File: borg.1

package info (click to toggle)
borgbackup2 2.0.0b20-4
links: PTS, VCS
area: main
in suites: sid
size: 16,852 kB
sloc: python: 33,830; pascal: 3,599; sh: 215; makefile: 156; tcl: 94; ansic: 21
file content (1040 lines) | stat: -rw-r--r-- 35,748 bytes
parent folder | download | duplicates (2)
'\" t
.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "BORG" "1" "2025-12-23" "" "borg backup tool"
.SH NAME
borg \- deduplicating and encrypting backup tool
.SH SYNOPSIS
.sp
borg [common options] <command> [options] [arguments]
.SH DESCRIPTION
.\" we don't include the README.rst here since we want to keep this terse.
.
.sp
BorgBackup (short: Borg) is a deduplicating backup program.
Optionally, it supports compression and authenticated encryption.
.sp
The main goal of Borg is to provide an efficient and secure way to back up data.
The data deduplication technique used makes Borg suitable for daily backups
since only changes are stored.
The authenticated encryption technique makes it suitable for backups to targets not
fully trusted.
.sp
Borg stores a set of files in an \fIarchive\fP\&. A \fIrepository\fP is a collection
of \fIarchives\fP\&. The format of repositories is Borg\-specific. Borg does not
distinguish archives from each other in any way other than their name,
it does not matter when or where archives were created (e.g., different hosts).
.SH EXAMPLES
.SS A step\-by\-step example
.INDENT 0.0
.IP 1. 3
Before a backup can be made, a repository has to be initialized:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo repo\-create \-\-encryption=repokey\-aes\-ocb
.EE
.UNINDENT
.UNINDENT
.IP 2. 3
Back up the \fB~/src\fP and \fB~/Documents\fP directories into an archive called
\fIdocs\fP:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo create docs ~/src ~/Documents
.EE
.UNINDENT
.UNINDENT
.IP 3. 3
The next day, create a new archive using the same archive name:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo create \-\-stats docs ~/src ~/Documents
.EE
.UNINDENT
.UNINDENT
.sp
This backup will be much quicker and much smaller, since only new,
never\-before\-seen data is stored. The \fB\-\-stats\fP option causes Borg to
output statistics about the newly created archive such as the deduplicated
size (the amount of unique data not shared with other archives):
.INDENT 3.0
.INDENT 3.5
.sp
.EX
Repository: /path/to/repo
Archive name: docs
Archive fingerprint: bcd1b53f9b4991b7afc2b339f851b7ffe3c6d030688936fe4552eccc1877718d
Time (start): Sat, 2022\-06\-25 20:21:43
Time (end):   Sat, 2022\-06\-25 20:21:43
Duration: 0.07 seconds
Utilization of maximum archive size: 0%
Number of files: 699
Original size: 31.14 MB
Deduplicated size: 502 B
.EE
.UNINDENT
.UNINDENT
.IP 4. 3
List all archives in the repository:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo repo\-list
docs                                 Sat, 2022\-06\-25 20:21:14 [b80e24d2...b179f298]
docs                                 Sat, 2022\-06\-25 20:21:43 [bcd1b53f...1877718d]
.EE
.UNINDENT
.UNINDENT
.IP 5. 3
List the contents of the first archive:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo list aid:b80e24d2
drwxr\-xr\-x user   group          0 Mon, 2016\-02\-15 18:22:30 home/user/Documents
\-rw\-r\-\-r\-\- user   group       7961 Mon, 2016\-02\-15 18:22:30 home/user/Documents/Important.doc
\&...
.EE
.UNINDENT
.UNINDENT
.IP 6. 3
Restore the first archive by extracting the files relative to the current directory:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo extract aid:b80e24d2
.EE
.UNINDENT
.UNINDENT
.IP 7. 3
Delete the first archive (please note that this does \fBnot\fP free repository disk space):
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo delete aid:b80e24d2
.EE
.UNINDENT
.UNINDENT
.sp
Be careful if you use an archive NAME (and not an archive ID), as it might match multiple archives.
Always use \fB\-\-dry\-run\fP and \fB\-\-list\fP first!
