1BORG(1)                  Borg - Deduplicating Archiver                 BORG(1)
2
3
4

NAME

6       borg  - BorgBackup is a deduplicating backup program with optional com‐
7       pression and authenticated encryption.
8

GENERAL

10       Borg consists of a number of commands. Each command accepts a number of
11       arguments  and  options  and  interprets various environment variables.
12       The following sections will describe each command in detail.
13
14       Commands, options, parameters, paths and such are set  in  fixed-width.
15       Option  values  are  underlined. Borg has few options accepting a fixed
16       set of values (e.g. --encryption of borg init).  Experimental  features
17       are marked with red stripes on the sides, like this paragraph.
18
19       Experimental  features  are  not  stable,  which means that they may be
20       changed in incompatible ways or even removed entirely without prior no‐
21       tice in following releases.
22
23   Positional Arguments and Options: Order matters
24       Borg only supports taking options (-s and --progress in the example) to
25       the left or right of all positional arguments (repo::archive  and  path
26       in the example), but not in between them:
27
28          borg create -s --progress repo::archive path  # good and preferred
29          borg create repo::archive path -s --progress  # also works
30          borg create -s repo::archive path --progress  # works, but ugly
31          borg create repo::archive -s --progress path  # BAD
32
33       This    is    due    to    a    problem   in   the   argparse   module:
34       https://bugs.python.org/issue15112
35
36   Repository URLs
37       Local filesystem (or locally mounted network filesystem):
38
39       /path/to/repo - filesystem path to repo directory, absolute path
40
41       path/to/repo - filesystem path to repo directory, relative path
42
43       Also, stuff like ~/path/to/repo or ~other/path/to/repo works  (this  is
44       expanded by your shell).
45
46       Note:  you  may  also prepend a file:// to a filesystem path to get URL
47       style.
48
49       Remote repositories accessed via ssh user@host:
50
51       user@host:/path/to/repo - remote repo, absolute path
52
53       ssh://user@host:port/path/to/repo - same, alternative syntax, port  can
54       be given
55
56       Remote repositories with relative paths can be given using this syntax:
57
58       user@host:path/to/repo - path relative to current directory
59
60       user@host:~/path/to/repo - path relative to user's home directory
61
62       user@host:~other/path/to/repo - path relative to other's home directory
63
64       Note:  giving user@host:/./path/to/repo or user@host:/~/path/to/repo or
65       user@host:/~other/path/to/repo is  also  supported,  but  not  required
66       here.
67
68       Remote repositories with relative paths, alternative syntax with port:
69
70       ssh://user@host:port/./path/to/repo  -  path relative to current direc‐
71       tory
72
73       ssh://user@host:port/~/path/to/repo - path relative to user's home  di‐
74       rectory
75
76       ssh://user@host:port/~other/path/to/repo  -  path  relative  to other's
77       home directory
78
79       If you frequently need the same repo URL, it is a good idea to set  the
80       BORG_REPO environment variable to set a default for the repo URL:
81
82          export BORG_REPO='ssh://user@host:port/path/to/repo'
83
84       Then  just leave away the repo URL if only a repo URL is needed and you
85       want to use the default - it will be read from BORG_REPO then.
86
87       Use :: syntax to give the repo URL when syntax requires giving a  posi‐
88       tional argument for the repo (e.g. borg mount :: /mnt).
89
90   Repository / Archive Locations
91       Many  commands  want  either  a repository (just give the repo URL, see
92       above) or an archive location, which is a repo URL  followed  by  ::ar‐
93       chive_name.
94
95       Archive names must not contain the / (slash) character. For simplicity,
96       maybe also avoid blanks or other characters that have  special  meaning
97       on  the  shell or in a filesystem (borg mount will use the archive name
98       as directory name).
99
100       If you have set BORG_REPO  (see  above)  and  an  archive  location  is
101       needed,  use  ::archive_name  -  the  repo  URL  part is then read from
102       BORG_REPO.
103
104   Logging
105       Borg writes all log output to stderr by default. But please  note  that
106       something  showing  up  on  stderr does not indicate an error condition
107       just because it is on stderr. Please check the log levels of  the  mes‐
108       sages  and  the  return  code of borg for determining error, warning or
109       success conditions.
110
111       If you want to capture the log output to a file, just redirect it:
112
113          borg create repo::archive myfiles 2>> logfile
114
115       Custom logging configurations can be implemented via BORG_LOGGING_CONF.
116
117       The log level of the builtin logging configuration defaults to WARNING.
118       This  is because we want Borg to be mostly silent and only output warn‐
119       ings, errors and critical messages, unless output has been requested by
120       supplying an option that implies output (e.g. --list or --progress).
121
122       Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
123
124       Use --debug to set DEBUG log level - to get debug, info, warning, error
125       and critical level output.
126
127       Use --info (or -v or --verbose) to set INFO log level -  to  get  info,
128       warning, error and critical level output.
129
130       Use  --warning (default) to set WARNING log level - to get warning, er‐
131       ror and critical level output.
132
133       Use --error to set ERROR log level - to get error  and  critical  level
134       output.
135
136       Use  --critical  to set CRITICAL log level - to get critical level out‐
137       put.
138
139       While you can set misc. log levels, do not expect  that  every  command
140       will give different output on different log levels - it's just a possi‐
141       bility.
142
143       WARNING:
144          Options --critical and --error are provided for completeness,  their
145          usage is not recommended as you might miss important information.
146
147   Return codes
148       Borg can exit with the following return codes (rc):
149
150                     ┌────────────┬────────────────────────────┐
151                     │Return code │ Meaning                    │
152                     ├────────────┼────────────────────────────┤
153                     │0           │ success (logged as INFO)   │
154                     ├────────────┼────────────────────────────┤
155                     │1           │ warning (operation reached │
156                     │            │ its normal end, but  there │
157                     │            │ were   warnings   --   you │
158                     │            │ should  check   the   log, │
159                     │            │ logged as WARNING)         │
160                     ├────────────┼────────────────────────────┤
161                     │2           │ error (like a fatal error, │
162                     │            │ a local or  remote  excep‐ │
163                     │            │ tion,  the  operation  did │
164                     │            │ not reach its normal  end, │
165                     │            │ logged as ERROR)           │
166                     ├────────────┼────────────────────────────┤
167                     │128+N       │ killed  by  signal N (e.g. │
168                     │            │ 137 == kill -9)            │
169                     └────────────┴────────────────────────────┘
170
171       If you use --show-rc, the return code is also logged at  the  indicated
172       level as the last log entry.
173
174   Environment Variables
175       Borg uses some environment variables for automation:
176
177       General:
178
179              BORG_REPO
180                     When  set,  use  the value to give the default repository
181                     location. If a command needs an  archive  parameter,  you
182                     can abbreviate as ::archive. If a command needs a reposi‐
183                     tory parameter, you can either leave it away or  abbrevi‐
184                     ate as ::, if a positional parameter is required.
185
186              BORG_PASSPHRASE
187                     When set, use the value to answer the passphrase question
188                     for encrypted repositories.  It is used when a passphrase
189                     is  needed  to access an encrypted repo as well as when a
190                     new passphrase should be initially set when  initializing
191                     an encrypted repo.  See also BORG_NEW_PASSPHRASE.
192
193              BORG_PASSCOMMAND
194                     When  set, use the standard output of the command (trail‐
195                     ing newlines are stripped) to answer the passphrase ques‐
196                     tion  for  encrypted  repositories.   It  is  used when a
197                     passphrase is needed to access an encrypted repo as  well
198                     as  when  a  new  passphrase should be initially set when
199                     initializing an encrypted repo. Note that the command  is
200                     executed  without  a shell. So variables, like $HOME will
201                     work, but ~ won't.  If BORG_PASSPHRASE is  also  set,  it
202                     takes precedence.  See also BORG_NEW_PASSPHRASE.
203
204              BORG_PASSPHRASE_FD
205                     When   set,   specifies  a  file  descriptor  to  read  a
206                     passphrase from. Programs starting  borg  may  choose  to
207                     open  an  anonymous pipe and use it to pass a passphrase.
208                     This is safer than passing via  BORG_PASSPHRASE,  because
209                     on  some systems (e.g. Linux) environment can be examined
210                     by other processes.  If BORG_PASSPHRASE or  BORG_PASSCOM‐
211                     MAND are also set, they take precedence.
212
213              BORG_NEW_PASSPHRASE
214                     When set, use the value to answer the passphrase question
215                     when a new passphrase is asked  for.   This  variable  is
216                     checked  first.  If  it  is  not set, BORG_PASSPHRASE and
217                     BORG_PASSCOMMAND will also be checked.  Main usecase  for
218                     this is to fully automate borg change-passphrase.
219
220              BORG_DISPLAY_PASSPHRASE
221                     When  set,  use  the  value  to  answer  the "display the
222                     passphrase for verification" question when defining a new
223                     passphrase for encrypted repositories.
224
225              BORG_HOST_ID
226                     Borg  usually  computes  a host id from the FQDN plus the
227                     results of uuid.getnode() (which usually returns a unique
228                     id based on the MAC address of the network interface. Ex‐
229                     cept if that MAC happens to be all-zero - in that case it
230                     returns  a  random  value, which is not what we want (be‐
231                     cause it kills automatic stale lock removal).  So, if you
232                     have  a  all-zero  MAC address or other reasons to better
233                     externally control the host id, just set this environment
234                     variable to a unique value. If all your FQDNs are unique,
235                     you can just use the FQDN. If not, use fqdn@uniqueid.
236
237              BORG_LOGGING_CONF
238                     When set, use the given  filename  as  INI-style  logging
239                     configuration.   A  basic  example  conf  can be found at
240                     docs/misc/logging.conf.
241
242              BORG_RSH
243                     When set, use this command instead of ssh.  This  can  be
244                     used  to  specify  ssh options, such as a custom identity
245                     file ssh -i /path/to/private/key. See man ssh  for  other
246                     options. Using the --rsh CMD commandline option overrides
247                     the environment variable.
248
249              BORG_REMOTE_PATH
250                     When set, use the given path as borg  executable  on  the
251                     remote  (defaults  to  "borg"  if  unset).   Using  --re‐
252                     mote-path PATH commandline option overrides the  environ‐
253                     ment variable.
254
255              BORG_FILES_CACHE_SUFFIX
256                     When  set  to  a  value  at least one character long, in‐
257                     structs borg to use a specifically named  (based  on  the
258                     suffix)  alternative  files  cache.  This  can be used to
259                     avoid loading and saving cache entries for backup sources
260                     other than the current sources.
261
262              BORG_FILES_CACHE_TTL
263                     When  set to a numeric value, this determines the maximum
264                     "time to live" for the files cache entries (default: 20).
265                     The  files  cache  is used to quickly determine whether a
266                     file is unchanged.  The FAQ explains this  more  detailed
267                     in: It always chunks all my files, even unchanged ones!
268
269              BORG_SHOW_SYSINFO
270                     When  set  to no (default: yes), system information (like
271                     OS, Python version, ...)  in  exceptions  is  not  shown.
272                     Please  only  use  for  good  reasons  as it makes issues
273                     harder to analyze.
274
275              BORG_FUSE_IMPL
276                     Choose the lowlevel FUSE implementation  borg  shall  use
277                     for borg mount.  This is a comma-separated list of imple‐
278                     mentation names, they are tried in the given order, e.g.:
279
280pyfuse3,llfuse: default, first  try  to  load  pyfuse3,
281                       then try to load llfuse.
282
283llfuse,pyfuse3:  first  try to load llfuse, then try to
284                       load pyfuse3.
285
286pyfuse3: only try to load pyfuse3
287
288llfuse: only try to load llfuse
289
290none: do not try to load an implementation
291
292              BORG_SELFTEST
293                     This can be used to influence borg's builtin  self-tests.
294                     The  default  is to execute the tests at the beginning of
295                     each borg command invocation.
296
297                     BORG_SELFTEST=disabled can be  used  to  switch  off  the
298                     tests and rather save some time.  Disabling is not recom‐
299                     mended for normal borg users, but large scale borg  stor‐
300                     age providers can use this to optimize production servers
301                     after at least doing a one-time test borg (with selftests
302                     not  disabled) when installing or upgrading machines / OS
303                     / borg.
304
305              BORG_WORKAROUNDS
306                     A list of comma  separated  strings  that  trigger  work‐
307                     arounds  in borg, e.g. to work around bugs in other soft‐
308                     ware.
309
310                     Currently known strings are:
311
312                     basesyncfile
313                            Use the more simple BaseSyncFile code to avoid is‐
314                            sues with sync_file_range.  You might need this to
315                            run borg on WSL (Windows Subsystem for  Linux)  or
316                            in systemd.nspawn containers on some architectures
317                            (e.g. ARM).   Using  this  does  not  affect  data
318                            safety, but might result in a more bursty write to
319                            disk  behaviour  (not  continuously  streaming  to
320                            disk).
321
322                     retry_erofs
323                            Retry  opening a file without O_NOATIME if opening
324                            a file with O_NOATIME caused EROFS. You will  need
325                            this to make archives from volume shadow copies in
326                            WSL1 (Windows Subsystem for Linux 1).
327
328                     authenticated_no_key
329                            Work around a lost passphrase or key  for  an  au‐
330                            thenticated  mode  repository  (these are only au‐
331                            thenticated, but not encrypted).  If  the  key  is
332                            missing  in  the repository config, add key = any‐
333                            thing there.
334
335                            This workaround is only for emergencies  and  only
336                            to   extract  data  from  an  affected  repository
337                            (read-only access):
338
339                               BORG_WORKAROUNDS=authenticated_no_key borg extract repo::archive
340
341                            After you have extracted all data  you  need,  you
342                            MUST delete the repository:
343
344                               BORG_WORKAROUNDS=authenticated_no_key borg delete repo
345
346                            Now  you  can  init a fresh repo. Make sure you do
347                            not use the workaround any more.
348
349                     ignore_invalid_archive_tam
350                            Work around invalid archive TAMs created by borg <
351                            1.2.5, see #7791.
352
353                            This workaround likely needs to get used only once
354                            when  following  the  upgrade   instructions   for
355                            CVE-2023-36811,  see  Pre-1.2.5  archives spoofing
356                            vulnerability (CVE-2023-36811).
357
358                            In normal production operations,  this  workaround
359                            should never be used.
360
361       Some automatic "answerers" (if set, they automatically answer confirma‐
362       tion questions):
363
364              BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
365                     For "Warning: Attempting to access a  previously  unknown
366                     unencrypted repository"
367
368              BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
369                     For  "Warning:  The repository at location ... was previ‐
370                     ously located at ..."
371
372              BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
373                     For "This is a potentially dangerous function..."  (check
374                     --repair)
375
376              BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
377                     For  "You  requested  to completely DELETE the repository
378                     including all archives it contains:"
379
380              Note: answers are case  sensitive.  setting  an  invalid  answer
381              value  might  either give the default answer or ask you interac‐
382              tively, depending on whether retries are allowed  (they  by  de‐
383              fault  are  allowed).  So please test your scripts interactively
384              before making them a non-interactive script.
385
386       Directories and files:
387
388              BORG_BASE_DIR
389                     Defaults to $HOME or ~$USER or ~ (in that order).  If you
390                     want  to  move all borg-specific folders to a custom path
391                     at once, all you need to do is to  modify  BORG_BASE_DIR:
392                     the other paths for cache, config etc. will adapt accord‐
393                     ingly (assuming you didn't set them to a different custom
394                     value).
395
396              BORG_CACHE_DIR
397                     Defaults  to $BORG_BASE_DIR/.cache/borg. If BORG_BASE_DIR
398                     is not explicitly set while XDG env var XDG_CACHE_HOME is
399                     set,  then  $XDG_CACHE_HOME/borg  is  being used instead.
400                     This directory contains the local cache and might need  a
401                     lot of space for dealing with big repositories. Make sure
402                     you're aware of the associated security  aspects  of  the
403                     cache  location:  Do  I need to take security precautions
404                     regarding the cache?
405
406              BORG_CONFIG_DIR
407                     Defaults to $BORG_BASE_DIR/.config/borg. If BORG_BASE_DIR
408                     is  not  explicitly set while XDG env var XDG_CONFIG_HOME
409                     is set, then $XDG_CONFIG_HOME/borg is being used instead.
410                     This  directory  contains all borg configuration directo‐
411                     ries, see the FAQ for a security advisory about the  data
412                     in  this  directory:  How  important  is  the $HOME/.con‐
413                     fig/borg directory?
414
415              BORG_SECURITY_DIR
416                     Defaults to  $BORG_CONFIG_DIR/security.   This  directory
417                     contains  information  borg  uses  to  track its usage of
418                     NONCES ("numbers used once" - usually in encryption  con‐
419                     text) and other security relevant data.
420
421              BORG_KEYS_DIR
422                     Defaults  to  $BORG_CONFIG_DIR/keys.  This directory con‐
423                     tains keys for encrypted repositories.
424
425              BORG_KEY_FILE
426                     When set, use the given  path  as  repository  key  file.
427                     Please note that this is only for rather special applica‐
428                     tions that externally fully manage the key files:
429
430                     • this setting only applies to the keyfile modes (not  to
431                       the repokey modes).
432
433                     • using  a  full, absolute path to the key file is recom‐
434                       mended.
435
436                     • all directories in the given path must exist.
437
438                     • this setting forces borg to use the  key  file  at  the
439                       given location.
440
441                     • the  key  file must either exist (for most commands) or
442                       will be created (borg init).
443
444                     • you need to give a different path for different reposi‐
445                       tories.
446
447                     • you  need to point to the correct key file matching the
448                       repository the command will operate on.
449
450              TMPDIR This is where temporary files are stored  (might  need  a
451                     lot of temporary space for some operations), see tempfile
452                     for details.
453
454       Building:
455
456              BORG_OPENSSL_PREFIX
457                     Adds given OpenSSL header file directory to  the  default
458                     locations (setup.py).
459
460              BORG_LIBLZ4_PREFIX
461                     Adds  given prefix directory to the default locations. If
462                     a 'include/lz4.h' is found Borg will  be  linked  against
463                     the  system  liblz4  instead of a bundled implementation.
464                     (setup.py)
465
466              BORG_LIBZSTD_PREFIX
467                     Adds given prefix directory to the default locations.  If
468                     a  'include/zstd.h'  is found Borg will be linked against
469                     the system libzstd instead of a  bundled  implementation.
470                     (setup.py)
471
472       Please note:
473
474       • Be very careful when using the "yes" sayers, the warnings with prompt
475         exist for your / your data's security/safety.
476
477       • Also be very careful when putting your passphrase into a script, make
478         sure it has appropriate file permissions (e.g.  mode 600, root:root).
479
480   File systems
481       We  strongly  recommend  against using Borg (or any other database-like
482       software) on non-journaling file systems like FAT, since it is not pos‐
483       sible  to assume any consistency in case of power failures (or a sudden
484       disconnect of an external drive or similar failures).
485
486       While Borg uses a data store that is resilient against  these  failures
487       when  used  on journaling file systems, it is not possible to guarantee
488       this with some hardware -- independent of the software used.  We  don't
489       know a list of affected hardware.
490
491       If  you are suspicious whether your Borg repository is still consistent
492       and readable after one of the failures mentioned  above  occurred,  run
493       borg check --verify-data to make sure it is consistent.
494
495       Requirements for Borg repository file systems
496
497       • Long file names
498
499       • At least three directory levels with short names
500
501       • Typically, file sizes up to a few hundred MB.  Large repositories may
502         require large files (>2 GB).
503
504       • Up to 1000 files per directory.
505
506rename(2) / MoveFile(Ex) should work as specified, i.e. on  the  same
507         file  system  it should be a move (not a copy) operation, and in case
508         of a directory it should fail if the destination exists and is not an
509         empty directory, since this is used for locking.
510
511       • Hardlinks  are  needed  for  borg upgrade (if --inplace option is not
512         used).  Also hardlinks are used for more safe and secure file  updat‐
513         ing  (e.g.  of the repo config file), but the code tries to work also
514         if hardlinks are not supported.
515
516   Units
517       To display quantities, Borg takes care of respecting the usual  conven‐
518       tions  of  scale.  Disk sizes are displayed in decimal, using powers of
519       ten (so kB means 1000 bytes). For memory  usage,  binary  prefixes  are
520       used,  and are indicated using the IEC binary prefixes, using powers of
521       two (so KiB means 1024 bytes).
522
523   Date and Time
524       We format date and time conforming to ISO-8601, that is: YYYY-MM-DD and
525       HH:MM:SS (24h clock).
526
527       For more information about that, see: https://xkcd.com/1179/
528
529       Unless otherwise noted, we display local date and time.  Internally, we
530       store and process date and time as UTC.
531
532   Resource Usage
533       Borg might use a lot of resources depending on the size of the data set
534       it is dealing with.
535
536       If  one  uses Borg in a client/server way (with a ssh: repository), the
537       resource usage occurs in part on the client and in another part on  the
538       server.
539
540       If  one uses Borg as a single process (with a filesystem repo), all the
541       resource usage occurs in that one process, so  just  add  up  client  +
542       server to get the approximate resource usage.
543
544       CPU client:
545
546borg create: does chunking, hashing, compression, crypto (high
547                CPU usage)
548
549chunks cache sync: quite heavy on CPU, doing lots of hashtable
550                operations.
551
552borg extract: crypto, decompression (medium to high CPU usage)
553
554borg check: similar to extract, but depends on options given.
555
556borg prune / borg delete archive: low to medium CPU usage
557
558borg delete repo: done on the server
559
560              It  won't go beyond 100% of 1 core as the code is currently sin‐
561              gle-threaded.  Especially higher zlib and lzma compression  lev‐
562              els use significant amounts of CPU cycles. Crypto might be cheap
563              on the CPU (if hardware accelerated) or expensive (if not).
564
565       CPU server:
566              It usually doesn't  need  much  CPU,  it  just  deals  with  the
567              key/value  store  (repository) and uses the repository index for
568              that.
569
570              borg check: the repository check computes the checksums  of  all
571              chunks (medium CPU usage) borg delete repo: low CPU usage
572
573       CPU (only for client/server operation):
574              When  using  borg  in a client/server way with a ssh:-type repo,
575              the ssh processes used for the transport layer  will  need  some
576              CPU  on  the client and on the server due to the crypto they are
577              doing - esp. if you are pumping big amounts of data.
578
579       Memory (RAM) client:
580              The chunks index and the files index are read  into  memory  for
581              performance  reasons.  Might need big amounts of memory (see be‐
582              low).  Compression, esp. lzma compression with high levels might
583              need substantial amounts of memory.
584
585       Memory (RAM) server:
586              The  server  process will load the repository index into memory.
587              Might need considerable amounts of memory, but less than on  the
588              client (see below).
589
590       Chunks index (client only):
591              Proportional  to the amount of data chunks in your repo. Lots of
592              chunks in your repo imply a big chunks index.  It is possible to
593              tweak the chunker params (see create options).
594
595       Files index (client only):
596              Proportional to the amount of files in your last backups. Can be
597              switched off (see create options), but next backup might be much
598              slower if you do.  The speed benefit of using the files cache is
599              proportional to file size.
600
601       Repository index (server only):
602              Proportional to the amount of data chunks in your repo. Lots  of
603              chunks  in your repo imply a big repository index.  It is possi‐
604              ble to tweak the chunker params (see create options)  to  influ‐
605              ence the amount of chunks being created.
606
607       Temporary files (client):
608              Reading  data  and  metadata from a FUSE mounted repository will
609              consume up to the size of all deduplicated, small chunks in  the
610              repository. Big chunks won't be locally cached.
611
612       Temporary files (server):
613              A  non-trivial  amount of data will be stored on the remote temp
614              directory for each client that connects to it. For some remotes,
615              this  can fill the default temporary directory at /tmp. This can
616              be remediated by ensuring the $TMPDIR, $TEMP, or  $TMP  environ‐
617              ment  variable  is  properly set for the sshd process.  For some
618              OSes, this can be done just by setting the correct value in  the
619              .bashrc (or equivalent login config file for other shells), how‐
620              ever in other cases it may be necessary to first  enable  Permi‐
621              tUserEnvironment yes in your sshd_config file, then add environ‐
622              ment="TMPDIR=/my/big/tmpdir" at the start of the public  key  to
623              be used in the authorized_hosts file.
624
625       Cache files (client only):
626              Contains  the chunks index and files index (plus a collection of
627              single- archive chunk indexes which might need huge  amounts  of
628              disk  space, depending on archive count and size - see FAQ about
629              how to reduce).
630
631       Network (only for client/server operation):
632              If your repository is remote, all deduplicated  (and  optionally
633              compressed/ encrypted) data of course has to go over the connec‐
634              tion (ssh:// repo url).  If you use a  locally  mounted  network
635              filesystem,  additionally some copy operations used for transac‐
636              tion support also go over the connection. If you backup multiple
637              sources to one target repository, additional traffic happens for
638              cache resynchronization.
639
640   Support for file metadata
641       Besides regular file and directory structures, Borg can preserve
642
643       • symlinks (stored as symlink, the symlink is not followed)
644
645       • special files:
646
647         • character and block device files (restored via mknod)
648
649         • FIFOs ("named pipes")
650
651         • special file contents can be backed up in --read-special mode.   By
652           default  the  metadata to create them with mknod(2), mkfifo(2) etc.
653           is stored.
654
655       • hardlinked regular files, devices, FIFOs (considering  all  items  in
656         the same archive)
657
658       • timestamps in nanosecond precision: mtime, atime, ctime
659
660       • other timestamps: birthtime (on platforms supporting it)
661
662       • permissions:
663
664         • IDs of owning user and owning group
665
666         • names of owning user and owning group (if the IDs can be resolved)
667
668         • Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
669
670       On some platforms additional features are supported:
671
672                ┌─────────────────┬──────────┬───────────┬───────────┐
673                │Platform         │ ACLs [5] │ xattr [6] │ Flags [7] │
674                ├─────────────────┼──────────┼───────────┼───────────┤
675                │Linux            │ Yes      │ Yes       │ Yes [1]   │
676                ├─────────────────┼──────────┼───────────┼───────────┤
677                │macOS            │ Yes      │ Yes       │ Yes (all) │
678                └─────────────────┴──────────┴───────────┴───────────┘
679
680
681                │FreeBSD          │ Yes      │ Yes       │ Yes (all) │
682                ├─────────────────┼──────────┼───────────┼───────────┤
683                │OpenBSD          │ n/a      │ n/a       │ Yes (all) │
684                ├─────────────────┼──────────┼───────────┼───────────┤
685                │NetBSD           │ n/a      │ No [2]    │ Yes (all) │
686                ├─────────────────┼──────────┼───────────┼───────────┤
687                │Solaris  and de‐ │ No [3]   │ No [3]    │ n/a       │
688                │rivatives        │          │           │           │
689                ├─────────────────┼──────────┼───────────┼───────────┤
690                │Windows (cygwin) │ No [4]   │ No        │ No        │
691                └─────────────────┴──────────┴───────────┴───────────┘
692
693       Other Unix-like operating systems may work as well, but have  not  been
694       tested at all.
695
696       Note  that  most  of the platform-dependent features also depend on the
697       file system.  For example, ntfs-3g on Linux isn't able to  convey  NTFS
698       ACLs.
699
700       [1]  Only  "nodump",  "immutable",  "compressed"  and "append" are sup‐
701            ported.  Feature request #618 for more flags.
702
703       [2]  Feature request #1332
704
705       [3]  Feature request #1337
706
707       [4]  Cygwin tries to map NTFS ACLs to permissions with varying  degrees
708            of success.
709
710       [5]  The  native access control list mechanism of the OS. This normally
711            limits access to non-native ACLs. For example,  NTFS  ACLs  aren't
712            completely accessible on Linux with ntfs-3g.
713
714       [6]  extended  attributes;  key-value  pairs attached to a file, mainly
715            used by the OS.  This includes resource forks on Mac OS X.
716
717       [7]  aka BSD flags. The Linux set of flags [1] is portable across plat‐
718            forms.  The BSDs define additional flags.
719
720            In case you are interested in more details (like formulas), please
721            see Internals. For details on the available JSON output, refer  to
722            All about JSON: How to develop frontends.
723
724   Common options
725       All Borg commands share these options:
726
727       -h, --help
728              show this help message and exit
729
730       --critical
731              work on log level CRITICAL
732
733       --error
734              work on log level ERROR
735
736       --warning
737              work on log level WARNING (default)
738
739       --info, -v, --verbose
740              work on log level INFO
741
742       --debug
743              enable debug output, work on log level DEBUG
744
745       --debug-topic TOPIC
746              enable  TOPIC  debugging  (can be specified multiple times). The
747              logger path is borg.debug.<TOPIC> if TOPIC is not  fully  quali‐
748              fied.
749
750       -p, --progress
751              show progress information
752
753       --iec  format using IEC units (1KiB = 1024B)
754
755       --log-json
756              Output one JSON object per log line instead of formatted text.
757
758       --lock-wait SECONDS
759              wait  at most SECONDS for acquiring a repository/cache lock (de‐
760              fault: 1).
761
762       --bypass-lock
763              Bypass locking mechanism
764
765       --show-version
766              show/log the borg version
767
768       --show-rc
769              show/log the return code (rc)
770
771       --umask M
772              set umask to M (local only, default: 0077)
773
774       --remote-path PATH
775              use PATH as borg executable on the remote (default: "borg")
776
777       --remote-ratelimit RATE
778              deprecated, use --upload-ratelimit instead
779
780       --upload-ratelimit RATE
781              set network upload rate limit in kiByte/s (default: 0=unlimited)
782
783       --remote-buffer UPLOAD_BUFFER
784              deprecated, use --upload-buffer instead
785
786       --upload-buffer UPLOAD_BUFFER
787              set network upload buffer size in MiB. (default: 0=no buffer)
788
789       --consider-part-files
790              treat part files like normal files (e.g. to list/extract them)
791
792       --debug-profile FILE
793              Write execution profile in Borg format into FILE. For local  use
794              a Python-compatible file can be generated by suffixing FILE with
795              ".pyprof".
796
797       --rsh RSH
798              Use this command to connect to the  'borg  serve'  process  (de‐
799              fault: 'ssh')
800
801       Option  --bypass-lock allows you to access the repository while bypass‐
802       ing borg's locking mechanism. This is necessary if your  repository  is
803       on  a read-only storage where you don't have write permissions or capa‐
804       bilities and therefore cannot create a lock. Examples are  repositories
805       stored  on a Bluray disc or a read-only network storage. Avoid this op‐
806       tion if you are able to use locks as that is the  safer  way;  see  the
807       warning below.
808
809       WARNING:
810          If  you  do use --bypass-lock, you are responsible to ensure that no
811          other borg instances have write access to the repository. Otherwise,
812          you  might experience errors and read broken data if changes to that
813          repository are being made at the same time.
814
815   Examples
816          # Create an archive and log: borg version, files list, return code
817          $ borg create --show-version --list --show-rc /path/to/repo::my-files files
818

