1backintime(1) USER COMMANDS backintime(1)
2
6 backintime - a simple backup tool for Linux.
7 This is the command line tool. The graphical tool is backintime-qt.
9
11 backintime [--checksum] [--config PATH] [--debug] [--delete] [--help |
12 -h] [--keep-mount] [--license] [--local-backup | --no-local-backup]
13 [--no-crontab] [--only-new] [--profile NAME | --profile-id ID]
14 [--quiet] [--share-path PATH] [--version]
15 { backup | backup-job | benchmark-cipher [FILE-SIZE] | check-config |
17 decode [PATH] | last-snapshot | last-snapshot-path | pw-cache
18 [start|stop|restart|reload|status] | remove[-and-do-not-ask-again]
19 [SNAPSHOT_ID] | restore [WHAT [WHERE [SNAPSHOT_ID]]] | shutdown |
20 smart-remove | snapshots-list | snapshots-list-path | snapshots-path |
21 unmount }
22
25 Back In Time is a simple backup tool for Linux. The backup is done by
26 taking snapshots of a specified set of folders.
27 All you have to do is configure: where to save snapshots, what folders
29 to backup. You can also specify a backup schedule: disabled, every 5
30 minutes, every 10 minutes, every hour, every day, every week, every
31 month. To configure it use one of the graphical interfaces available
32 (backintime-gnome or backintime-kde4).
33 It acts as a 'user mode' backup tool. This means that you can
35 backup/restore only folders you have write access to (actually you can
36 backup read-only folders, but you can't restore them).
37 If you want to run it as root you need to use 'sudo -i backintime'.
39 A new snapshot is created only if something changed since the last
41 snapshot (if any).
42 A snapshot contains all the files from the selected folders (except for
44 exclude patterns). In order to reduce disk space it use hard-links (if
45 possible) between snapshots for unchanged files. This way a file of
46 10MiB, unchanged for 10 snapshots, will use only 10MiB on the disk.
47 When you restore a file 'A', if it already exists on the file system it
49 will be renamed to 'A.backup.currentdate'.
50 For automatic backup it use 'cron' so there is no need for a daemon,
52 but 'cron' must be running.
53 Modes
55 Local
56 Store snapshots on local HDD's (internal or USB). The drive has to
57 be mounted before creating a new snapshot.
58 Local encrypted
60 Store encrypted snapshots on local HDD's (internal or USB). Back
61 In Time uses 'encfs' with standard configuration to encrypt all
62 data. Please take a look at A NOTE ON SECURITY.
63 SSH
65 With Mode set to SSH you can store the backup on a remote host us‐
66 ing the SecureShellHost protocol (ssh). The remote path will be
67 mount local using sshfs to provide file-access for the graphical
68 interface and the backup process. Rsync and other processes called
69 during backup process will run directly on the remote host using
70 ssh.
71 To prepare your user account for ssh-mode you have to create a
73 password-less login to the remote host (for further information
74 look at http://www.debian-administration.org/articles/152). Type
75 in terminal 'ssh-keygen -t rsa' hit enter for default path and en‐
76 ter a passphrase for the private key.
77 Finally type 'ssh-copy-id -i ~/.ssh/id_rsa.pub <RE‐
79 MOTE_USER>@<HOST>' and enter your password on remote host.
80 In Settingsdialog you need to set the host and remote user. If you
82 enter a relative path (no leading / ) it will start from remote
83 users homedir. The password has to be the passphrase for your pri‐
84 vate key.
85 Cipher (the algorithm used to encrypt the data during transfer)
87 To optimize performance you can choose the cipher used by ssh. De‐
88 pending on your environment you can have a massive speed increase
89 compared to the default cipher.
90 benchmark-cipher will give you an overview over which cipher is the
92 fastest in your environment.
93 If the bottleneck of your environment is the hard-drive or the net‐
95 work you will not see a big difference between the ciphers. In this
96 case you should rather stay on 'default'.
97 Please read security information about the cipher before using them
99 in untrusted networks (Wifi, Internet). Some of them (Arcfour,
100 3DES, ...) should be handled as not secure anymore.
101 Remote Host
103 If your remote host is an embedded Linux NAS or any other device
104 with limited functions, you could run into some problems caused by
105 feature-less commands. For example some devices may not have
106 hardlink support for 'cp', 'chmod' and 'rsync'. In this case it may
107 help to install so-called Optware or Entware on your device if
108 available.
