of logical volumes (LVs) you want
2902 to backup.
2903 NOTE:
2905 For some scenarios, this is a good method to get "crash-like" con‐
2906 sistency (I call it crash-like because it is the same as you would
2907 get if you just hit the reset button or your machine would abruptly
2908 and completely crash). This is better than no consistency at all
2909 and a good method for some use cases, but likely not good enough if
2910 you have databases running.
2911 Then you create a backup archive of all these snapshots. The backup
2913 process will see a "frozen" state of the logical volumes, while the
2914 processes working in the original volumes continue changing the data
2915 stored there.
2916 You also add the output of lvdisplay to your backup, so you can see the
2918 LV sizes in case you ever need to recreate and restore them.
2919 After the backup has completed, you remove the snapshots again.
2921 $ # create snapshots here
2923 $ lvdisplay > lvdisplay.txt
2924 $ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
2925 $ # remove snapshots here
2926 Now, let's see how to restore some LVs from such a backup.
2928 $ borg extract /path/to/repo::arch lvdisplay.txt
2930 $ # create empty LVs with correct sizes here (look into lvdisplay.txt).
2931 $ # we assume that you created an empty root and home LV and overwrite it now:
2932 $ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
2933 $ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home
2934 Append-only mode
2936 A repository can be made "append-only", which means that Borg will
2937 never overwrite or delete committed data (append-only refers to the
2938 segment files, but borg will also reject to delete the repository com‐
2939 pletely). This is useful for scenarios where a backup client machine
2940 backups remotely to a backup server using borg serve, since a hacked
2941 client machine cannot delete backups on the server permanently.
2942 To activate append-only mode, set append_only to 1 in the repository
2944 config:
2945 borg config /path/to/repo append_only 1
2947 Note that you can go back-and-forth between normal and append-only op‐
2949 eration with borg config; it's not a "one way trip."
2950 In append-only mode Borg will create a transaction log in the transac‐
2952 tions file, where each line is a transaction and a UTC timestamp.
2953 In addition, borg serve can act as if a repository is in append-only
2955 mode with its option --append-only. This can be very useful for
2956 fine-tuning access control in .ssh/authorized_keys:
2957 command="borg serve --append-only ..." ssh-rsa <key used for not-always-trustable backup clients>
2959 command="borg serve ..." ssh-rsa <key used for backup management>
2960 Running borg init via a borg serve --append-only server will not create
2962 an append-only repository. Running borg init --append-only creates an
2963 append-only repository regardless of server settings.
2964 Example
2966 Suppose an attacker remotely deleted all backups, but your repository
2967 was in append-only mode. A transaction log in this situation might look
2968 like this:
2969 transaction 1, UTC time 2016-03-31T15:53:27.383532
2971 transaction 5, UTC time 2016-03-31T15:53:52.588922
2972 transaction 11, UTC time 2016-03-31T15:54:23.887256
2973 transaction 12, UTC time 2016-03-31T15:55:54.022540
2974 transaction 13, UTC time 2016-03-31T15:55:55.472564
2975 From your security logs you conclude the attacker gained access at
2977 15:54:00 and all the backups where deleted or replaced by compromised
2978 backups. From the log you know that transactions 11 and later are com‐
2979 promised. Note that the transaction ID is the name of the last file in
2980 the transaction. For example, transaction 11 spans files 6 to 11.
2981 In a real attack you'll likely want to keep the compromised repository
2983 intact to analyze what the attacker tried to achieve. It's also a good
2984 idea to make this copy just in case something goes wrong during the re‐
2985 covery. Since recovery is done by deleting some files, a hard link copy
2986 (cp -al) is sufficient.
2987 The first step to reset the repository to transaction 5, the last un‐
2989 compromised transaction, is to remove the hints.N, index.N and integ‐
2990 rity.N files in the repository (these files are always expendable). In
2991 this example N is 13.
2992 Then remove or move all segment files from the segment directories in
2994 data/ starting with file 6:
2995 rm data/**/{6..13}
2997 That's all to do in the repository.
2999 If you want to access this rollbacked repository from a client that al‐
3001 ready has a cache for this repository, the cache will reflect a newer
3002 repository state than what you actually have in the repository now, af‐
3003 ter the rollback.
3004 Thus, you need to clear the cache:
3006 borg delete --cache-only repo
3008 The cache will get rebuilt automatically. Depending on repo size and
3010 archive count, it may take a while.
3011 You also will need to remove ~/.config/borg/security/REPOID/mani‐
3013 fest-timestamp.
3014 Drawbacks
3016 As data is only appended, and nothing removed, commands like prune or
3017 delete won't free disk space, they merely tag data as deleted in a new
3018 transaction.
3019 Be aware that as soon as you write to the repo in non-append-only mode
3021 (e.g. prune, delete or create archives from an admin machine), it will
3022 remove the deleted objects permanently (including the ones that were
3023 already marked as deleted, but not removed, in append-only mode). Auto‐
3024 mated edits to the repository (such as a cron job running borg prune)
3025 will render append-only mode moot if data is deleted.
3026 Even if an archive appears to be available, it is possible an attacker
3028 could delete just a few chunks from an archive and silently corrupt its
3029 data. While in append-only mode, this is reversible, but borg check
3030 should be run before a writing/pruning operation on an append-only
3031 repository to catch accidental or malicious corruption:
3032 # run without append-only mode
3034 borg check --verify-data repo
3035 Aside from checking repository & archive integrity you may want to also
3037 manually check backups to ensure their content seems correct.
3038 Further considerations
3040 Append-only mode is not respected by tools other than Borg. rm still
3041 works on the repository. Make sure that backup client machines only get
3042 to access the repository via borg serve.
3043 Ensure that no remote access is possible if the repository is temporar‐
3045 ily set to normal mode for e.g. regular pruning.
3046 Further protections can be implemented, but are outside of Borg's
3048 scope. For example, file system snapshots or wrapping borg serve to set
3049 special permissions or ACLs on new data files.
3050 SSH batch mode
3052 When running Borg using an automated script, ssh might still ask for a
3053 password, even if there is an SSH key for the target server. Use this
3054 to make scripts more robust:
3055 export BORG_RSH='ssh -oBatchMode=yes'
3057
3059 The Borg Collective (see AUTHORS file)
3060
3062 2010-2021 Jonas Borgström, 2015-2021 The Borg Collective (see AUTHORS
3063 file)
30641.1.17 2021-07-25 BORG(1)