BORG INIT

820          borg [common options] init [options] [REPOSITORY]
821
822   Description
823       This command  initializes  an  empty  repository.  A  repository  is  a
824       filesystem directory containing the deduplicated data from zero or more
825       archives.
826
827   Encryption mode TLDR
828       The encryption mode can only be configured when creating a new  reposi‐
829       tory  -  you can neither configure it on a per-archive basis nor change
830       the encryption mode of an existing repository.
831
832       Use repokey:
833
834          borg init --encryption repokey /path/to/repo
835
836       Or repokey-blake2 depending on which is faster on your client  machines
837       (see below):
838
839          borg init --encryption repokey-blake2 /path/to/repo
840
841       Borg will:
842
843       1. Ask you to come up with a passphrase.
844
845       2. Create a borg key (which contains 3 random secrets. See Key files).
846
847       3. Encrypt the key with your passphrase.
848
849       4. Store the encrypted borg key inside the repository directory (in the
850          repo config).   This  is  why  it  is  essential  to  use  a  secure
851          passphrase.
852
853       5. Encrypt  and  sign  your  backups  to prevent anyone from reading or
854          forging them unless they have the key and know the passphrase.  Make
855          sure  to  keep  a backup of your key outside the repository - do not
856          lock yourself out by "leaving your keys inside your car"  (see  borg
857          key  export).   For  remote backups the encryption is done locally -
858          the remote machine never sees your passphrase, your unencrypted  key
859          or  your  unencrypted  files.   Chunking  and id generation are also
860          based on your key to improve your privacy.
861
862       6. Use the key when extracting files to decrypt them and to verify that
863          the  contents  of  the  backups  have not been accidentally or mali‐
864          ciously altered.
865
866   Picking a passphrase
867       Make sure you use a good passphrase. Not too short, not too simple. The
868       real  encryption  /  decryption  key is encrypted with / locked by your
869       passphrase.  If an attacker gets your key, he can't unlock and  use  it
870       without knowing the passphrase.
871
872       Be careful with special or non-ascii characters in your passphrase:
873
874       • Borg  processes  the passphrase as unicode (and encodes it as utf-8),
875         so it does not have problems dealing with even the strangest  charac‐
876         ters.
877
878       • BUT:  that does not necessarily apply to your OS / VM / keyboard con‐
879         figuration.
880
881       So better use a long passphrase made from simple ascii chars  than  one
882       that includes non-ascii stuff or characters that are hard/impossible to
883       enter on a different keyboard layout.
884
885       You can change your passphrase for existing repos at any time, it won't
886       affect the encryption/decryption key or other secrets.
887
888   More encryption modes
889       Only  use --encryption none if you are OK with anyone who has access to
890       your repository being able to read your backups and tamper  with  their
891       contents without you noticing.
892
893       If  you want "passphrase and having-the-key" security, use --encryption
894       keyfile.  The key will be stored in your  home  directory  (in  ~/.con‐
895       fig/borg/keys).
896
897       If  you  do not want to encrypt the contents of your backups, but still
898       want to detect malicious tampering use --encryption authenticated.   To
899       normally  work  with authenticated repos, you will need the passphrase,
900       but there is an emergency  workaround,  see  BORG_WORKAROUNDS=authenti‐
901       cated_no_key docs.
902
903       If  BLAKE2b  is  faster than SHA-256 on your hardware, use --encryption
904       authenticated-blake2, --encryption repokey-blake2 or --encryption  key‐
905       file-blake2. Note: for remote backups the hashing is done on your local
906       machine.
907
908         ┌─────────┬──────────────────┬──────────────────┬──────────────────┐
909         │Hash/MAC │ Not encrypted no │ Not   encrypted, │ Encrypted  (AEAD │
910         │         │ auth             │ but    authenti‐ │ w/ AES) and  au‐ │
911         │         │                  │ cated            │ thenticated      │
912         ├─────────┼──────────────────┼──────────────────┼──────────────────┤
913         │SHA-256  │ none             │ authenticated    │ repokey keyfile  │
914         ├─────────┼──────────────────┼──────────────────┼──────────────────┤
915         │BLAKE2b  │ n/a              │ authenti‐repokey-blake2
916         │         │                  │ cated-blake2keyfile-blake2
917         └─────────┴──────────────────┴──────────────────┴──────────────────┘
918
919       Modes  marked  like this in the above table are new in Borg 1.1 and are
920       not backwards-compatible with Borg 1.0.x.
921
922       On modern Intel/AMD CPUs (except very cheap ones), AES is usually hard‐
923       ware-accelerated.   BLAKE2b  is  faster than SHA256 on Intel/AMD 64-bit
924       CPUs (except AMD Ryzen and future  CPUs  with  SHA  extensions),  which
925       makes authenticated-blake2 faster than none and authenticated.
926
927       On modern ARM CPUs, NEON provides hardware acceleration for SHA256 mak‐
928       ing it faster than BLAKE2b-256 there. NEON accelerates AES as well.
929
930       Hardware acceleration is always used automatically when available.
931
932       repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256  for
933       authentication  in an encrypt-then-MAC (EtM) construction. The chunk ID
934       hash is HMAC-SHA256 as well (with a separate  key).   These  modes  are
935       compatible with Borg 1.0.x.
936
937       repokey-blake2  and  keyfile-blake2  are  also authenticated encryption
938       modes, but use BLAKE2b-256 instead of HMAC-SHA256  for  authentication.
939       The chunk ID hash is a keyed BLAKE2b-256 hash.  These modes are new and
940       not compatible with Borg 1.0.x.
941
942       authenticated mode uses no  encryption,  but  authenticates  repository
943       contents  through  the same HMAC-SHA256 hash as the repokey and keyfile
944       modes (it uses it as the chunk ID hash). The key  is  stored  like  re‐
945       pokey.  This mode is new and not compatible with Borg 1.0.x.
946
947       authenticated-blake2   is   like  authenticated,  but  uses  the  keyed
948       BLAKE2b-256 hash from the other blake2 modes.  This mode is new and not
949       compatible with Borg 1.0.x.
950
951       none  mode  uses no encryption and no authentication. It uses SHA256 as
952       chunk ID hash. This mode is not recommended, you should rather consider
953       using  an  authenticated or authenticated/encrypted mode. This mode has
954       possible denial-of-service issues when running borg create on  contents
955       controlled  by  an attacker.  Use it only for new repositories where no
956       encryption is wanted and when compatibility with 1.0.x is important. If
957       compatibility  with 1.0.x is not important, use authenticated-blake2 or
958       authenticated instead.  This mode is compatible with Borg 1.0.x.
959
960   Examples
961          # Local repository, repokey encryption, BLAKE2b (often faster, since Borg 1.1)
962          $ borg init --encryption=repokey-blake2 /path/to/repo
963
964          # Local repository (no encryption)
965          $ borg init --encryption=none /path/to/repo
966
967          # Remote repository (accesses a remote borg via ssh)
968          # repokey: stores the (encrypted) key into <REPO_DIR>/config
969          $ borg init --encryption=repokey-blake2 user@hostname:backup
970
971          # Remote repository (accesses a remote borg via ssh)
972          # keyfile: stores the (encrypted) key into ~/.config/borg/keys/
973          $ borg init --encryption=keyfile user@hostname:backup
974