109 WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
111 If you don't know how to compile packages and how to modify a Linux
112 system you should NOT try to do this. There is a significant chance
113 to break your device and make it completely unusable with the fol‐
114 lowing procedure. We will not take any warranty for this. Make a
115 backup of your device before proceed! You have been warned!
116 You should install at least packages called 'bash', 'coreutils' and
118 'rsync'. You will have to change users default shell from
119 '/bin/sh' to '/opt/bin/bash' in '/etc/passwd'. To add
120 '/opt/bin:/opt/sbin:' to the start of the PATH environment you can
121 use 'Add prefix to SSH commands' in 'Expert Options' with
122 'PATH=/opt/bin:/opt/sbin:\$PATH'.
123 To check if it does work you can compare the output of '/bin/cp
125 --help' and '/opt/bin/cp --help'. If 'ssh <user>@<host> cp --help'
126 called from your PC will print the same as '/opt/bin/cp --help'
127 called on the remote host (via interactive ssh session) you are
128 ready to go.
129 If you have questions on how to install and configure the Optware
131 please refer to the community of your device. You can also take a
132 look on Back In Time FAQ on GitHub https://github.com/bit-
133 team/backintime/wiki/FAQ
134 If you successfully modified your device to be able to make backups
136 over ssh, it would be nice if you write a 'How to' on Launchpad's
137 Answers so we can add this to the FAQ.
138 SSH encrypted
140 Store encrypted snapshots on remote hosts using SSH. Backintime
141 uses 'encfs --reverse' to mount the root filesystem '/'. Rsync will
142 sync this encrypted view of '/' to a remote host over SSH. All en‐
143 coding will be done on the local machine. So the password will
144 never be exposed to the remote host and you can use the (normally)
145 more powerful processor in you local machine for encryption instead
146 of weak NAS CPU's. The downside on this is 'encfs --reverse' does
147 not support 'Filename Initialization Vector Chaining' and 'Per-File
148 Initialization Vectors' from the standard configuration (take a
149 look at 'man encfs' for further information). Please take a look at
150 A NOTE ON SECURITY.
151 Because of all data is transferred encrypted the log output shows
153 encrypted filenames, too. In the Logview-Dialog you can use 'de‐
154 code' option to decrypt the paths automatically or you can use
155 'backintime decode' to manually decrypt paths. Back In Time will
156 show all snapshots decoded so you can browse all files as normal.
157 Exclude does not support wildcards ('foo*', '[fF]oo', 'fo?') be‐
159 cause after encoding a file these wildcards can't match any more.
160 Only separate asterisk that match a full file or folder will work
161 ('foo/*', 'foo/**/bar'). All other excludes that have wildcards
162 will be silently ignored.
163 Please refer to the 'SSH' section above for information on setting
165 up the SSH connection.
166 Password
168 If 'Save Password to Keyring' is activated Back In Time will save the
169 Password into GnomeKeyring (Seahorse) or KDE-KWallet. Both are secure
170 password storages which encrypt the password with the users login-pass‐
171 word. So they can only be accessed if the user is logged in.
172 A backup cronjob during the user isn't logged in can not collect the
174 password from keyring. Also if the homedir is encrypted the keyring is
175 not accessible from cronjobs (even if the user is logged in). For these
176 cases the password can be cached in RAM. If 'Cache Password for Cron'
177 is activated Back In Time will start a small daemon in user-space which
178 will collect the password from keyring and provide them for cronjobs.
179 They will never be written to the harddrive but a user with root per‐
180 missions could access the daemon and read the password.
181 user-callback
183 During backup process the application can call a user callback at dif‐
184 ferent steps. This callback is "$XDG_CONFIG_HOME/backintime/user-call‐
185 back" (by default $XDG_CONFIG_HOME is ~/.config).
186 The first argument is the profile id (1=Main Profile, ...).
188 The second argument is the profile name.
190 The third argument is the reason:
192 1 Backup process begins.
194 2 Backup process ends.
196 3 A new snapshot was taken. The extra arguments are snap‐
198 shot ID and snapshot path.
199 4 There was an error. The second argument is the error
201 code.
202 Error codes:
203 1 The application is not configured.
205 2 A "take snapshot" process is already running.
207 3 Can't find snapshots folder (is it on a removable
209 drive ?).
210 4 A snapshot for "now" already exist.
212 5 On (graphical) App start.
214 6 On (graphical) App close.
216 7 Mount all necessary drives.
218 8 Unmount all drives.