BORG CREATE

976          borg [common options] create [options] ARCHIVE [PATH...]
977
978   Description
979       This command creates a backup archive containing all files found  while
980       recursively  traversing all paths specified. Paths are added to the ar‐
981       chive as they are given, that means if relative paths are desired,  the
982       command has to be run from the correct directory.
983
984       When  giving  '-'  as path, borg will read data from standard input and
985       create a file 'stdin' in the created archive from that  data.  In  some
986       cases it's more appropriate to use --content-from-command, however. See
987       section Reading from stdin below for details.
988
989       The archive will consume almost no disk space for  files  or  parts  of
990       files that have already been stored in other archives.
991
992       The  archive  name needs to be unique. It must not end in '.checkpoint'
993       or '.checkpoint.N' (with N being a number),  because  these  names  are
994       used for checkpoints and treated in special ways.
995
996       In  the  archive  name,  you may use the following placeholders: {now},
997       {utcnow}, {fqdn}, {hostname}, {user} and some others.
998
999       Backup speed is increased by not reprocessing files  that  are  already
1000       part of existing archives and weren't modified. The detection of unmod‐
1001       ified files is done by comparing multiple  file  metadata  values  with
1002       previous values kept in the files cache.
1003
1004       This   comparison   can   operate   in  different  modes  as  given  by
1005       --files-cache:
1006
1007       • ctime,size,inode (default)
1008
1009       • mtime,size,inode (default  behaviour  of  borg  versions  older  than
1010         1.1.0rc4)
1011
1012       • ctime,size (ignore the inode number)
1013
1014       • mtime,size (ignore the inode number)
1015
1016       • rechunk,ctime  (all  files  are  considered modified - rechunk, cache
1017         ctime)
1018
1019       • rechunk,mtime (all files are considered  modified  -  rechunk,  cache
1020         mtime)
1021
1022       • disabled  (disable  the  files cache, all files considered modified -
1023         rechunk)
1024
1025       inode number: better safety, but often unstable on network filesystems
1026
1027       Normally, detecting file modifications will take inode information into
1028       consideration  to  improve  the  reliability  of file change detection.
1029       This is problematic for files located on sshfs and similar network file
1030       systems  which do not provide stable inode numbers, such files will al‐
1031       ways be considered modified. You can use modes without  inode  in  this
1032       case  to improve performance, but reliability of change detection might
1033       be reduced.
1034
1035       ctime vs. mtime: safety vs. speed
1036
1037       • ctime is a rather safe way to detect changes to a file (metadata  and
1038         contents)  as  it can not be set from userspace. But, a metadata-only
1039         change will already update the ctime, so there might be some unneces‐
1040         sary  chunking/hashing even without content changes. Some filesystems
1041         do not support ctime (change time).  E.g. doing a chown or chmod to a
1042         file will change its ctime.
1043
1044       • mtime  usually  works and only updates if file contents were changed.
1045         But mtime can be arbitrarily set from userspace, e.g.  to  set  mtime
1046         back  to the same value it had before a content change happened. This
1047         can be used maliciously as well as  well-meant,  but  in  both  cases
1048         mtime based cache modes can be problematic.
1049
1050       The  mount  points of filesystems or filesystem snapshots should be the
1051       same for every creation of a new archive to ensure fast operation. This
1052       is  because  the  file  cache  that  is used to determine changed files
1053       quickly uses absolute filenames.  If this  is  not  possible,  consider
1054       creating a bind mount to a stable location.
1055
1056       The  --progress  option shows (from left to right) Original, Compressed
1057       and Deduplicated (O, C and D, respectively), then the Number  of  files
1058       (N) processed so far, followed by the currently processed path.
1059
1060       When  using  --stats,  you will get some statistics about how much data
1061       was added - the "This Archive" deduplicated size there is  most  inter‐
1062       esting  as that is how much your repository will grow. Please note that
1063       the "All archives" stats refer to the state after creation.  Also,  the
1064       --stats  and  --dry-run options are mutually exclusive because the data
1065       is not actually compressed and deduplicated during a dry run.
1066
1067       For more help on include/exclude patterns, see the borg  help  patterns
1068       command output.
1069
1070       For  more  help on placeholders, see the borg help placeholders command
1071       output.
1072
1073       The --exclude patterns are not like tar. In tar --exclude .bundler/gems
1074       will  exclude  foo/.bundler/gems.  In borg it will not, you need to use
1075       --exclude '*/.bundler/gems' to get the same effect.
1076
1077       In addition to using --exclude patterns, it is possible  to  use  --ex‐
1078       clude-if-present  to  specify  the  name of a filesystem object (e.g. a
1079       file or folder name) which, when contained within another folder,  will
1080       prevent  the  containing  folder from being backed up.  By default, the
1081       containing folder and all of its contents  will  be  omitted  from  the
1082       backup.  If, however, you wish to only include the objects specified by
1083       --exclude-if-present in your backup, and not include any other contents
1084       of  the  containing  folder,  this  can  be  enabled  through using the
1085       --keep-exclude-tags option.
1086
1087       The -x or  --one-file-system  option  excludes  directories,  that  are
1088       mountpoints  (and  everything in them).  It detects mountpoints by com‐
1089       paring the device number from the output of stat() of the directory and
1090       its  parent  directory. Specifically, it excludes directories for which
1091       stat() reports a device number different  from  the  device  number  of
1092       their parent.  In general: be aware that there are directories with de‐
1093       vice number different from their parent, which the kernel does not con‐
1094       sider  a  mountpoint and also the other way around.  Linux examples for
1095       this are bind mounts (possibly same device number, but always a  mount‐
1096       point) and ALL subvolumes of a btrfs (different device number from par‐
1097       ent but not necessarily a mountpoint).  macOS  examples  are  the  apfs
1098       mounts   of  a  typical  macOS  installation.   Therefore,  when  using
1099       --one-file-system, you should double-check that the backup works as in‐
1100       tended.
1101
1102   Item flags
1103       --list  outputs  a list of all files, directories and other file system
1104       items it considered (no matter whether  they  had  content  changes  or
1105       not).  For  each  item, it prefixes a single-letter flag that indicates
1106       type and/or status of the item.
1107
1108       If you are interested only in a subset of that  output,  you  can  give
1109       e.g.   --filter=AME  and it will only show regular files with A, M or E
1110       status (see below).
1111
1112       A uppercase character represents the status of a regular file  relative
1113       to  the  "files" cache (not relative to the repo -- this is an issue if
1114       the files cache is not used). Metadata is stored in any  case  and  for
1115       'A'  and  'M'  also new data chunks are stored. For 'U' all data chunks
1116       refer to already existing chunks.
1117
1118       • 'A' = regular file, added (see also I am seeing  'A'  (added)  status
1119         for an unchanged file!? in the FAQ)
1120
1121       • 'M' = regular file, modified
1122
1123       • 'U' = regular file, unchanged
1124
1125       • 'C' = regular file, it changed while we backed it up
1126
1127       • 'E'  =  regular  file, an error happened while accessing/reading this
1128         file
1129
1130       A lowercase character means a file type other than a regular file, borg
1131       usually just stores their metadata:
1132
1133       • 'd' = directory
1134
1135       • 'b' = block device
1136
1137       • 'c' = char device
1138
1139       • 'h' = regular file, hardlink (to already seen inodes)
1140
1141       • 's' = symlink
1142
1143       • 'f' = fifo
1144
1145       Other flags used include:
1146
1147       • 'i' = backup data was read from standard input (stdin)
1148
1149       • '-' = dry run, item was not backed up
1150
1151       • 'x' = excluded, item was not backed up
1152
1153       • '?'  =  missing  status  code (if you see this, please file a bug re‐
1154         port!)
1155
1156   Reading from stdin
1157       There are two methods to read from stdin. Either specify - as path  and
1158       pipe directly to borg:
1159
1160          backup-vm --id myvm --stdout | borg create REPO::ARCHIVE -
1161
1162       Or  use --content-from-command to have Borg manage the execution of the
1163       command and piping. If you do so, the first  PATH  argument  is  inter‐
1164       preted  as  command to execute and any further arguments are treated as
1165       arguments to the command:
1166
1167          borg create --content-from-command REPO::ARCHIVE -- backup-vm --id myvm --stdout
1168
1169       -- is used to ensure --id and --stdout are not considered arguments  to
1170       borg but rather backup-vm.
1171
1172       The  difference  between the two approaches is that piping to borg cre‐
1173       ates an archive even if the command piping to borg exits with  a  fail‐
1174       ure.  In  this  case, one can end up with truncated output being backed
1175       up. Using --content-from-command, in contrast, borg  is  guaranteed  to
1176       fail  without  creating an archive should the command fail. The command
1177       is considered failed when it returned a non-zero exit code.
1178
1179       Reading from stdin yields just a stream of data without  file  metadata
1180       associated  with it, and the files cache is not needed at all. So it is
1181       safe to disable it via --files-cache disabled and speed up backup  cre‐
1182       ation a bit.
1183
1184       By  default,  the  content  read  from stdin is stored in a file called
1185       'stdin'.  Use --stdin-name to change the name.
1186
1187   Examples
1188          # Backup ~/Documents into an archive named "my-documents"
1189          $ borg create /path/to/repo::my-documents ~/Documents
1190
1191          # same, but list all files as we process them
1192          $ borg create --list /path/to/repo::my-documents ~/Documents
1193
1194          # Backup ~/Documents and ~/src but exclude pyc files
1195          $ borg create /path/to/repo::my-files \
1196              ~/Documents                       \
1197              ~/src                             \
1198              --exclude '*.pyc'
1199
1200          # Backup home directories excluding image thumbnails (i.e. only
1201          # /home/<one directory>/.thumbnails is excluded, not /home/*/*/.thumbnails etc.)
1202          $ borg create /path/to/repo::my-files /home \
1203              --exclude 'sh:home/*/.thumbnails'
1204
1205          # Backup the root filesystem into an archive named "root-YYYY-MM-DD"
1206          # use zlib compression (good, but slow) - default is lz4 (fast, low compression ratio)
1207          $ borg create -C zlib,6 --one-file-system /path/to/repo::root-{now:%Y-%m-%d} /
1208
1209          # Backup onto a remote host ("push" style) via ssh to port 2222,
1210          # logging in as user "borg" and storing into /path/to/repo
1211          $ borg create ssh://borg@backup.example.org:2222/path/to/repo::{fqdn}-root-{now} /
1212
1213          # Backup a remote host locally ("pull" style) using sshfs
1214          $ mkdir sshfs-mount
1215          $ sshfs root@example.com:/ sshfs-mount
1216          $ cd sshfs-mount
1217          $ borg create /path/to/repo::example.com-root-{now:%Y-%m-%d} .
1218          $ cd ..
1219          $ fusermount -u sshfs-mount
1220
1221          # Make a big effort in fine granular deduplication (big chunk management
1222          # overhead, needs a lot of RAM and disk space, see formula in internals
1223          # docs - same parameters as borg < 1.0 or attic):
1224          $ borg create --chunker-params buzhash,10,23,16,4095 /path/to/repo::small /smallstuff
1225
1226          # Backup a raw device (must not be active/in use/mounted at that time)
1227          $ borg create --read-special --chunker-params fixed,4194304 /path/to/repo::my-sdx /dev/sdX
1228
1229          # Backup a sparse disk image (must not be active/in use/mounted at that time)
1230          $ borg create --sparse --chunker-params fixed,4194304 /path/to/repo::my-disk my-disk.raw
1231
1232          # No compression (none)
1233          $ borg create --compression none /path/to/repo::arch ~
1234
1235          # Super fast, low compression (lz4, default)
1236          $ borg create /path/to/repo::arch ~
1237
1238          # Less fast, higher compression (zlib, N = 0..9)
1239          $ borg create --compression zlib,N /path/to/repo::arch ~
1240
1241          # Even slower, even higher compression (lzma, N = 0..9)
1242          $ borg create --compression lzma,N /path/to/repo::arch ~
1243
1244          # Only compress compressible data with lzma,N (N = 0..9)
1245          $ borg create --compression auto,lzma,N /path/to/repo::arch ~
1246
1247          # Use short hostname, user name and current time in archive name
1248          $ borg create /path/to/repo::{hostname}-{user}-{now} ~
1249          # Similar, use the same datetime format that is default as of borg 1.1
1250          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
1251          # As above, but add nanoseconds
1252          $ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~
1253
1254          # Backing up relative paths by moving into the correct directory first
1255          $ cd /home/user/Documents
1256          # The root directory of the archive will be "projectA"
1257          $ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA
1258
1259          # Use external command to determine files to archive
1260          # Use --paths-from-stdin with find to only backup files less than 1MB in size
1261          $ find ~ -size -1000k | borg create --paths-from-stdin /path/to/repo::small-files-only
1262          # Use --paths-from-command with find to only backup files from a given user
1263          $ borg create --paths-from-command /path/to/repo::joes-files -- find /srv/samba/shared -user joe
1264          # Use --paths-from-stdin with --paths-delimiter (for example, for filenames with newlines in them)
1265          $ find ~ -size -1000k -print0 | borg create \
1266              --paths-from-stdin \
1267              --paths-delimiter "\0" \
1268              /path/to/repo::smallfiles-handle-newline
1269

BORG EXTRACT

1271          borg [common options] extract [options] ARCHIVE [PATH...]
1272
1273   Description
1274       This command extracts the contents of an archive. By default the entire
1275       archive  is  extracted but a subset of files and directories can be se‐
1276       lected by passing a list of PATHs as arguments. The file selection  can
1277       further be restricted by using the --exclude option.
1278
1279       For  more  help on include/exclude patterns, see the borg help patterns
1280       command output.
1281
1282       By using --dry-run, you can do all  extraction  steps  except  actually
1283       writing  the  output  data:  reading  metadata and data chunks from the
1284       repo, checking the hash/hmac, decrypting, decompressing.
1285
1286       --progress can be slower than no progress display, since it  makes  one
1287       additional pass over the archive metadata.
1288
1289       NOTE:
1290          Currently,  extract always writes into the current working directory
1291          ("."), so make sure you cd to the right place  before  calling  borg
1292          extract.
1293
1294          When parent directories are not extracted (because of using file/di‐
1295          rectory selection or any other reason), borg can not restore  parent
1296          directories' metadata, e.g. owner, group, permission, etc.
1297
1298   Examples
1299          # Extract entire archive
1300          $ borg extract /path/to/repo::my-files
1301
1302          # Extract entire archive and list files while processing
1303          $ borg extract --list /path/to/repo::my-files
1304
1305          # Verify whether an archive could be successfully extracted, but do not write files to disk
1306          $ borg extract --dry-run /path/to/repo::my-files
1307
1308          # Extract the "src" directory
1309          $ borg extract /path/to/repo::my-files home/USERNAME/src
1310
1311          # Extract the "src" directory but exclude object files
1312          $ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'
1313
1314          # Restore a raw device (must not be active/in use/mounted at that time)
1315          $ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M
1316

BORG CHECK

1318          borg [common options] check [options] [REPOSITORY_OR_ARCHIVE]
1319
1320   Description
1321       The  check command verifies the consistency of a repository and its ar‐
1322       chives.  It consists of two major steps:
1323
1324       1. Checking the consistency of the  repository  itself.  This  includes
1325          checking  the  segment magic headers, and both the metadata and data
1326          of all objects in the segments. The read data is checked by size and
1327          CRC.  Bit  rot  and other types of accidental damage can be detected
1328          this way. Running the repository check can be  split  into  multiple
1329          partial checks using --max-duration.  When checking a remote reposi‐
1330          tory, please note that the checks run on the server and do not cause
1331          significant network traffic.
1332
1333       2. Checking consistency and correctness of the archive metadata and op‐
1334          tionally archive data (requires --verify-data). This includes ensur‐
1335          ing  that the repository manifest exists, the archive metadata chunk
1336          is present, and that all chunks referencing files (items) in the ar‐
1337          chive  exist.  This  requires reading archive and file metadata, but
1338          not data. To cryptographically verify the file (content) data integ‐
1339          rity pass --verify-data, but keep in mind that this requires reading
1340          all data and is hence very time consuming. When checking archives of
1341          a  remote  repository,  archive checks run on the client machine be‐
1342          cause they require decrypting data and therefore the encryption key.
1343
1344       Both steps can also be run independently. Pass --repository-only to run
1345       the  repository checks only, or pass --archives-only to run the archive
1346       checks only.
1347
1348       The --max-duration option can be used to split a  long-running  reposi‐
1349       tory check into multiple partial checks. After the given number of sec‐
1350       onds the check is interrupted. The next  partial  check  will  continue
1351       where  the  previous  one  stopped,  until the full repository has been
1352       checked. Assuming a complete check would take 7 hours, then  running  a
1353       daily  check with --max-duration=3600 (1 hour) would result in one full
1354       repository check per week. Doing a full  repository  check  aborts  any
1355       previous  partial  check;  the next partial check will restart from the
1356       beginning. With partial repository checks you can run  neither  archive
1357       checks,  nor  enable  repair  mode.  Consequently,  if  you want to use
1358       --max-duration you must also pass --repository-only, and must not  pass
1359       --archives-only, nor --repair.
1360
1361       Warning:  Please  note  that partial repository checks (i.e. running it
1362       with --max-duration) can only perform non-cryptographic checksum checks
1363       on the segment files. A full repository check (i.e. without --max-dura‐
1364       tion) can also do a repository index check. Enabling partial repository
1365       checks  excepts  archive  checks for the same reason. Therefore partial
1366       checks may be useful with very large repositories  only  where  a  full
1367       check would take too long.
1368
1369       The --verify-data option will perform a full integrity verification (as
1370       opposed to checking the CRC32 of the  segment)  of  data,  which  means
1371       reading  the data from the repository, decrypting and decompressing it.
1372       It is a complete cryptographic verification and hence very time consum‐
1373       ing,  but  will  detect  any  accidental and malicious corruption. Tam‐
1374       per-resistance is only guaranteed for  encrypted  repositories  against
1375       attackers  without  access  to  the keys. You can not use --verify-data
1376       with --repository-only.
1377
1378   About repair mode
1379       The check command is a readonly task by default. If any  corruption  is
1380       found,  Borg  will report the issue and proceed with checking. To actu‐
1381       ally repair the issues found, pass --repair.
1382
1383       NOTE:
1384          --repair is a POTENTIALLY DANGEROUS FEATURE and might lead  to  data
1385          loss!  This does not just include data that was previously lost any‐
1386          way, but might include more data for kinds of corruption it  is  not
1387          capable of dealing with. BE VERY CAREFUL!
1388
1389       Pursuant  to the previous warning it is also highly recommended to test
1390       the reliability of the hardware running Borg with stress testing  soft‐
1391       ware.  This  especially includes storage and memory testers. Unreliable
1392       hardware might lead to additional data loss.
1393
1394       It is highly recommended to create a backup of your  repository  before
1395       running in repair mode (i.e. running it with --repair).
1396
1397       Repair  mode  will attempt to fix any corruptions found. Fixing corrup‐
1398       tions does not mean recovering lost data: Borg can  not  magically  re‐
1399       store  data lost due to e.g. a hardware failure. Repairing a repository
1400       means sacrificing some data for the sake of the repository as  a  whole
1401       and the remaining data. Hence it is, by definition, a potentially lossy
1402       task.
1403
1404       In practice, repair mode hooks into both  the  repository  and  archive
1405       checks:
1406
1407       1. When  checking the repository's consistency, repair mode will try to
1408          recover as many objects from segments with integrity errors as  pos‐
1409          sible,  and ensure that the index is consistent with the data stored
1410          in the segments.
1411
1412       2. When checking the consistency and correctness  of  archives,  repair
1413          mode  might remove whole archives from the manifest if their archive
1414          metadata chunk is corrupt or lost. On a chunk level (i.e.  the  con‐
1415          tents  of  files),  repair  mode will replace corrupt or lost chunks
1416          with a same-size replacement chunk of zeroes. If a previously zeroed
1417          chunk  reappears, repair mode will restore this lost chunk using the
1418          new chunk. Lastly, repair mode  will  also  delete  orphaned  chunks
1419          (e.g. caused by read errors while creating the archive).
1420
1421       Most  steps  taken by repair mode have a one-time effect on the reposi‐
1422       tory, like removing a lost archive from the  repository.  However,  re‐
1423       placing  a corrupt or lost chunk with an all-zero replacement will have
1424       an ongoing effect on the repository: When attempting to extract a  file
1425       referencing an all-zero chunk, the extract command will distinctly warn
1426       about it. The FUSE filesystem created by the mount command will  reject
1427       reading  such  a  "zero-patched"  file unless a special mount option is
1428       given.
1429
1430       As mentioned earlier, Borg might be able  to  "heal"  a  "zero-patched"
1431       file  in  repair mode, if all its previously lost chunks reappear (e.g.
1432       via a later backup). This is achieved by Borg not only keeping track of
1433       the all-zero replacement chunks, but also by keeping metadata about the
1434       lost chunks. In repair mode Borg will check whether a  previously  lost
1435       chunk reappeared and will replace the all-zero replacement chunk by the
1436       reappeared chunk. If all lost chunks of a "zero-patched" file reappear,
1437       this  effectively  "heals" the file.  Consequently, if lost chunks were
1438       repaired earlier, it is advised to run --repair  a  second  time  after
1439       creating some new backups.
1440

BORG RENAME

1442          borg [common options] rename [options] ARCHIVE NEWNAME
1443
1444   Description
1445       This command renames an archive in the repository.
1446
1447       This results in a different archive ID.
1448
1449   Examples
1450          $ borg create /path/to/repo::archivename ~
1451          $ borg list /path/to/repo
1452          archivename                          Mon, 2016-02-15 19:50:19
1453
1454          $ borg rename /path/to/repo::archivename newname
1455          $ borg list /path/to/repo
1456          newname                              Mon, 2016-02-15 19:50:19
1457

BORG LIST

1459          borg [common options] list [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
1460
1461   Description
1462       This command lists the contents of a repository or an archive.
1463
1464       For  more  help on include/exclude patterns, see the borg help patterns
1465       command output.
1466
1467   The FORMAT specifier syntax
1468       The --format option uses python's format string syntax.
1469
1470       Examples:
1471
1472          $ borg list --format '{archive}{NL}' /path/to/repo
1473          ArchiveFoo
1474          ArchiveBar
1475          ...
1476
1477          # {VAR:NUMBER} - pad to NUMBER columns.
1478          # Strings are left-aligned, numbers are right-aligned.
1479          # Note: time columns except ``isomtime``, ``isoctime`` and ``isoatime`` cannot be padded.
1480          $ borg list --format '{archive:36} {time} [{id}]{NL}' /path/to/repo
1481          ArchiveFoo                           Thu, 2021-12-09 10:22:28 [0b8e9a312bef3f2f6e2d0fc110c196827786c15eba0188738e81697a7fa3b274]
1482          $ borg list --format '{mode} {user:6} {group:6} {size:8} {mtime} {path}{extra}{NL}' /path/to/repo::ArchiveFoo
1483          -rw-rw-r-- user   user       1024 Thu, 2021-12-09 10:22:17 file-foo
1484          ...
1485
1486          # {VAR:<NUMBER} - pad to NUMBER columns left-aligned.
1487          # {VAR:>NUMBER} - pad to NUMBER columns right-aligned.
1488          $ borg list --format '{mode} {user:>6} {group:>6} {size:<8} {mtime} {path}{extra}{NL}' /path/to/repo::ArchiveFoo
1489          -rw-rw-r--   user   user 1024     Thu, 2021-12-09 10:22:17 file-foo
1490          ...
1491
1492       The following keys are always available:
1493
1494       • NEWLINE: OS dependent line separator
1495
1496       • NL: alias of NEWLINE
1497
1498       • NUL: NUL character for creating print0 / xargs -0  like  output,  see
1499         barchive and bpath keys below
1500
1501       • SPACE
1502
1503       • TAB
1504
1505       • CR
1506
1507       • LF
1508
1509       Keys available only when listing archives in a repository:
1510
1511       • archive:  archive name interpreted as text (might be missing non-text
1512         characters, see barchive)
1513
1514       • name: alias of "archive"
1515
1516       • barchive: verbatim archive name, can contain any character except NUL
1517
1518       • comment: archive  comment  interpreted  as  text  (might  be  missing
1519         non-text characters, see bcomment)
1520
1521       • bcomment:  verbatim archive comment, can contain any character except
1522         NUL
1523
1524       • id: internal ID of the archive
1525
1526       • tam: TAM authentication state of this archive
1527
1528       • start: time (start) of creation of the archive
1529
1530       • time: alias of "start"
1531
1532       • end: time (end) of creation of the archive
1533
1534       • command_line: command line which was used to create the archive
1535
1536       • hostname: hostname of host on which this archive was created
1537
1538       • username: username of user who created this archive
1539
1540       Keys available only when listing files in an archive:
1541
1542       • type
1543
1544       • mode
1545
1546       • uid
1547
1548       • gid
1549
1550       • user
1551
1552       • group
1553
1554       • path: path interpreted as text (might be missing non-text characters,
1555         see bpath)
1556
1557       • bpath: verbatim POSIX path, can contain any character except NUL
1558
1559       • source: link target for links (identical to linktarget)
1560
1561       • linktarget
1562
1563       • flags
1564
1565       • size
1566
1567       • csize: compressed size
1568
1569       • dsize: deduplicated size
1570
1571       • dcsize: deduplicated compressed size
1572
1573       • num_chunks: number of chunks in this file
1574
1575       • unique_chunks: number of unique chunks in this file
1576
1577       • mtime
1578
1579       • ctime
1580
1581       • atime
1582
1583       • isomtime
1584
1585       • isoctime
1586
1587       • isoatime
1588
1589       • blake2b
1590
1591       • blake2s
1592
1593       • md5
1594
1595       • sha1
1596
1597       • sha224
1598
1599       • sha256
1600
1601       • sha384
1602
1603       • sha3_224
1604
1605       • sha3_256
1606
1607       • sha3_384
1608
1609       • sha3_512
1610
1611       • sha512
1612
1613       • xxh64: XXH64 checksum of this file (note: this is NOT a cryptographic
1614         hash!)
1615
1616       • archiveid
1617
1618       • archivename
1619
1620       • extra: prepends {source} with " -> " for soft links and " link  to  "
1621         for hard links
1622
1623       • health:  either "healthy" (file ok) or "broken" (if file has all-zero
1624         replacement chunks)
1625
1626   Examples
1627          $ borg list /path/to/repo
1628          Monday                               Mon, 2016-02-15 19:15:11
1629          repo                                 Mon, 2016-02-15 19:26:54
1630          root-2016-02-15                      Mon, 2016-02-15 19:36:29
1631          newname                              Mon, 2016-02-15 19:50:19
1632          ...
1633
1634          $ borg list /path/to/repo::root-2016-02-15
1635          drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
1636          drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
1637          -rwxr-xr-x root   root    1029624 Thu, 2014-11-13 00:08:51 bin/bash
1638          lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1639          -rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1640          ...
1641
1642          $ borg list /path/to/repo::root-2016-02-15 --pattern "- bin/ba*"
1643          drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
1644          drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
1645          lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
1646          -rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
1647          ...
1648
1649          $ borg list /path/to/repo::archiveA --format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
1650          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 .
1651          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code
1652          drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code/myproject
1653          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1654          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
1655          ...
1656
1657          $ borg list /path/to/repo/::archiveA --pattern '+ re:\.ext$' --pattern '- re:^.*$'
1658          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1659          ...
1660
1661          $ borg list /path/to/repo/::archiveA --pattern '+ re:.ext$' --pattern '- re:^.*$'
1662          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
1663          -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
1664          ...
1665

BORG DIFF

1667          borg [common options] diff [options] REPO::ARCHIVE1 ARCHIVE2 [PATH...]
1668
1669   Description
1670       This command finds differences (file contents, user/group/mode) between
1671       archives.
1672
1673       A  repository  location  and  an  archive  name  must  be specified for
1674       REPO::ARCHIVE1.  ARCHIVE2 is just another archive name in same  reposi‐
1675       tory (no repository location allowed).
1676
1677       For  archives created with Borg 1.1 or newer diff automatically detects
1678       whether the archives are created with the same chunker params.  If  so,
1679       only chunk IDs are compared, which is very fast.
1680
1681       For  archives prior to Borg 1.1 chunk contents are compared by default.
1682       If you did not create the archives with different chunker params,  pass
1683       --same-chunker-params.   Note that the chunker params changed from Borg
1684       0.xx to 1.0.
1685
1686       For more help on include/exclude patterns, see the borg  help  patterns
1687       command output.
1688
1689   Examples
1690          $ borg init -e=none testrepo
1691          $ mkdir testdir
1692          $ cd testdir
1693          $ echo asdf > file1
1694          $ dd if=/dev/urandom bs=1M count=4 > file2
1695          $ touch file3
1696          $ borg create ../testrepo::archive1 .
1697
1698          $ chmod a+x file1
1699          $ echo "something" >> file2
1700          $ borg create ../testrepo::archive2 .
1701
1702          $ echo "testing 123" >> file1
1703          $ rm file3
1704          $ touch file4
1705          $ borg create ../testrepo::archive3 .
1706
1707          $ cd ..
1708          $ borg diff testrepo::archive1 archive2
1709          [-rw-r--r-- -> -rwxr-xr-x] file1
1710             +135 B    -252 B file2
1711
1712          $ borg diff testrepo::archive2 archive3
1713              +17 B      -5 B file1
1714          added           0 B file4
1715          removed         0 B file3
1716
1717          $ borg diff testrepo::archive1 archive3
1718              +17 B      -5 B [-rw-r--r-- -> -rwxr-xr-x] file1
1719             +135 B    -252 B file2
1720          added           0 B file4
1721          removed         0 B file3
1722
1723          $ borg diff --json-lines testrepo::archive1 archive3
1724          {"path": "file1", "changes": [{"type": "modified", "added": 17, "removed": 5}, {"type": "mode", "old_mode": "-rw-r--r--", "new_mode": "-rwxr-xr-x"}]}
1725          {"path": "file2", "changes": [{"type": "modified", "added": 135, "removed": 252}]}
1726          {"path": "file4", "changes": [{"type": "added", "size": 0}]}
1727          {"path": "file3", "changes": [{"type": "removed", "size": 0}]}
1728

BORG DELETE

1730          borg [common options] delete [options] [REPOSITORY_OR_ARCHIVE] [ARCHIVE...]
1731
1732   Description
1733       This  command  deletes  an  archive from the repository or the complete
1734       repository.
1735
1736       Important: When deleting archives, repository disk space is  not  freed
1737       until you run borg compact.
1738
1739       When  you  delete  a  complete  repository, the security info and local
1740       cache for it (if any) are also deleted. Alternatively, you  can  delete
1741       just the local cache with the --cache-only option, or keep the security
1742       info with the --keep-security-info option.
1743
1744       When in doubt, use --dry-run --list to see what would be deleted.
1745
1746       When using --stats, you will get some statistics about  how  much  data
1747       was deleted - the "Deleted data" deduplicated size there is most inter‐
1748       esting as that is how much your repository will  shrink.   Please  note
1749       that the "All archives" stats refer to the state after deletion.
1750
1751       You can delete multiple archives by specifying a shell pattern to match
1752       multiple archives using the --glob-archives GLOB option (for more  info
1753       on these patterns, see borg help patterns).
1754
1755       To  avoid  accidentally  deleting  archives, especially when using glob
1756       patterns, it might be helpful to use the --dry-run to test out the com‐
1757       mand without actually making any changes to the repository.
1758
1759   Examples
1760          # delete a single backup archive:
1761          $ borg delete /path/to/repo::Monday
1762          # actually free disk space:
1763          $ borg compact /path/to/repo
1764
1765          # delete all archives whose names begin with the machine's hostname followed by "-"
1766          $ borg delete --glob-archives '{hostname}-*' /path/to/repo
1767
1768          # delete all archives whose names contain "-2012-"
1769          $ borg delete --glob-archives '*-2012-*' /path/to/repo
1770
1771          # see what would be deleted if delete was run without --dry-run
1772          $ borg delete --list --dry-run -a '*-May-*' /path/to/repo
1773
1774          # delete the whole repository and the related local cache:
1775          $ borg delete /path/to/repo
1776          You requested to completely DELETE the repository *including* all archives it contains:
1777          repo                                 Mon, 2016-02-15 19:26:54
1778          root-2016-02-15                      Mon, 2016-02-15 19:36:29
1779          newname                              Mon, 2016-02-15 19:50:19
1780          Type 'YES' if you understand this and want to continue: YES
1781