220
222 --checksum
223 Force to use checksum for checking if files have been changed.
224 This is the same as 'Use checksum to detect changes' in Options.
225 But you can use this to periodically run checksums from cron‐
226 jobs. Only valid with backup, backup-job and restore.
227 --config PATH
229 Read config from PATH. Default = ~/.config/backintime/config
230 --debug
232 Show debug messages.
233 --delete
235 Restore and delete newer files which are not in the snapshot.
236 WARNING: deleting files in filesystem root could break your
237 whole system!!! Only valid with restore.
238 -h, --help
240 Display a short help
241 --keep-mount
243 Don't unmount on exit. Only valid with snapshots-path, snap‐
244 shots-list-path and last-snapshot-path.
245 --license
247 Show license
248 --local-backup
250 Create backup files before changing local files. Only valid
251 with restore.
252 --no-crontab
254 Do not install crontab entries. Only valid with check-config.
255 --no-local-backup
257 Temporary disable creation of backup files before changing local
258 files. Only valid with restore.
259 --only-new
261 Only restore files which does not exist or are newer than those
262 in destination. Using "rsync --update" option. Only valid with
263 restore.
264 --profile NAME
266 Select profile by name
267 --profile-id ID
269 Select profile by id
270 --quiet
272 Suppress status messages on standard output.
273 --share-path PATH
275 Write runtime data (locks, messages, log and mountpoints) to
276 PATH.
277 -v, --version
279 Show version
280
283 backup | -b | --backup
284 Take a snapshot now.
285 backup-job | --backup-job
287 Take a snapshot (if needed) depending on schedule rules (used
288 for cron jobs). Back In Time will run in background for this.
289 benchmark-cipher | --benchmark-cipher [FILE-SIZE]
291 Show a benchmark of all ciphers for ssh transfer.
292 check-config
294 Verify the profile in config, create snapshot path and crontab
295 entries.
296 decode | --decode [PATH]
298 Decode encrypted PATH. If no PATH is given Back In Time will
299 read paths from standard input.
300 last-snapshot | --last-snapshot
302 Display last snapshot ID (if any)
303 last-snapshot-path | --last-snapshot-path
305 Display the path to the last snapshot (if any)
306 pw-cache | --pw-cache [start|stop|restart|reload|status]
308 Control the Password Cache Daemon. If no argument is given the
309 Password Cache will start in foreground.
310 remove[-and-do-not-ask-again] | --remove[-and-do-not-ask-again] [SNAP‐
312 SHOT_ID]
313 Remove the snapshot. If SNAPSHOT_ID is missing it will be
314 prompted. SNAPSHOT_ID can be an index (starting with 0 for the
315 last snapshot) or the exact SnapshotID (19 caracters like
316 '20130606-230501-984'). remove-and-do-not-ask-again will remove
317 the snapshot immediately. Be careful with this!
318 restore | --restore [WHAT [WHERE [SNAPSHOT_ID]]]
320 Restore file WHAT to path WHERE from snapshot SNAPSHOT_ID. If
321 arguments are missing they will be prompted. To restore to the
322 original path WHERE can be an empty string '' or just press En‐
323 ter at the prompt. SNAPSHOT_ID can be an index (starting with 0
324 for the last snapshot) or the exact SnapshotID (19 caracters
325 like '20130606-230501-984')
326 shutdown
328 Shutdown the computer after the snapshot is done.
329 smart-remove
331 Remove snapshots based on the configured Smart-Remove pattern.
332 snapshots-list | --snapshots-list
334 Display the list of snapshot IDs (if any)
335 snapshots-list-path | --snapshots-list-path
337 Display the paths to snapshots (if any)
338 snapshots-path | --snapshots-path
340 Display path where is saves the snapshots (if configured)
341 unmount | --unmount
343 Unmount the profile.
344
347 There was a paid security audit for EncFS in Feb 2014 which revealed
348 several potential vulnerabilities.
349 From https://defuse.ca/audits/encfs.htm
351 EncFS is probably safe as long as the adversary only gets one
352 copy of the ciphertext and nothing more. EncFS is not safe if
353 the adversary has the opportunity to see two or more snapshots
354 of the ciphertext at different times. EncFS attempts to protect
355 files from malicious modification, but there are serious prob‐
356 lems with this feature.
357 This might be a problem with Back In Time snapshots.
359
361 backintime-qt, backintime-config.
362 Back In Time also has a website: https://github.com/bit-team/backintime
364
366 This manual page was written by BIT Team(<bit-team@lists.launch‐
367 pad.net>).
368version 1.3.3 Oct 2022 backintime(1)