BORG PRUNE

1783          borg [common options] prune [options] [REPOSITORY]
1784
1785   Description
1786       The  prune  command  prunes  a  repository by deleting all archives not
1787       matching any of the specified retention options.
1788
1789       Important: Repository disk space is not freed until you run  borg  com‐
1790       pact.
1791
1792       This  command  is  normally used by automated backup scripts wanting to
1793       keep a certain number of historic backups.  This  retention  policy  is
1794       commonly  referred  to  as GFS (Grandfather-father-son) backup rotation
1795       scheme.
1796
1797       Also, prune automatically removes checkpoint archives  (incomplete  ar‐
1798       chives left behind by interrupted backup runs) except if the checkpoint
1799       is the latest archive (and thus still needed). Checkpoint archives  are
1800       not considered when comparing archive counts against the retention lim‐
1801       its (--keep-X).
1802
1803       If a prefix is set with -P, then only archives that start with the pre‐
1804       fix  are  considered for deletion and only those archives count towards
1805       the totals specified by the rules.   Otherwise,  all  archives  in  the
1806       repository are candidates for deletion!  There is no automatic distinc‐
1807       tion between archives representing different contents. These need to be
1808       distinguished by specifying matching prefixes.
1809
1810       If  you  have  multiple  sequences of archives with different data sets
1811       (e.g.  from different machines) in one shared repository, use one prune
1812       call  per  data set that matches only the respective archives using the
1813       -P option.
1814
1815       The --keep-within option takes an argument of the  form  "<int><char>",
1816       where  char  is  "H", "d", "w", "m", "y". For example, --keep-within 2d
1817       means to keep all archives that were created within the past 48  hours.
1818       "1m"  is taken to mean "31d". The archives kept with this option do not
1819       count towards the totals specified by any other options.
1820
1821       A good procedure is to thin out more and more the  older  your  backups
1822       get.   As an example, --keep-daily 7 means to keep the latest backup on
1823       each day, up to 7 most recent days with backups (days  without  backups
1824       do  not  count).   The  rules  are applied from secondly to yearly, and
1825       backups selected by previous rules do not count towards those of  later
1826       rules.  The  time that each backup starts is used for pruning purposes.
1827       Dates and times are interpreted in the local  timezone,  and  weeks  go
1828       from Monday to Sunday. Specifying a negative number of archives to keep
1829       means that there is no limit. As of borg 1.2.0, borg  will  retain  the
1830       oldest archive if any of the secondly, minutely, hourly, daily, weekly,
1831       monthly, or yearly rules was not otherwise able to meet  its  retention
1832       target.  This enables the first chronological archive to continue aging
1833       until it is replaced by a newer archive that meets the retention crite‐
1834       ria.
1835
1836       The --keep-last N option is doing the same as --keep-secondly N (and it
1837       will keep the last N archives under the assumption that you do not cre‐
1838       ate more than one backup archive in the same second).
1839
1840       When  using  --stats,  you will get some statistics about how much data
1841       was deleted - the "Deleted data" deduplicated size there is most inter‐
1842       esting  as  that  is how much your repository will shrink.  Please note
1843       that the "All archives" stats refer to the state after pruning.
1844
1845   Examples
1846       Be careful, prune is a potentially dangerous command,  it  will  remove
1847       backup archives.
1848
1849       The  default of prune is to apply to all archives in the repository un‐
1850       less you restrict its operation to  a  subset  of  the  archives  using
1851       --glob-archives.   When  using  --glob-archives, be careful to choose a
1852       good matching pattern - e.g. do not use "foo*" if you do not also  want
1853       to match "foobar".
1854
1855       It  is strongly recommended to always run prune -v --list --dry-run ...
1856       first so you will see what it would do without it actually  doing  any‐
1857       thing.
1858
1859          # Keep 7 end of day and 4 additional end of week archives.
1860          # Do a dry-run without actually deleting anything.
1861          $ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo
1862
1863          # Same as above but only apply to archive names starting with the hostname
1864          # of the machine followed by a "-" character:
1865          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --glob-archives='{hostname}-*' /path/to/repo
1866          # actually free disk space:
1867          $ borg compact /path/to/repo
1868
1869          # Keep 7 end of day, 4 additional end of week archives,
1870          # and an end of month archive for every month:
1871          $ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1872
1873          # Keep all backups in the last 10 days, 4 additional end of week archives,
1874          # and an end of month archive for every month:
1875          $ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo
1876
1877       There  is  also  a  visualized  prune  example in docs/misc/prune-exam‐
1878       ple.txt:
1879
1880          borg prune visualized
1881          =====================
1882
1883          Assume it is 2016-01-01, today's backup has not yet been made, you have
1884          created at least one backup on each day in 2015 except on 2015-12-19 (no
1885          backup made on that day), and you started backing up with borg on
1886          2015-01-01.
1887
1888          This is what borg prune --keep-daily 14 --keep-monthly 6 --keep-yearly 1
1889          would keep.
1890
1891          Backups kept by the --keep-daily rule are marked by a "d" to the right,
1892          backups kept by the --keep-monthly rule are marked by a "m" to the right,
1893          and backups kept by the --keep-yearly rule are marked by a "y" to the
1894          right.
1895
1896          Calendar view
1897          -------------
1898
1899                                      2015
1900                January               February               March
1901          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1902                    1y 2  3  4                     1                     1
1903           5  6  7  8  9 10 11   2  3  4  5  6  7  8   2  3  4  5  6  7  8
1904          12 13 14 15 16 17 18   9 10 11 12 13 14 15   9 10 11 12 13 14 15
1905          19 20 21 22 23 24 25  16 17 18 19 20 21 22  16 17 18 19 20 21 22
1906          26 27 28 29 30 31     23 24 25 26 27 28     23 24 25 26 27 28 29
1907                                                      30 31
1908
1909                 April                  May                   June
1910          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1911                 1  2  3  4  5               1  2  3   1  2  3  4  5  6  7
1912           6  7  8  9 10 11 12   4  5  6  7  8  9 10   8  9 10 11 12 13 14
1913          13 14 15 16 17 18 19  11 12 13 14 15 16 17  15 16 17 18 19 20 21
1914          20 21 22 23 24 25 26  18 19 20 21 22 23 24  22 23 24 25 26 27 28
1915          27 28 29 30           25 26 27 28 29 30 31  29 30m
1916
1917
1918                  July                 August              September
1919          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1920                 1  2  3  4  5                  1  2      1  2  3  4  5  6
1921           6  7  8  9 10 11 12   3  4  5  6  7  8  9   7  8  9 10 11 12 13
1922          13 14 15 16 17 18 19  10 11 12 13 14 15 16  14 15 16 17 18 19 20
1923          20 21 22 23 24 25 26  17 18 19 20 21 22 23  21 22 23 24 25 26 27
1924          27 28 29 30 31m       24 25 26 27 28 29 30  28 29 30m
1925                                31m
1926
1927                October               November              December
1928          Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
1929                    1  2  3  4                     1      1  2  3  4  5  6
1930           5  6  7  8  9 10 11   2  3  4  5  6  7  8   7  8  9 10 11 12 13
1931          12 13 14 15 16 17 18   9 10 11 12 13 14 15  14 15 16 17d18d19 20d
1932          19 20 21 22 23 24 25  16 17 18 19 20 21 22  21d22d23d24d25d26d27d
1933          26 27 28 29 30 31m    23 24 25 26 27 28 29  28d29d30d31d
1934                                30m
1935
1936          List view
1937          ---------
1938
1939          --keep-daily 14     --keep-monthly 6     --keep-yearly 1
1940          ----------------------------------------------------------------
1941           1. 2015-12-31       (2015-12-31 kept     (2015-12-31 kept
1942           2. 2015-12-30        by daily rule)       by daily rule)
1943           3. 2015-12-29       1. 2015-11-30        1. 2015-01-01 (oldest)
1944           4. 2015-12-28       2. 2015-10-31
1945           5. 2015-12-27       3. 2015-09-30
1946           6. 2015-12-26       4. 2015-08-31
1947           7. 2015-12-25       5. 2015-07-31
1948           8. 2015-12-24       6. 2015-06-30
1949           9. 2015-12-23
1950          10. 2015-12-22
1951          11. 2015-12-21
1952          12. 2015-12-20
1953              (no backup made on 2015-12-19)
1954          13. 2015-12-18
1955          14. 2015-12-17
1956
1957
1958          Notes
1959          -----
1960
1961          2015-12-31 is kept due to the --keep-daily 14 rule (because it is applied
1962          first), not due to the --keep-monthly or --keep-yearly rule.
1963
1964          The --keep-yearly 1 rule does not consider the December 31st backup because it
1965          has already been kept due to the daily rule. There are no backups available
1966          from previous years, so the --keep-yearly target of 1 backup is not satisfied.
1967          Because of this, the 2015-01-01 archive (the oldest archive available) is kept.
1968
1969          The --keep-monthly 6 rule keeps Nov, Oct, Sep, Aug, Jul and Jun. December is
1970          not considered for this rule, because that backup was already kept because of
1971          the daily rule.
1972
1973          2015-12-17 is kept to satisfy the --keep-daily 14 rule - because no backup was
1974          made on 2015-12-19. If a backup had been made on that day, it would not keep
1975          the one from 2015-12-17.
1976
1977          We did not include weekly, hourly, minutely or secondly rules to keep this
1978          example simple. They all work in basically the same way.
1979
1980          The weekly rule is easy to understand roughly, but hard to understand in all
1981          details. If interested, read "ISO 8601:2000 standard week-based year".
1982
1983

BORG COMPACT

1985          borg [common options] compact [options] [REPOSITORY]
1986
1987   Description
1988       This command frees repository space by compacting segments.
1989
1990       Use this regularly to avoid running out of space - you do not  need  to
1991       use  this after each borg command though. It is especially useful after
1992       deleting archives, because only compaction will really free  repository
1993       space.
1994
1995       borg  compact  does not need a key, so it is possible to invoke it from
1996       the client or also from the server.
1997
1998       Depending on the amount of segments that need compaction, it may take a
1999       while, so consider using the --progress option.
2000
2001       A  segment  is compacted if the amount of saved space is above the per‐
2002       centage value given by the --threshold option. If omitted, a  threshold
2003       of  10% is used.  When using --verbose, borg will output an estimate of
2004       the freed space.
2005
2006       After upgrading borg  (server)  to  1.2+,  you  can  use  borg  compact
2007       --cleanup-commits  to clean up the numerous 17byte commit-only segments
2008       that borg 1.1 did not clean up due to a bug. It is enough  to  do  that
2009       once per repository. After cleaning up the commits, borg will also do a
2010       normal compaction.
2011
2012       See Separate compaction in Additional Notes for more details.
2013
2014   Examples
2015          # compact segments and free repo disk space
2016          $ borg compact /path/to/repo
2017
2018          # same as above plus clean up 17byte commit-only segments
2019          $ borg compact --cleanup-commits /path/to/repo
2020

BORG INFO

2022          borg [common options] info [options] [REPOSITORY_OR_ARCHIVE]
2023
2024   Description
2025       This command displays detailed information about the specified  archive
2026       or repository.
2027
2028       Please  note  that the deduplicated sizes of the individual archives do
2029       not add up to the deduplicated size of the repository ("all archives"),
2030       because the two are meaning different things:
2031
2032       This  archive / deduplicated size = amount of data stored ONLY for this
2033       archive = unique chunks of this archive.  All archives  /  deduplicated
2034       size  =  amount  of data stored in the repo = all chunks in the reposi‐
2035       tory.
2036
2037       Borg archives can only contain a limited amount of file metadata.   The
2038       size  of  an archive relative to this limit depends on a number of fac‐
2039       tors, mainly the number of files, the lengths of paths and other  meta‐
2040       data  stored  for  files.  This is shown as utilization of maximum sup‐
2041       ported archive size.
2042
2043   Examples
2044          $ borg info /path/to/repo::2017-06-29T11:00-srv
2045          Archive name: 2017-06-29T11:00-srv
2046          Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
2047          Comment:
2048          Hostname: myhostname
2049          Username: root
2050          Time (start): Thu, 2017-06-29 11:03:07
2051          Time (end): Thu, 2017-06-29 11:03:13
2052          Duration: 5.66 seconds
2053          Number of files: 17037
2054          Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
2055          Utilization of max. archive size: 0%
2056          ------------------------------------------------------------------------------
2057                                 Original size      Compressed size    Deduplicated size
2058          This archive:               12.53 GB             12.49 GB              1.62 kB
2059          All archives:              121.82 TB            112.41 TB            215.42 GB
2060
2061                                 Unique chunks         Total chunks
2062          Chunk index:                 1015213            626934122
2063
2064          $ borg info /path/to/repo --last 1
2065          Archive name: 2017-06-29T11:00-srv
2066          Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
2067          Comment:
2068          Hostname: myhostname
2069          Username: root
2070          Time (start): Thu, 2017-06-29 11:03:07
2071          Time (end): Thu, 2017-06-29 11:03:13
2072          Duration: 5.66 seconds
2073          Number of files: 17037
2074          Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
2075          Utilization of max. archive size: 0%
2076          ------------------------------------------------------------------------------
2077                                 Original size      Compressed size    Deduplicated size
2078          This archive:               12.53 GB             12.49 GB              1.62 kB
2079          All archives:              121.82 TB            112.41 TB            215.42 GB
2080
2081                                 Unique chunks         Total chunks
2082          Chunk index:                 1015213            626934122
2083
2084          $ borg info /path/to/repo
2085          Repository ID: d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
2086          Location: /path/to/repo
2087          Encrypted: Yes (repokey)
2088          Cache: /root/.cache/borg/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
2089          Security dir: /root/.config/borg/security/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
2090          ------------------------------------------------------------------------------
2091                                 Original size      Compressed size    Deduplicated size
2092          All archives:              121.82 TB            112.41 TB            215.42 GB
2093
2094                                 Unique chunks         Total chunks
2095          Chunk index:                 1015213            626934122
2096

BORG MOUNT

2098          borg [common options] mount [options] REPOSITORY_OR_ARCHIVE MOUNTPOINT [PATH...]
2099
2100   Description
2101       This command mounts an archive as a FUSE filesystem. This can be useful
2102       for  browsing  an  archive  or  restoring  individual files. Unless the
2103       --foreground option is given the command will run in the background un‐
2104       til the filesystem is umounted.
2105
2106       The  command borgfs provides a wrapper for borg mount. This can also be
2107       used  in  fstab  entries:  /path/to/repo  /mnt/point  fuse.borgfs   de‐
2108       faults,noauto 0 0
2109
2110       To  allow  a  regular  user  to use fstab entries, add the user option:
2111       /path/to/repo /mnt/point fuse.borgfs defaults,noauto,user 0 0
2112
2113       For FUSE configuration and mount options, see the mount.fuse(8)  manual
2114       page.
2115
2116       Borg's  default behavior is to use the archived user and group names of
2117       each file and map them to the system's respective user and  group  ids.
2118       Alternatively, using numeric-ids will instead use the archived user and
2119       group ids without any mapping.
2120
2121       The uid and gid mount options (implemented by  Borg)  can  be  used  to
2122       override  the  user  and  group  ids  of all files (i.e., borg mount -o
2123       uid=1000,gid=1000).
2124
2125       The man page references user_id and group_id mount options (implemented
2126       by  fuse)  which specify the user and group id of the mount owner (aka,
2127       the user who does the mounting). It is set automatically by libfuse (or
2128       the filesystem if libfuse is not used). However, you should not specify
2129       these manually. Unlike the uid and gid mount options which  affect  all
2130       files, user_id and group_id affect the user and group id of the mounted
2131       (base) directory.
2132
2133       Additional mount options supported by borg:
2134
2135versions: when used with a repository mount,  this  gives  a  merged,
2136         versioned view of the files in the archives. EXPERIMENTAL, layout may
2137         change in future.
2138
2139allow_damaged_files: by default damaged files (where  missing  chunks
2140         were  replaced  with  runs  of  zeros by borg check --repair) are not
2141         readable and return EIO (I/O error). Set this  option  to  read  such
2142         files.
2143
2144ignore_permissions:  for  security  reasons  the  default_permissions
2145         mount option is internally enforced by borg.  ignore_permissions  can
2146         be given to not enforce default_permissions.
2147
2148       The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is meant for ad‐
2149       vanced users to tweak the performance. It sets  the  number  of  cached
2150       data  chunks;  additional  memory  usage can be up to ~8 MiB times this
2151       number. The default is the number of CPU cores.
2152
2153       When the daemonized process receives a signal or crashes, it  does  not
2154       unmount.  Unmounting in these cases could cause an active rsync or sim‐
2155       ilar process to unintentionally delete data.
2156
2157       When running in the foreground ^C/SIGINT unmounts  cleanly,  but  other
2158       signals or crashes do not.
2159

BORG UMOUNT

2161          borg [common options] umount [options] MOUNTPOINT
2162
2163   Description
2164       This  command  un-mounts  a  FUSE filesystem that was mounted with borg
2165       mount.
2166
2167       This is a convenience wrapper that  just  calls  the  platform-specific
2168       shell command - usually this is either umount or fusermount -u.
2169
2170   Examples
2171          # Mounting the repository shows all archives.
2172          # Archives are loaded lazily, expect some delay when navigating to an archive
2173          # for the first time.
2174          $ borg mount /path/to/repo /tmp/mymountpoint
2175          $ ls /tmp/mymountpoint
2176          root-2016-02-14 root-2016-02-15
2177          $ borg umount /tmp/mymountpoint
2178
2179          # Mounting a specific archive is possible as well.
2180          $ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
2181          $ ls /tmp/mymountpoint
2182          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt
2183          root  sbin  srv  tmp  usr  var
2184          $ borg umount /tmp/mymountpoint
2185
2186          # The "versions view" merges all archives in the repository
2187          # and provides a versioned view on files.
2188          $ borg mount -o versions /path/to/repo /tmp/mymountpoint
2189          $ ls -l /tmp/mymountpoint/home/user/doc.txt/
2190          total 24
2191          -rw-rw-r-- 1 user group 12357 Aug 26 21:19 doc.cda00bc9.txt
2192          -rw-rw-r-- 1 user group 12204 Aug 26 21:04 doc.fa760f28.txt
2193          $ borg umount /tmp/mymountpoint
2194
2195          # Archive filters are supported.
2196          # These are especially handy for the "versions view",
2197          # which does not support lazy processing of archives.
2198          $ borg mount -o versions --glob-archives '*-my-home' --last 10 /path/to/repo /tmp/mymountpoint
2199
2200          # Exclusion options are supported.
2201          # These can speed up mounting and lower memory needs significantly.
2202          $ borg mount /path/to/repo /tmp/mymountpoint only/that/path
2203          $ borg mount --exclude '...' /path/to/repo /tmp/mymountpoint
2204
2205   borgfs
2206          $ echo '/mnt/backup /tmp/myrepo fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
2207          $ echo '/mnt/backup::root-2016-02-15 /tmp/myarchive fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
2208          $ mount /tmp/myrepo
2209          $ mount /tmp/myarchive
2210          $ ls /tmp/myrepo
2211          root-2016-02-01 root-2016-02-2015
2212          $ ls /tmp/myarchive
2213          bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt  root  sbin  srv  tmp  usr  var
2214
2215       NOTE:
2216          borgfs  will  be  automatically  provided if you used a distribution
2217          package, pip or setup.py to install Borg. Users  of  the  standalone
2218          binary  will  have  to manually create a symlink (see Standalone Bi‐
2219          nary).
2220

BORG KEY CHANGE-PASSPHRASE

2222          borg [common options] key change-passphrase [options] [REPOSITORY]
2223
2224   Description
2225       The key files used for repository encryption are optionally  passphrase
2226       protected. This command can be used to change this passphrase.
2227
2228       Please  note that this command only changes the passphrase, but not any
2229       secret protected by it (like e.g. encryption/MAC keys or chunker seed).
2230       Thus, changing the passphrase after passphrase and borg key got compro‐
2231       mised does not protect future (nor past) backups to  the  same  reposi‐
2232       tory.
2233
2234   Examples
2235          # Create a key file protected repository
2236          $ borg init --encryption=keyfile -v /path/to/repo
2237          Initializing repository at "/path/to/repo"
2238          Enter new passphrase:
2239          Enter same passphrase again:
2240          Remember your passphrase. Your data will be inaccessible without it.
2241          Key in "/root/.config/borg/keys/mnt_backup" created.
2242          Keep this key safe. Your data will be inaccessible without it.
2243          Synchronizing chunks cache...
2244          Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
2245          Done.
2246
2247          # Change key file passphrase
2248          $ borg key change-passphrase -v /path/to/repo
2249          Enter passphrase for key /root/.config/borg/keys/mnt_backup:
2250          Enter new passphrase:
2251          Enter same passphrase again:
2252          Remember your passphrase. Your data will be inaccessible without it.
2253          Key updated
2254
2255          # Import a previously-exported key into the specified
2256          # key file (creating or overwriting the output key)
2257          # (keyfile repositories only)
2258          $ BORG_KEY_FILE=/path/to/output-key borg key import /path/to/repo /path/to/exported
2259
2260       Fully automated using environment variables:
2261
2262          $ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
2263          # now "old" is the current passphrase.
2264          $ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
2265          # now "new" is the current passphrase.
2266

BORG KEY EXPORT

2268          borg [common options] key export [options] [REPOSITORY] [PATH]
2269
2270   Description
2271       If  repository encryption is used, the repository is inaccessible with‐
2272       out the key. This command allows one  to  backup  this  essential  key.
2273       Note  that  the  backup produced does not include the passphrase itself
2274       (i.e. the exported key stays encrypted). In order to regain access to a
2275       repository,   one   needs  both  the  exported  key  and  the  original
2276       passphrase.
2277
2278       There are three backup formats. The normal backup  format  is  suitable
2279       for  digital  storage as a file. The --paper backup format is optimized
2280       for printing and typing in while importing, with per line checks to re‐
2281       duce problems with manual input. The --qr-html creates a printable HTML
2282       template with a QR code and a copy of the --paper-formatted key.
2283
2284       For repositories using keyfile encryption the key is saved  locally  on
2285       the  system  that is capable of doing backups. To guard against loss of
2286       this key, the key needs to be backed up independently of the main  data
2287       backup.
2288
2289       For  repositories  using the repokey encryption the key is saved in the
2290       repository in the config file. A backup is thus  not  strictly  needed,
2291       but  guards against the repository becoming inaccessible if the file is
2292       damaged for some reason.
2293
2294       Examples:
2295
2296          borg key export /path/to/repo > encrypted-key-backup
2297          borg key export --paper /path/to/repo > encrypted-key-backup.txt
2298          borg key export --qr-html /path/to/repo > encrypted-key-backup.html
2299          # Or pass the output file as an argument instead of redirecting stdout:
2300          borg key export /path/to/repo encrypted-key-backup
2301          borg key export --paper /path/to/repo encrypted-key-backup.txt
2302          borg key export --qr-html /path/to/repo encrypted-key-backup.html
2303

BORG KEY IMPORT

2305          borg [common options] key import [options] [REPOSITORY] [PATH]
2306
2307   Description
2308       This command restores a key previously backed up with the  export  com‐
2309       mand.
2310
2311       If  the  --paper  option  is  given,  the import will be an interactive
2312       process in which each line is checked for plausibility before  proceed‐
2313       ing to the next line. For this format PATH must not be given.
2314
2315       For  repositories using keyfile encryption, the key file which borg key
2316       import writes to depends on several factors. If the BORG_KEY_FILE envi‐
2317       ronment variable is set and non-empty, borg key import creates or over‐
2318       writes that file named by $BORG_KEY_FILE. Otherwise,  borg  key  import
2319       searches in the $BORG_KEYS_DIR directory for a key file associated with
2320       the repository. If a key file is found in $BORG_KEYS_DIR, borg key  im‐
2321       port  overwrites  it; otherwise, borg key import creates a new key file
2322       in $BORG_KEYS_DIR.
2323

BORG UPGRADE

2325          borg [common options] upgrade [options] [REPOSITORY]
2326
2327   Description
2328       Upgrade an existing, local Borg repository.
2329
2330   When you do not need borg upgrade
2331       Not every change requires that you run borg upgrade.
2332
2333       You do not need to run it when:
2334
2335       • moving your repository to a different place
2336
2337       • upgrading to another point release (like 1.0.x to 1.0.y), except when
2338         noted otherwise in the changelog
2339
2340       • upgrading  from  1.0.x  to  1.1.x, except when noted otherwise in the
2341         changelog
2342
2343   Borg 1.x.y upgrades
2344       Archive TAM authentication:
2345
2346       Use borg upgrade --archives-tam REPO to add archive  TAMs  to  all  ar‐
2347       chives that are not TAM authenticated yet.  This is a convenient method
2348       to just trust all archives present - if an archive does  not  have  TAM
2349       authentication  yet, a TAM will be added.  Archives created by old borg
2350       versions < 1.0.9 do not have TAMs.  Archives created by newer borg ver‐
2351       sion  should  have  TAMs already.  If you have a high risk environment,
2352       you should not just run this, but first verify that  the  archives  are
2353       authentic  and  not  malicious (== have good content, have a good time‐
2354       stamp).  Borg 1.2.5+ needs all archives to  be  TAM  authenticated  for
2355       safety reasons.
2356
2357       This upgrade needs to be done once per repository.
2358
2359       Manifest TAM authentication:
2360
2361       Use  borg  upgrade --tam REPO to require manifest authentication intro‐
2362       duced with Borg 1.0.9 to address security issues. This means that modi‐
2363       fying  the  repository  after  doing this with a version prior to 1.0.9
2364       will raise a validation error, so only perform this upgrade  after  up‐
2365       dating all clients using the repository to 1.0.9 or newer.
2366
2367       This upgrade should be done on each client for safety reasons.
2368
2369       If  a repository is accidentally modified with a pre-1.0.9 client after
2370       this upgrade, use borg upgrade --tam --force REPO to remedy it.
2371
2372       If you routinely do this you might not  want  to  enable  this  upgrade
2373       (which  will  leave you exposed to the security issue). You can reverse
2374       the upgrade by issuing borg upgrade --disable-tam REPO.
2375
2376       See
2377       https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
2378       for details.
2379
2380   Attic and Borg 0.xx to Borg 1.x
2381       This currently supports converting an Attic repository to Borg and also
2382       helps with converting Borg 0.xx to 1.0.
2383
2384       Currently, only LOCAL repositories can be upgraded (issue #465).
2385
2386       Please  note  that  borg create (since 1.0.0) uses bigger chunks by de‐
2387       fault than old borg or attic did, so the new chunks  won't  deduplicate
2388       with  the  old chunks in the upgraded repository.  See --chunker-params
2389       option of borg create and borg recreate.
2390
2391       borg upgrade will change the magic strings in the repository's segments
2392       to  match  the  new  Borg  magic  strings.  The  keyfiles found in $AT‐
2393       TIC_KEYS_DIR or ~/.attic/keys/ will also be  converted  and  copied  to
2394       $BORG_KEYS_DIR or ~/.config/borg/keys.
2395
2396       The  cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic
2397       to $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between  Borg
2398       and Attic changed, so it is possible the first backup after the conver‐
2399       sion takes longer than expected due to the cache resync.
2400
2401       Upgrade should be able to resume if interrupted, although it will still
2402       iterate  over all segments. If you want to start from scratch, use borg
2403       delete over the copied repository to make sure the cache files are also
2404       removed:
2405
2406          borg delete borg
2407
2408       Unless  --inplace  is  specified,  the  upgrade process first creates a
2409       backup copy of the repository,  in  REPOSITORY.before-upgrade-DATETIME,
2410       using  hardlinks.  This requires that the repository and its parent di‐
2411       rectory reside on same filesystem so the hardlink copy can work.   This
2412       takes  longer  than  in  place  upgrades,  but  is much safer and gives
2413       progress information (as opposed to cp -al).  Once  you  are  satisfied
2414       with the conversion, you can safely destroy the backup copy.
2415
2416       WARNING:  Running the upgrade in place will make the current copy unus‐
2417       able with older version, with no way of going  back  to  previous  ver‐
2418       sions. This can PERMANENTLY DAMAGE YOUR REPOSITORY!  Attic CAN NOT READ
2419       BORG REPOSITORIES, as the magic strings have  changed.  You  have  been
2420       warned.
2421
2422   Examples
2423          # Upgrade the borg repository to the most recent version.
2424          $ borg upgrade -v /path/to/repo
2425          making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
2426          opening attic repository with borg and converting
2427          no key file found for repository
2428          converting repo index /path/to/repo/index.0
2429          converting 1 segments...
2430          converting borg 0.xx to borg current
2431          no key file found for repository
2432
2433   Upgrading a passphrase encrypted attic repo
2434       attic  offered  a "passphrase" encryption mode, but this was removed in
2435       borg  1.0  and  replaced  by  the  "repokey"  mode  (which  stores  the
2436       passphrase-protected encryption key into the repository config).
2437
2438       Thus,  to upgrade a "passphrase" attic repo to a "repokey" borg repo, 2
2439       steps are needed, in this order:
2440
2441       • borg upgrade repo
2442
2443       • borg key migrate-to-repokey repo
2444

BORG RECREATE

2446          borg [common options] recreate [options] [REPOSITORY_OR_ARCHIVE] [PATH...]
2447
2448   Description
2449       Recreate the contents of existing archives.
2450
2451       recreate is a potentially dangerous function and  might  lead  to  data
2452       loss (if used wrongly). BE VERY CAREFUL!
2453
2454       Important:  Repository  disk space is not freed until you run borg com‐
2455       pact.
2456
2457       --exclude,  --exclude-from,  --exclude-if-present,  --keep-exclude-tags
2458       and  PATH  have  the exact same semantics as in "borg create", but they
2459       only check for files in the archives and not in the local file  system.
2460       If  PATHs are specified, the resulting archives will only contain files
2461       from these PATHs.
2462
2463       Note that all paths in an archive are relative, therefore absolute pat‐
2464       terns/paths will not match (--exclude, --exclude-from, PATHs).
2465
2466       --recompress  allows  one to change the compression of existing data in
2467       archives.  Due to how Borg  stores  compressed  size  information  this
2468       might  display  incorrect information for archives that were not recre‐
2469       ated at the same time.  There is no risk of data loss by this.
2470
2471       --chunker-params will re-chunk all files in the archive,  this  can  be
2472       used to have upgraded Borg 0.xx or Attic archives deduplicate with Borg
2473       1.x archives.
2474
2475       USE WITH CAUTION.  Depending on the PATHs and patterns given,  recreate
2476       can  be used to permanently delete files from archives.  When in doubt,
2477       use --dry-run --verbose --list to see  how  patterns/PATHS  are  inter‐
2478       preted. See Item flags in borg create for details.
2479
2480       The  archive  being  recreated is only removed after the operation com‐
2481       pletes. The archive that is built during the operation  exists  at  the
2482       same  time at "<ARCHIVE>.recreate". The new archive will have a differ‐
2483       ent archive ID.
2484
2485       With --target the original archive is not replaced, instead a  new  ar‐
2486       chive is created.
2487
2488       When  rechunking  (or  recompressing), space usage can be substantial -
2489       expect at least the entire deduplicated size of the archives using  the
2490       previous chunker (or compression) params.
2491
2492       If  you  recently ran borg check --repair and it had to fix lost chunks
2493       with all-zero replacement chunks, please first run another  backup  for
2494       the same data and re-run borg check --repair afterwards to heal any ar‐
2495       chives that had lost chunks which are still generated  from  the  input
2496       data.
2497
2498       Important:   running   borg   recreate  to  re-chunk  will  remove  the
2499       chunks_healthy metadata of all items with replacement chunks, so  heal‐
2500       ing  will  not  be  possible any more after re-chunking (it is also un‐
2501       likely it would ever work: due to the change  of  chunking  parameters,
2502       the  missing  chunk  likely  will never be seen again even if you still
2503       have the data that produced it).
2504
2505   Examples
2506          # Make old (Attic / Borg 0.xx) archives deduplicate with Borg 1.x archives.
2507          # Archives created with Borg 1.1+ and the default chunker params are skipped
2508          # (archive ID stays the same).
2509          $ borg recreate /mnt/backup --chunker-params default --progress
2510
2511          # Create a backup with little but fast compression
2512          $ borg create /mnt/backup::archive /some/files --compression lz4
2513          # Then compress it - this might take longer, but the backup has already completed,
2514          # so no inconsistencies from a long-running backup job.
2515          $ borg recreate /mnt/backup::archive --recompress --compression zlib,9
2516
2517          # Remove unwanted files from all archives in a repository.
2518          # Note the relative path for the --exclude option - archives only contain relative paths.
2519          $ borg recreate /mnt/backup --exclude home/icke/Pictures/drunk_photos
2520
2521          # Change archive comment
2522          $ borg create --comment "This is a comment" /mnt/backup::archivename ~
2523          $ borg info /mnt/backup::archivename
2524          Name: archivename
2525          Fingerprint: ...
2526          Comment: This is a comment
2527          ...
2528          $ borg recreate --comment "This is a better comment" /mnt/backup::archivename
2529          $ borg info /mnt/backup::archivename
2530          Name: archivename
2531          Fingerprint: ...
2532          Comment: This is a better comment
2533          ...
2534

BORG IMPORT-TAR

2536          borg [common options] import-tar [options] ARCHIVE TARFILE
2537
2538   Description
2539       This command creates a backup archive from a tarball.
2540
2541       When giving '-' as path, Borg will read a tar stream from standard  in‐
2542       put.
2543
2544       By  default  (--tar-filter=auto)  Borg  will detect whether the file is
2545       compressed based on its file extension and pipe the file through an ap‐
2546       propriate filter:
2547
2548       • .tar.gz or .tgz: gzip -d
2549
2550       • .tar.bz2 or .tbz: bzip2 -d
2551
2552       • .tar.xz or .txz: xz -d
2553
2554       • .tar.zstd or .tar.zst: zstd -d
2555
2556       • .tar.lz4: lz4 -d
2557
2558       Alternatively,  a  --tar-filter program may be explicitly specified. It
2559       should read compressed data from stdin and output an  uncompressed  tar
2560       stream on stdout.
2561
2562       Most  documentation of borg create applies. Note that this command does
2563       not support excluding files.
2564
2565       import-tar is a lossy conversion: BSD flags, ACLs, extended  attributes
2566       (xattrs),  atime  and  ctime are not exported.  Timestamp resolution is
2567       limited to whole seconds, not the nanosecond resolution otherwise  sup‐
2568       ported by Borg.
2569
2570       A --sparse option (as found in borg create) is not supported.
2571
2572       import-tar  reads  POSIX.1-1988  (ustar),  POSIX.1-2001 (pax), GNU tar,
2573       UNIX V7 tar and SunOS tar with extended attributes.
2574
2575       To import multiple tarballs into a single archive, they can  be  simply
2576       concatenated  (e.g.  using "cat") into a single file, and imported with
2577       an --ignore-zeros option to skip through the stop markers between them.
2578

BORG EXPORT-TAR

2580          borg [common options] export-tar [options] ARCHIVE FILE [PATH...]
2581
2582   Description
2583       This command creates a tarball from an archive.
2584
2585       When giving '-' as the output FILE, Borg will write  a  tar  stream  to
2586       standard output.
2587
2588       By default (--tar-filter=auto) Borg will detect whether the FILE should
2589       be compressed based on its file extension and pipe the tarball  through
2590       an appropriate filter before writing it to FILE:
2591
2592       • .tar.gz or .tgz: gzip
2593
2594       • .tar.bz2 or .tbz: bzip2
2595
2596       • .tar.xz or .txz: xz
2597
2598       • .tar.zstd or .tar.zst: zstd
2599
2600       • .tar.lz4: lz4
2601
2602       Alternatively,  a  --tar-filter program may be explicitly specified. It
2603       should read the uncompressed tar stream from stdin  and  write  a  com‐
2604       pressed/filtered tar stream to stdout.
2605
2606       The generated tarball uses the GNU tar format.
2607
2608       export-tar  is a lossy conversion: BSD flags, ACLs, extended attributes
2609       (xattrs), atime and ctime are not exported.   Timestamp  resolution  is
2610       limited  to whole seconds, not the nanosecond resolution otherwise sup‐
2611       ported by Borg.
2612
2613       A --sparse option (as found in borg extract) is not supported.
2614
2615       By default the entire archive is extracted but a subset  of  files  and
2616       directories  can  be  selected by passing a list of PATHs as arguments.
2617       The file selection can further be restricted by using the --exclude op‐
2618       tion.
2619
2620       For  more  help on include/exclude patterns, see the borg help patterns
2621       command output.
2622
2623       --progress can be slower than no progress display, since it  makes  one
2624       additional pass over the archive metadata.
2625
2626   Examples
2627          # export as uncompressed tar
2628          $ borg export-tar /path/to/repo::Monday Monday.tar
2629
2630          # exclude some types, compress using gzip
2631          $ borg export-tar /path/to/repo::Monday Monday.tar.gz --exclude '*.so'
2632
2633          # use higher compression level with gzip
2634          $ borg export-tar --tar-filter="gzip -9" testrepo::linux Monday.tar.gz
2635
2636          # export a tar, but instead of storing it on disk,
2637          # upload it to a remote site using curl.
2638          $ borg export-tar /path/to/repo::Monday - | curl --data-binary @- https://somewhere/to/POST
2639
2640          # remote extraction via "tarpipe"
2641          $ borg export-tar /path/to/repo::Monday - | ssh somewhere "cd extracted; tar x"
2642

BORG SERVE

2644          borg [common options] serve [options]
2645
2646   Description
2647       This  command  starts a repository server process. This command is usu‐
2648       ally not used manually.
2649
2650   Examples
2651       borg serve has special support for  ssh  forced  commands  (see  autho‐
2652       rized_keys  example  below):  if  the  environment  variable SSH_ORIGI‐
2653       NAL_COMMAND is set it will ignore some options  given  on  the  command
2654       line and use the values from the variable instead. This only applies to
2655       a carefully controlled allowlist of safe options. This  list  currently
2656       contains:
2657
2658       • Options  that  control the log level and debug topics printed such as
2659         --verbose, --info, --debug, --debug-topic, etc.
2660
2661--lock-wait to allow the client to control how long  to  wait  before
2662         giving  up and aborting the operation when another process is holding
2663         a lock.
2664
2665       Environment variables (such as BORG_XXX) contained in the original com‐
2666       mand  sent  by the client are not interpreted, but ignored. If BORG_XXX
2667       environment variables should be set on the borg serve side, then  these
2668       must  be  set  in system-specific locations like /etc/environment or in
2669       the forced command itself (example below).
2670
2671          # Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
2672          # Use key options to disable unneeded and potentially dangerous SSH functionality.
2673          # This will help to secure an automated remote backup system.
2674          $ cat ~/.ssh/authorized_keys
2675          command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]
2676
2677          # Set a BORG_XXX environment variable on the "borg serve" side
2678          $ cat ~/.ssh/authorized_keys
2679          command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
2680
2681       NOTE:
2682          The examples above use the restrict directive. This  does  automati‐
2683          cally  block  potential  dangerous  ssh features, even when they are
2684          added in a future update. Thus, this option should be preferred.
2685
2686          If you're using openssh-server < 7.2, however, you have  to  explic‐
2687          itly  specify the ssh features to restrict and cannot simply use the
2688          restrict option as it has been introduced in v7.2. We  recommend  to
2689          use    no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forward‐
2690          ing,no-user-rc in this case.
2691
2692       Details about sshd usage: sshd(8)
2693
2694   SSH Configuration
2695       borg serve's pipes (stdin/stdout/stderr)  are  connected  to  the  sshd
2696       process  on  the  server side. In the event that the SSH connection be‐
2697       tween borg serve and the client is  disconnected  or  stuck  abnormally
2698       (for  example,  due  to  a network outage), it can take a long time for
2699       sshd to notice the client is disconnected. In the meantime,  sshd  con‐
2700       tinues  running, and as a result so does the borg serve process holding
2701       the lock on the repository. This can cause subsequent  borg  operations
2702       on  the  remote repository to fail with the error: Failed to create/ac‐
2703       quire the lock.
2704
2705       In order to avoid this, it is recommended to perform the following  ad‐
2706       ditional SSH configuration:
2707
2708       Either  in  the  client  side's  ~/.ssh/config file, or in the client's
2709       /etc/ssh/ssh_config file:
2710
2711          Host backupserver
2712                  ServerAliveInterval 10
2713                  ServerAliveCountMax 30
2714
2715       Replacing backupserver with the hostname, FQDN or  IP  address  of  the
2716       borg server.
2717
2718       This  will  cause the client to send a keepalive to the server every 10
2719       seconds. If 30 consecutive keepalives are sent without  a  response  (a
2720       time  of 300 seconds), the ssh client process will be terminated, caus‐
2721       ing the borg process to terminate gracefully.
2722
2723       On   the   server   side's   sshd   configuration    file    (typically
2724       /etc/ssh/sshd_config):
2725
2726          ClientAliveInterval 10
2727          ClientAliveCountMax 30
2728
2729       This  will cause the server to send a keep alive to the client every 10
2730       seconds. If 30 consecutive keepalives are sent without  a  response  (a
2731       time  of  300  seconds),  the server's sshd process will be terminated,
2732       causing the borg serve process to terminate gracefully and release  the
2733       lock on the repository.
2734
2735       If  you  then run borg commands with --lock-wait 600, this gives suffi‐
2736       cient time for the borg serve processes to terminate after the SSH con‐
2737       nection  is  torn  down after the 300 second wait for the keepalives to
2738       fail.
2739
2740       You may, of course, modify the timeout  values  demonstrated  above  to
2741       values that suit your environment and use case.
2742

BORG CONFIG

2744          borg [common options] config [options] [REPOSITORY] [NAME] [VALUE]
2745
2746   Description
2747       This  command gets and sets options in a local repository or cache con‐
2748       fig file.  For security reasons,  this  command  only  works  on  local
2749       repositories.
2750
2751       To  delete a config value entirely, use --delete. To list the values of
2752       the configuration file or the default values, use --list.  To  get  and
2753       existing  key,  pass only the key name. To set a key, pass both the key
2754       name and the new value. Keys can  be  specified  in  the  format  "sec‐
2755       tion.name"  or  simply "name"; the section will default to "repository"
2756       and "cache" for the repo and cache configs, respectively.
2757
2758       By default, borg config manipulates the repository config  file.  Using
2759       --cache edits the repository cache's config file instead.
2760
2761       NOTE:
2762          The  repository  &  cache config files are some of the only directly
2763          manipulable parts of a repository that aren't  versioned  or  backed
2764          up, so be careful when making changes!
2765
2766   Examples
2767          # find cache directory
2768          $ cd ~/.cache/borg/$(borg config /path/to/repo id)
2769
2770          # reserve some space
2771          $ borg config /path/to/repo additional_free_space 2G
2772
2773          # make a repo append-only
2774          $ borg config /path/to/repo append_only 1
2775

BORG WITH-LOCK

2777          borg [common options] with-lock [options] REPOSITORY COMMAND [ARGS...]
2778
2779   Description
2780       This command runs a user-specified command while the repository lock is
2781       held.
2782
2783       It will first try to acquire the lock (make sure that no  other  opera‐
2784       tion  is running in the repo), then execute the given command as a sub‐
2785       process and wait for its termination, release the lock and  return  the
2786       user command's return code as borg's return code.
2787
2788       NOTE:
2789          If  you  copy  a  repository  with  the  lock held, the lock will be
2790          present in the copy. Thus, before using borg on the copy from a dif‐
2791          ferent host, you need to use "borg break-lock" on the copied reposi‐
2792          tory, because Borg is cautious and  does  not  automatically  remove
2793          stale locks made by a different host.
2794

BORG BREAK-LOCK

2796          borg [common options] break-lock [options] [REPOSITORY]
2797
2798   Description
2799       This  command  breaks the repository and cache locks.  Please use care‐
2800       fully and only while no borg process (on any machine) is trying to  ac‐
2801       cess the Cache or the Repository.
2802

BORG BENCHMARK CRUD

2804          borg [common options] benchmark crud [options] REPOSITORY PATH
2805
2806   Description
2807       This command benchmarks borg CRUD (create, read, update, delete) opera‐
2808       tions.
2809
2810       It creates input data below the given PATH and backups this  data  into
2811       the given REPO.  The REPO must already exist (it could be a fresh empty
2812       repo or an existing repo, the command will create /  read  /  update  /
2813       delete some archives named borg-benchmark-crud* there.
2814
2815       Make  sure  you  have  free  space there, you'll need about 1GB each (+
2816       overhead).
2817
2818       If your repository is encrypted and borg needs a passphrase  to  unlock
2819       the key, use:
2820
2821          BORG_PASSPHRASE=mysecret borg benchmark crud REPO PATH
2822
2823       Measurements  are done with different input file sizes and counts.  The
2824       file contents are very artificial (either all zero or all random), thus
2825       the  measurement  results  do  not necessarily reflect performance with
2826       real data.  Also, due to the kind of content used,  no  compression  is
2827       used in these benchmarks.
2828
2829       C-  ==  borg  create  (1st archive creation, no compression, do not use
2830       files cache)
2831              C-Z- == all-zero files. full dedup, this is primarily  measuring
2832              reader/chunker/hasher.   C-R- == random files. no dedup, measur‐
2833              ing throughput through all processing stages.
2834
2835       R- == borg extract (extract archive, dry-run, do everything, but do not
2836       write files to disk)
2837              R-Z-  ==  all  zero  files.  Measuring heavily duplicated files.
2838              R-R- == random files. No duplication here, measuring  throughput
2839              through all processing stages, except writing to disk.
2840
2841       U-  == borg create (2nd archive creation of unchanged input files, mea‐
2842       sure files cache speed)
2843              The throughput value is kind of virtual here, it does not  actu‐
2844              ally  read  the  file.   U-Z-  ==  needs to check the 2 all-zero
2845              chunks' existence in the repo.  U-R- == needs to check existence
2846              of a lot of different chunks in the repo.
2847
2848       D- == borg delete archive (delete last remaining archive, measure dele‐
2849       tion + compaction)
2850              D-Z- == few chunks to delete / few segments  to  compact/remove.
2851              D-R- == many chunks to delete / many segments to compact/remove.
2852
2853       Please  note  that there might be quite some variance in these measure‐
2854       ments.  Try multiple measurements and having a otherwise  idle  machine
2855       (and network, if you use it).
2856

MISCELLANEOUS HELP

2858   borg help patterns
2859       The  path/filenames  used  as input for the pattern matching start from
2860       the currently active recursion root. You  usually  give  the  recursion
2861       root(s) when invoking borg and these can be either relative or absolute
2862       paths.
2863
2864       Starting with Borg 1.2, paths that are matched against patterns  always
2865       appear  relative.  If you give /absolute/ as root, the paths going into
2866       the matcher will start with absolute/.  If you give  ../../relative  as
2867       root, the paths will be normalized as relative/.
2868
2869       A  directory  exclusion  pattern can end either with or without a slash
2870       ('/').  If it ends with a slash, such as some/path/, the directory will
2871       be  included but not its content. If it does not end with a slash, such
2872       as some/path, both the directory and content will be excluded.
2873
2874       Borg supports different pattern styles. To define a  non-default  style
2875       for  a  specific  pattern,  prefix it with two characters followed by a
2876       colon ':' (i.e. fm:path/*, sh:path/**).
2877
2878       Fnmatch, selector fm:
2879              This is the default  style  for  --exclude  and  --exclude-from.
2880              These  patterns  use a variant of shell pattern syntax, with '*'
2881              matching any number of characters, '?' matching any single char‐
2882              acter,  '[...]' matching any single character specified, includ‐
2883              ing ranges, and '[!...]' matching any character  not  specified.
2884              For the purpose of these patterns, the path separator (backslash
2885              for Windows and '/' on other systems) is not treated  specially.
2886              Wrap  meta-characters  in brackets for a literal match (i.e. [?]
2887              to match the literal character ?). For a path to  match  a  pat‐
2888              tern,  the full path must match, or it must match from the start
2889              of the full path to just before a path separator. Except for the
2890              root  path,  paths  will  never  end  in the path separator when
2891              matching is attempted.  Thus, if a given pattern ends in a  path
2892              separator,  a  '*'  is  appended before matching is attempted. A
2893              leading path separator is always removed.
2894
2895       Shell-style patterns, selector sh:
2896              This is the default style  for  --pattern  and  --patterns-from.
2897              Like  fnmatch  patterns these are similar to shell patterns. The
2898              difference is that the pattern may include **/ for matching zero
2899              or  more directory levels, * for matching zero or more arbitrary
2900              characters with the exception of any path separator.  A  leading
2901              path separator is always removed.
2902
2903       Regular expressions, selector re:
2904              Regular  expressions  similar  to  those  found in Perl are sup‐
2905              ported. Unlike shell patterns regular expressions  are  not  re‐
2906              quired  to match the full path and any substring match is suffi‐
2907              cient. It is strongly recommended  to  anchor  patterns  to  the
2908              start  ('^'),  to  the end ('$') or both. Path separators (back‐
2909              slash for Windows and '/' on other systems) in paths are  always
2910              normalized  to  a forward slash ('/') before applying a pattern.
2911              The regular expression syntax is described in the  Python  docu‐
2912              mentation for the re module.
2913
2914       Path prefix, selector pp:
2915              This pattern style is useful to match whole sub-directories. The
2916              pattern  pp:root/somedir  matches  root/somedir  and  everything
2917              therein. A leading path separator is always removed.
2918
2919       Path full-match, selector pf:
2920              This  pattern  style is (only) useful to match full paths.  This
2921              is kind of a pseudo pattern as it can not have any  variable  or
2922              unspecified   parts   -   the   full   path   must   be   given.
2923              pf:root/file.ext matches root/file.ext only. A leading path sep‐
2924              arator is always removed.
2925
2926              Implementation note: this is implemented via very time-efficient
2927              O(1) hashtable lookups (this means you can have huge amounts  of
2928              such patterns without impacting performance much).  Due to that,
2929              this kind of pattern does not respect any context or order.   If
2930              you  use such a pattern to include a file, it will always be in‐
2931              cluded (if the directory recursion encounters  it).   Other  in‐
2932              clude/exclude  patterns  that  would  normally match will be ig‐
2933              nored.  Same logic applies for exclude.
2934
2935       NOTE:
2936          re:, sh: and fm: patterns are all implemented on top of  the  Python
2937          SRE  engine. It is very easy to formulate patterns for each of these
2938          types which requires an inordinate amount of time to match paths. If
2939          untrusted users are able to supply patterns, ensure they cannot sup‐
2940          ply re: patterns.  Further, ensure that sh: and  fm:  patterns  only
2941          contain a handful of wildcards at most.
2942
2943       Exclusions  can  be  passed via the command line option --exclude. When
2944       used from within a shell, the patterns should be quoted to protect them
2945       from expansion.
2946
2947       The  --exclude-from  option  permits  loading exclusion patterns from a
2948       text file with one pattern per line. Lines empty or starting  with  the
2949       number  sign  ('#') after removing whitespace on both ends are ignored.
2950       The optional style selector  prefix  is  also  supported  for  patterns
2951       loaded from a file. Due to whitespace removal, paths with whitespace at
2952       the beginning or end can only be excluded using regular expressions.
2953
2954       To test your exclusion patterns without performing an actual backup you
2955       can run borg create --list --dry-run ....
2956
2957       Examples:
2958
2959          # Exclude '/home/user/file.o' but not '/home/user/file.odt':
2960          $ borg create -e '*.o' backup /
2961
2962          # Exclude '/home/user/junk' and '/home/user/subdir/junk' but
2963          # not '/home/user/importantjunk' or '/etc/junk':
2964          $ borg create -e 'home/*/junk' backup /
2965
2966          # Exclude the contents of '/home/user/cache' but not the directory itself:
2967          $ borg create -e home/user/cache/ backup /
2968
2969          # The file '/home/user/cache/important' is *not* backed up:
2970          $ borg create -e home/user/cache/ backup / /home/user/cache/important
2971
2972          # The contents of directories in '/home' are not backed up when their name
2973          # ends in '.tmp'
2974          $ borg create --exclude 're:^home/[^/]+\.tmp/' backup /
2975
2976          # Load exclusions from file
2977          $ cat >exclude.txt <<EOF
2978          # Comment line
2979          home/*/junk
2980          *.tmp
2981          fm:aa:something/*
2982          re:^home/[^/]+\.tmp/
2983          sh:home/*/.thumbnails
2984          # Example with spaces, no need to escape as it is processed by borg
2985          some file with spaces.txt
2986          EOF
2987          $ borg create --exclude-from exclude.txt backup /
2988
2989       A  more  general and easier to use way to define filename matching pat‐
2990       terns exists with the  --pattern  and  --patterns-from  options.  Using
2991       these,  you  may  specify  the backup roots, default pattern styles and
2992       patterns for inclusion and exclusion.
2993
2994       Root path prefix R
2995              A recursion root path starts with the prefix R,  followed  by  a
2996              path (a plain path, not a file pattern). Use this prefix to have
2997              the root paths in the patterns file rather than as command  line
2998              arguments.
2999
3000       Pattern style prefix P
3001              To  change the default pattern style, use the P prefix, followed
3002              by the pattern style abbreviation (fm, pf,  pp,  re,  sh).   All
3003              patterns  following  this line will use this style until another
3004              style is specified.
3005
3006       Exclude pattern prefix -
3007              Use the prefix -, followed by a pattern, to define an exclusion.
3008              This has the same effect as the --exclude option.
3009
3010       Exclude no-recurse pattern prefix !
3011              Use  the prefix !, followed by a pattern, to define an exclusion
3012              that does not recurse into subdirectories. This saves time,  but
3013              prevents include patterns to match any files in subdirectories.
3014
3015       Include pattern prefix +
3016              Use  the  prefix +, followed by a pattern, to define inclusions.
3017              This is useful to include paths that are covered in  an  exclude
3018              pattern and would otherwise not be backed up.
3019
3020       NOTE:
3021          Via  --pattern  or --patterns-from you can define BOTH inclusion and
3022          exclusion of files using pattern prefixes + and  -.  With  --exclude
3023          and --exclude-from ONLY excludes are defined.
3024
3025       The  first  matching  pattern is used, so if an include pattern matches
3026       before an exclude pattern, the file is backed up. Note  that  a  no-re‐
3027       curse exclude stops examination of subdirectories so that potential in‐
3028       cludes will not match - use normal excludes for such use cases.
3029
3030       Example:
3031
3032          # Define the recursion root
3033          R /
3034          # Exclude all iso files in any directory
3035          - **/*.iso
3036          # Explicitly include all inside etc and root
3037          + etc/**
3038          + root/**
3039          # Exclude a specific directory under each user's home directories
3040          - home/*/.cache
3041          # Explicitly include everything in /home
3042          + home/**
3043          # Explicitly exclude some directories without recursing into them
3044          ! re:^(dev|proc|run|sys|tmp)
3045          # Exclude all other files and directories
3046          # that are not specifically included earlier.
3047          - **
3048
3049       NOTE:
3050          It's possible that a sub-directory/file is matched while parent  di‐
3051          rectories  are not.  In that case, parent directories are not backed
3052          up thus their user, group, permission, etc. can not be restored.
3053
3054       Note that the default pattern style for --pattern  and  --patterns-from
3055       is  shell  style  (sh:),  so those patterns behave similar to rsync in‐
3056       clude/exclude patterns. The pattern style can be set via the P prefix.
3057
3058       Patterns (--pattern) and excludes (--exclude) from the command line are
3059       considered  first  (in  the  order  of  appearance). Then patterns from
3060       --patterns-from are added. Exclusion patterns from --exclude-from files
3061       are appended last.
3062
3063       Examples:
3064
3065          # backup pics, but not the ones from 2018, except the good ones:
3066          # note: using = is essential to avoid cmdline argument parsing issues.
3067          borg create --pattern=+pics/2018/good --pattern=-pics/2018 repo::arch pics
3068
3069          # use a file with patterns:
3070          borg create --patterns-from patterns.lst repo::arch
3071
3072       The patterns.lst file could look like that:
3073
3074          # "sh:" pattern style is the default, so the following line is not needed:
3075          P sh
3076          R /
3077          # can be rebuild
3078          - home/*/.cache
3079          # they're downloads for a reason
3080          - home/*/Downloads
3081          # susan is a nice person
3082          # include susans home
3083          + home/susan
3084          # also back up this exact file
3085          + pf:home/bobby/specialfile.txt
3086          # don't backup the other home directories
3087          - home/*
3088          # don't even look in /proc
3089          ! proc
3090
3091       You can specify recursion roots either on the command line or in a pat‐
3092       ternfile:
3093
3094          # these two commands do the same thing
3095          borg create --exclude home/bobby/junk repo::arch /home/bobby /home/susan
3096          borg create --patterns-from patternfile.lst repo::arch
3097
3098       The patternfile:
3099
3100          # note that excludes use fm: by default and patternfiles use sh: by default.
3101          # therefore, we need to specify fm: to have the same exact behavior.
3102          P fm
3103          R /home/bobby
3104          R /home/susan
3105
3106          - home/bobby/junk
3107
3108       This allows you to share the same patterns between  multiple  reposito‐
3109       ries without needing to specify them on the command line.
3110
3111   borg help placeholders
3112       Repository  (or Archive) URLs, --prefix, --glob-archives, --comment and
3113       --remote-path values support these placeholders:
3114
3115       {hostname}
3116              The (short) hostname of the machine.
3117
3118       {fqdn} The full name of the machine.
3119
3120       {reverse-fqdn}
3121              The full name of the machine in reverse domain name notation.
3122
3123       {now}  The current local date and time, by default in ISO-8601  format.
3124              You   can   also   supply   your   own   format   string,   e.g.
3125              {now:%Y-%m-%d_%H:%M:%S}
3126
3127       {utcnow}
3128              The current UTC date and time, by default  in  ISO-8601  format.
3129              You   can  also  supply  your  own  format  string,  e.g.  {utc‐
3130              now:%Y-%m-%d_%H:%M:%S}
3131
3132       {user} The user name (or UID, if no name is available) of the user run‐
3133              ning borg.
3134
3135       {pid}  The current process ID.
3136
3137       {borgversion}
3138              The version of borg, e.g.: 1.0.8rc1
3139
3140       {borgmajor}
3141              The version of borg, only the major version, e.g.: 1
3142
3143       {borgminor}
3144              The version of borg, only major and minor version, e.g.: 1.0
3145
3146       {borgpatch}
3147              The  version of borg, only major, minor and patch version, e.g.:
3148              1.0.8
3149
3150       If literal curly braces need to be used, double them for escaping:
3151
3152          borg create /path/to/repo::{{literal_text}}
3153
3154       Examples:
3155
3156          borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
3157          borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
3158          borg prune --glob-archives '{hostname}-*' ...
3159
3160       NOTE:
3161          systemd uses a difficult, non-standard syntax for command  lines  in
3162          unit files (refer to the systemd.unit(5) manual page).
3163
3164          When  invoking borg from unit files, pay particular attention to es‐
3165          caping, especially when using  the  now/utcnow  placeholders,  since
3166          systemd performs its own %-based variable replacement even in quoted
3167          text. To avoid interference from systemd, double all  percent  signs
3168          ({hostname}-{now:%Y-%m-%d_%H:%M:%S}          becomes          {host‐
3169          name}-{now:%%Y-%%m-%%d_%%H:%%M:%%S}).
3170
3171   borg help compression
3172       It is no problem to mix different  compression  methods  in  one  repo,
3173       deduplication  is done on the source data chunks (not on the compressed
3174       or encrypted data).
3175
3176       If some specific chunk was once compressed and stored  into  the  repo,
3177       creating  another  backup that also uses this chunk will not change the
3178       stored chunk.  So if you use different compression specs for the  back‐
3179       ups,  whichever  stores  a  chunk first determines its compression. See
3180       also borg recreate.
3181
3182       Compression is lz4 by default. If you want something else, you have  to
3183       specify what you want.
3184
3185       Valid compression specifiers are:
3186
3187       none   Do not compress.
3188
3189       lz4    Use lz4 compression. Very high speed, very low compression. (de‐
3190              fault)
3191
3192       zstd[,L]
3193              Use zstd ("zstandard") compression, a  modern  wide-range  algo‐
3194              rithm.   If  you  do not explicitly give the compression level L
3195              (ranging from 1 to 22), it will  use  level  3.   Archives  com‐
3196              pressed with zstd are not compatible with borg < 1.1.4.
3197
3198       zlib[,L]
3199              Use  zlib  ("gz") compression. Medium speed, medium compression.
3200              If you do not explicitly give the compression level  L  (ranging
3201              from  0  to  9), it will use level 6.  Giving level 0 (means "no
3202              compression", but still has zlib protocol overhead)  is  usually
3203              pointless, you better use "none" compression.
3204
3205       lzma[,L]
3206              Use  lzma  ("xz")  compression. Low speed, high compression.  If
3207              you do not explicitly give the compression level L (ranging from
3208              0  to  9), it will use level 6.  Giving levels above 6 is point‐
3209              less and counterproductive because it does not  compress  better
3210              due  to the buffer size used by borg - but it wastes lots of CPU
3211              cycles and RAM.
3212
3213       auto,C[,L]
3214              Use a built-in heuristic to decide per chunk whether to compress
3215              or  not.   The heuristic tries with lz4 whether the data is com‐
3216              pressible.  For incompressible data, it will not use compression
3217              (uses  "none").   For compressible data, it uses the given C[,L]
3218              compression - with C[,L] being any valid compression specifier.
3219
3220       obfuscate,SPEC,C[,L]
3221              Use compressed-size obfuscation to make  fingerprinting  attacks
3222              based on the observable stored chunk size more difficult. Note:
3223
3224              • You  must  combine  this with encryption, or it won't make any
3225                sense.
3226
3227              • Your repo size will be bigger, of course.
3228
3229              • A  chunk  is  limited  by  the  constant  MAX_DATA_SIZE  (cur.
3230                ~20MiB).
3231
3232              The SPEC value determines how the size obfuscation works:
3233
3234              Relative random reciprocal size variation (multiplicative)
3235
3236              Size  will increase by a factor, relative to the compressed data
3237              size.  Smaller factors are used often, larger factors rarely.
3238
3239              Available factors:
3240
3241                 1:     0.01 ..        100
3242                 2:     0.1  ..      1,000
3243                 3:     1    ..     10,000
3244                 4:    10    ..    100,000
3245                 5:   100    ..  1,000,000
3246                 6: 1,000    .. 10,000,000
3247
3248              Example probabilities for SPEC 1:
3249
3250                 90   %  0.01 ..   0.1
3251                  9   %  0.1  ..   1
3252                  0.9 %  1    ..  10
3253                  0.09% 10    .. 100
3254
3255              Randomly sized padding up to the given size (additive)
3256
3257                 110: 1kiB (2 ^ (SPEC - 100))
3258                 ...
3259                 120: 1MiB
3260                 ...
3261                 123: 8MiB (max.)
3262
3263       Examples:
3264
3265          borg create --compression lz4 REPO::ARCHIVE data
3266          borg create --compression zstd REPO::ARCHIVE data
3267          borg create --compression zstd,10 REPO::ARCHIVE data
3268          borg create --compression zlib REPO::ARCHIVE data
3269          borg create --compression zlib,1 REPO::ARCHIVE data
3270          borg create --compression auto,lzma,6 REPO::ARCHIVE data
3271          borg create --compression auto,lzma ...
3272          borg create --compression obfuscate,110,none ...
3273          borg create --compression obfuscate,3,auto,zstd,10 ...
3274          borg create --compression obfuscate,2,zstd,6 ...
3275

DEBUGGING FACILITIES

3277       There is a borg debug command that has some subcommands which  are  all
3278       not  intended for normal use and potentially very dangerous if used in‐
3279       correctly.
3280
3281       For example, borg debug put-obj and borg debug delete-obj will only  do
3282       what  their  name suggests: put objects into repo / delete objects from
3283       repo.
3284
3285       Please note:
3286
3287       • they will not update the chunks cache (chunks index) about the object
3288
3289       • they will not update the  manifest  (so  no  automatic  chunks  index
3290         resync is triggered)
3291
3292       • they  will  not  check  whether  the  object  is  in use (e.g. before
3293         delete-obj)
3294
3295       • they will not update any metadata which may point to the object
3296
3297       They exist to improve debugging capabilities without direct system  ac‐
3298       cess, e.g.  in case you ever run into some severe malfunction. Use them
3299       only if you know what you are doing or  if  a  trusted  Borg  developer
3300       tells you what to do.
3301
3302       Borg has a --debug-topic TOPIC option to enable specific debugging mes‐
3303       sages. Topics are generally not documented.
3304
3305       A --debug-profile FILE option exists which writes a profile of the main
3306       program's  execution  to  a  file. The format of these files is not di‐
3307       rectly compatible with the Python profiling tools, since these use  the
3308       "marshal"  format,  which  is  not  intended  to be secure (quoting the
3309       Python docs: "Never unmarshal data received from an untrusted or  unau‐
3310       thenticated source.").
3311
3312       The  borg debug profile-convert command can be used to take a Borg pro‐
3313       file and convert it to a profile  file  that  is  compatible  with  the
3314       Python tools.
3315
3316       Additionally,  if  the filename specified for --debug-profile ends with
3317       ".pyprof" a Python compatible profile is generated. This  is  only  in‐
3318       tended for local use by developers.
3319

ADDITIONAL NOTES

3321       Here  are misc. notes about topics that are maybe not covered in enough
3322       detail in the usage section.
3323
3324   --chunker-params
3325       The chunker params influence  how  input  files  are  cut  into  pieces
3326       (chunks)  which are then considered for deduplication. They also have a
3327       big impact on resource usage (RAM and disk space) as the amount of  re‐
3328       sources  needed  is  (also) determined by the total amount of chunks in
3329       the repository (see Indexes / Caches memory usage for details).
3330
3331       --chunker-params=buzhash,10,23,16,4095 results in a fine-grained  dedu‐
3332       plication|  and  creates  a big amount of chunks and thus uses a lot of
3333       resources to manage them. This is good for relatively small  data  vol‐
3334       umes and if the machine has a good amount of free RAM and disk space.
3335
3336       --chunker-params=buzhash,19,23,21,4095    (default)    results   in   a
3337       coarse-grained deduplication and  creates  a  much  smaller  amount  of
3338       chunks  and  thus  uses less resources. This is good for relatively big
3339       data volumes and if the machine has a relatively low amount of free RAM
3340       and disk space.
3341
3342       --chunker-params=fixed,4194304  results in fixed 4MiB sized block dedu‐
3343       plication and is more efficient than the previous example when used for
3344       for  block  devices (like disks, partitions, LVM LVs) or raw disk image
3345       files.
3346
3347       --chunker-params=fixed,4096,512 results in fixed 4kiB sized blocks, but
3348       the  first header block will only be 512B long. This might be useful to
3349       dedup files with 1 header + N fixed size data blocks. Be careful to not
3350       produce  a  too  big  amount of chunks (like using small block size for
3351       huge files).
3352
3353       If you already have made some archives in a  repository  and  you  then
3354       change  chunker  params,  this  of  course impacts deduplication as the
3355       chunks will be cut differently.
3356
3357       In the worst case (all files are big and were touched in between  back‐
3358       ups), this will store all content into the repository again.
3359
3360       Usually, it is not that bad though:
3361
3362       • usually  most  files  are not touched, so it will just re-use the old
3363         chunks it already has in the repo
3364
3365       • files smaller than the (both old and new) minimum chunksize result in
3366         only  one chunk anyway, so the resulting chunks are same and dedupli‐
3367         cation will apply
3368
3369       If you switch chunker params to save resources  for  an  existing  repo
3370       that  already  has some backup archives, you will see an increasing ef‐
3371       fect over time, when more and more files have been touched  and  stored
3372       again  using  the  bigger  chunksize  and all references to the smaller
3373       older chunks have been removed (by deleting / pruning archives).
3374
3375       If you want to see an immediate big effect on resource usage, you  bet‐
3376       ter start a new repository when changing chunker params.
3377
3378       For more details, see Chunks.
3379
3380   --noatime / --noctime
3381       You can use these borg create options to not store the respective time‐
3382       stamp into the archive, in case you do not really need it.
3383
3384       Besides saving a little space for the not archived timestamp, it  might
3385       also  affect  metadata  stream  deduplication:  if  only this timestamp
3386       changes between backups and is stored into  the  metadata  stream,  the
3387       metadata stream chunks won't deduplicate just because of that.
3388
3389   --nobsdflags / --noflags
3390       You  can use this to not query and store (or not extract and set) flags
3391       - in case you don't need them or if they are broken  somehow  for  your
3392       fs.
3393
3394       On  Linux, dealing with the flags needs some additional syscalls. Espe‐
3395       cially when dealing with lots of small files, this causes a  noticeable
3396       overhead, so you can use this option also for speeding up operations.
3397
3398   --umask
3399       borg  uses  a safe default umask of 077 (that means the files borg cre‐
3400       ates have only permissions for owner, but no permissions for group  and
3401       others) - so there should rarely be a need to change the default behav‐
3402       iour.
3403
3404       This option only affects the process to which it is given.  Thus,  when
3405       you run borg in client/server mode and you want to change the behaviour
3406       on the server side, you need to use borg serve --umask=XXX ... as a ssh
3407       forced  command  in  authorized_keys.  The  --umask  value given on the
3408       client side is not transferred to the server side.
3409
3410       Also, if you choose to use the --umask option, always be consistent and
3411       use the same umask value so you do not create a mixup of permissions in
3412       a borg repository or with other files borg creates.
3413
3414   --read-special
3415       The --read-special option is special - you do not want to  use  it  for
3416       normal full-filesystem backups, but rather after carefully picking some
3417       targets for it.
3418
3419       The option --read-special triggers special treatment for block and char
3420       device files as well as FIFOs. Instead of storing them as such a device
3421       (or FIFO), they will get opened, their content will be read and in  the
3422       backup archive they will show up like a regular file.
3423
3424       Symlinks will also get special treatment if (and only if) they point to
3425       such a special file: instead of storing them as a symlink,  the  target
3426       special file will get processed as described above.
3427
3428       One intended use case of this is backing up the contents of one or mul‐
3429       tiple block devices, like e.g. LVM snapshots or inactive  LVs  or  disk
3430       partitions.
3431
3432       You  need  to  be careful about what you include when using --read-spe‐
3433       cial, e.g. if you include /dev/zero, your backup will never terminate.
3434
3435       Restoring such files' content is currently only supported one at a time
3436       via  --stdout  option (and you have to redirect stdout to where ever it
3437       shall go, maybe directly into an existing device file of your choice or
3438       indirectly via dd).
3439
3440       To  some  extent, mounting a backup archive with the backups of special
3441       files via borg mount and then loop-mounting the image files from inside
3442       the  mount  point  will  work.  If  you plan to access a lot of data in
3443       there, it likely will scale and perform better if you do not  work  via
3444       the FUSE mount.
3445
3446   Example
3447       Imagine  you have made some snapshots of logical volumes (LVs) you want
3448       to backup.
3449
3450       NOTE:
3451          For some scenarios, this is a good method to get  "crash-like"  con‐
3452          sistency  (I  call it crash-like because it is the same as you would
3453          get if you just hit the reset button or your machine would  abruptly
3454          and  completely  crash).   This is better than no consistency at all
3455          and a good method for some use cases, but likely not good enough  if
3456          you have databases running.
3457
3458       Then  you  create  a  backup archive of all these snapshots. The backup
3459       process will see a "frozen" state of the  logical  volumes,  while  the
3460       processes  working  in  the original volumes continue changing the data
3461       stored there.
3462
3463       You also add the output of lvdisplay to your backup, so you can see the
3464       LV sizes in case you ever need to recreate and restore them.
3465
3466       After the backup has completed, you remove the snapshots again.
3467
3468          $ # create snapshots here
3469          $ lvdisplay > lvdisplay.txt
3470          $ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
3471          $ # remove snapshots here
3472
3473       Now, let's see how to restore some LVs from such a backup.
3474
3475          $ borg extract /path/to/repo::arch lvdisplay.txt
3476          $ # create empty LVs with correct sizes here (look into lvdisplay.txt).
3477          $ # we assume that you created an empty root and home LV and overwrite it now:
3478          $ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
3479          $ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home
3480
3481   Separate compaction
3482       Borg  does not auto-compact the segment files in the repository at com‐
3483       mit time (at the end of each repository-writing command) any more.
3484
3485       This is new since borg 1.2.0 and requires borg >= 1.2.0 on  client  and
3486       server.
3487
3488       This  causes  a similar behaviour of the repository as if it was in ap‐
3489       pend-only mode (see below) most of the time (until borg compact is  in‐
3490       voked or an old client triggers auto-compaction).
3491
3492       This has some notable consequences:
3493
3494       • repository space is not freed immediately when deleting / pruning ar‐
3495         chives
3496
3497       • commands finish quicker
3498
3499       • repository is more robust and might be easier to recover  after  dam‐
3500         ages (as it contains data in a more sequential manner, historic mani‐
3501         fests, multiple commits - until you run borg compact)
3502
3503       • user can choose when to run compaction (it should be done  regularly,
3504         but not necessarily after each single borg command)
3505
3506       • user  can  choose  from  where  to invoke borg compact to do the com‐
3507         paction (from client or from server, it does not need a key)
3508
3509       • less repo sync data traffic in case you create a copy of your reposi‐
3510         tory by using a sync tool (like rsync, rclone, ...)
3511
3512       You can manually run compaction by invoking the borg compact command.
3513
3514   Append-only mode (forbid compaction)
3515       A  repository  can  be  made  "append-only", which means that Borg will
3516       never overwrite or delete committed data  (append-only  refers  to  the
3517       segment  files, but borg will also reject to delete the repository com‐
3518       pletely).
3519
3520       If borg compact command is used on a repo in  append-only  mode,  there
3521       will be no warning or error, but no compaction will happen.
3522
3523       append-only is useful for scenarios where a backup client machine back‐
3524       ups remotely to a backup server using borg serve, since a hacked client
3525       machine cannot delete backups on the server permanently.
3526
3527       To  activate  append-only  mode, set append_only to 1 in the repository
3528       config:
3529
3530          borg config /path/to/repo append_only 1
3531
3532       Note that you can go back-and-forth between normal and append-only  op‐
3533       eration with borg config; it's not a "one way trip."
3534
3535       In  append-only mode Borg will create a transaction log in the transac‐
3536       tions file, where each line is a transaction and a UTC timestamp.
3537
3538       In addition, borg serve can act as if a repository  is  in  append-only
3539       mode  with  its  option  --append-only.  This  can  be  very useful for
3540       fine-tuning access control in .ssh/authorized_keys:
3541
3542          command="borg serve --append-only ..." ssh-rsa <key used for not-always-trustable backup clients>
3543          command="borg serve ..." ssh-rsa <key used for backup management>
3544
3545       Running borg init via a borg serve --append-only server will not create
3546       an  append-only  repository. Running borg init --append-only creates an
3547       append-only repository regardless of server settings.
3548
3549   Example
3550       Suppose an attacker remotely deleted all backups, but  your  repository
3551       was in append-only mode. A transaction log in this situation might look
3552       like this:
3553
3554          transaction 1, UTC time 2016-03-31T15:53:27.383532
3555          transaction 5, UTC time 2016-03-31T15:53:52.588922
3556          transaction 11, UTC time 2016-03-31T15:54:23.887256
3557          transaction 12, UTC time 2016-03-31T15:55:54.022540
3558          transaction 13, UTC time 2016-03-31T15:55:55.472564
3559
3560       From your security logs you conclude  the  attacker  gained  access  at
3561       15:54:00  and  all the backups where deleted or replaced by compromised
3562       backups. From the log you know that transactions 11 and later are  com‐
3563       promised.  Note that the transaction ID is the name of the last file in
3564       the transaction. For example, transaction 11 spans files 6 to 11.
3565
3566       In a real attack you'll likely want to keep the compromised  repository
3567       intact  to analyze what the attacker tried to achieve. It's also a good
3568       idea to make this copy just in case something goes wrong during the re‐
3569       covery. Since recovery is done by deleting some files, a hard link copy
3570       (cp -al) is sufficient.
3571
3572       The first step to reset the repository to transaction 5, the  last  un‐
3573       compromised  transaction,  is to remove the hints.N, index.N and integ‐
3574       rity.N files in the repository (these files are always expendable).  In
3575       this example N is 13.
3576
3577       Then  remove  or move all segment files from the segment directories in
3578       data/ starting with file 6:
3579
3580          rm data/**/{6..13}
3581
3582       That's all to do in the repository.
3583
3584       If you want to access this rolled back repository from  a  client  that
3585       already has a cache for this repository, the cache will reflect a newer
3586       repository state than what you actually have in the repository now, af‐
3587       ter the rollback.
3588
3589       Thus, you need to clear the cache:
3590
3591          borg delete --cache-only repo
3592
3593       The  cache  will  get rebuilt automatically. Depending on repo size and
3594       archive count, it may take a while.
3595
3596       You  also  will  need  to  remove  ~/.config/borg/security/REPOID/mani‐
3597       fest-timestamp.
3598
3599   Drawbacks
3600       As  data  is only appended, and nothing removed, commands like prune or
3601       delete won't free disk space, they merely tag data as deleted in a  new
3602       transaction.
3603
3604       Be  aware that as soon as you write to the repo in non-append-only mode
3605       (e.g. prune, delete or create archives from an admin machine), it  will
3606       remove  the  deleted  objects permanently (including the ones that were
3607       already marked as deleted, but not removed, in append-only mode). Auto‐
3608       mated  edits  to the repository (such as a cron job running borg prune)
3609       will render append-only mode moot if data is deleted.
3610
3611       Even if an archive appears to be available, it is possible an  attacker
3612       could delete just a few chunks from an archive and silently corrupt its
3613       data. While in append-only mode, this is  reversible,  but  borg  check
3614       should  be  run  before  a  writing/pruning operation on an append-only
3615       repository to catch accidental or malicious corruption:
3616
3617          # run without append-only mode
3618          borg check --verify-data repo && borg compact repo
3619
3620       Aside from checking repository & archive integrity you may want to also
3621       manually check backups to ensure their content seems correct.
3622
3623   Further considerations
3624       Append-only  mode  is  not respected by tools other than Borg. rm still
3625       works on the repository. Make sure that backup client machines only get
3626       to access the repository via borg serve.
3627
3628       Ensure that no remote access is possible if the repository is temporar‐
3629       ily set to normal mode for e.g. regular pruning.
3630
3631       Further protections can be  implemented,  but  are  outside  of  Borg's
3632       scope. For example, file system snapshots or wrapping borg serve to set
3633       special permissions or ACLs on new data files.
3634
3635   SSH batch mode
3636       When running Borg using an automated script, ssh might still ask for  a
3637       password,  even  if there is an SSH key for the target server. Use this
3638       to make scripts more robust:
3639
3640          export BORG_RSH='ssh -oBatchMode=yes'
3641

AUTHOR

3643       The Borg Collective (see AUTHORS file)
3644
3646       2010-2023 Jonas Borgström, 2015-2023 The Borg Collective  (see  AUTHORS
3647       file)
3648
3649
3650
3651
36521.2.7                             2023-12-10                           BORG(1)
Impressum