.IP 8. 3
Recover disk space by compacting the segment files in the repository:
.INDENT 3.0
.INDENT 3.5
.sp
.EX
$ borg \-r /path/to/repo compact \-v
.EE
.UNINDENT
.UNINDENT
.UNINDENT
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
Borg is quiet by default (it defaults to WARNING log level).
You can use options like \fB\-\-progress\fP or \fB\-\-list\fP to get specific
reports during command execution.  You can also add the \fB\-v\fP (or
\fB\-\-verbose\fP or \fB\-\-info\fP) option to adjust the log level to INFO to
get other informational messages.
.UNINDENT
.UNINDENT
.SH NOTES
.SS Positional Arguments and Options: Order matters
.sp
Borg only supports taking options (\fB\-s\fP and \fB\-\-progress\fP in the example)
either to the left or to the right of all positional arguments (\fBrepo::archive\fP and \fBpath\fP
in the example), but not in between them:
.INDENT 0.0
.INDENT 3.5
.sp
.EX
borg create \-s \-\-progress archive path  # good and preferred
borg create archive path \-s \-\-progress  # also works
borg create \-s archive path \-\-progress  # works, but ugly
borg create archive \-s \-\-progress path  # BAD
.EE
.UNINDENT
.UNINDENT
.sp
This is due to a problem in the argparse module:  <https://bugs.python.org/issue15112> 
.SS Repository URLs
.sp
\fBLocal filesystem\fP (or locally mounted network filesystem):
.sp
\fB/path/to/repo\fP — filesystem path to the repository directory (absolute path)
.sp
\fBpath/to/repo\fP — filesystem path to the repository directory (relative path)
.sp
Also, paths like \fB~/path/to/repo\fP or \fB~other/path/to/repo\fP work (this is
expanded by your shell).
.sp
Note: You may also prepend \fBfile://\fP to a filesystem path to use URL style.
.sp
\fBRemote repositories\fP accessed via SSH  <user@host> :
.sp
\fBssh://user@host:port//abs/path/to/repo\fP — absolute path
.sp
\fBssh://user@host:port/rel/path/to/repo\fP — path relative to the current directory
.sp
\fBRemote repositories\fP accessed via SFTP:
.sp
\fBsftp://user@host:port//abs/path/to/repo\fP — absolute path
.sp
\fBsftp://user@host:port/rel/path/to/repo\fP — path relative to the current directory
.sp
For SSH and SFTP URLs, the \fBuser@\fP and \fB:port\fP parts are optional.
.sp
\fBRemote repositories\fP accessed via rclone:
.sp
\fBrclone:remote:path\fP — see the rclone docs for more details about \fBremote:path\fP\&.
.sp
\fBRemote repositories\fP accessed via S3:
.sp
\fB(s3|b2):[profile|(access_key_id:access_key_secret)@][schema://hostname[:port]]/bucket/path\fP — see the boto3 docs for more details about credentials.
.sp
If you are connecting to AWS S3, \fB[schema://hostname[:port]]\fP is optional, but \fBbucket\fP and \fBpath\fP are always required.
.sp
Note: There is a known issue with some S3\-compatible services, e.g., Backblaze B2. If you encounter problems, try using \fBb2:\fP instead of \fBs3:\fP in the URL.
.sp
If you frequently need the same repository URL, it is a good idea to set the
\fBBORG_REPO\fP environment variable to set a default repository URL:
.INDENT 0.0
.INDENT 3.5
.sp
.EX
export BORG_REPO=\(aqssh://user@host:port/rel/path/to/repo\(aq
.EE
.UNINDENT
.UNINDENT
.sp
Then simply omit the \fB\-\-repo\fP option when you want
to use the default — it will be read from BORG_REPO.
.SS Repository Locations / Archive Names
.sp
Many commands need to know the repository location; specify it via \fB\-r\fP/\fB\-\-repo\fP
or use the \fBBORG_REPO\fP environment variable.
.sp
Commands that need one or two archive names usually take them as positional arguments.
.sp
Commands that work with an arbitrary number of archives usually accept \fB\-a ARCH_GLOB\fP\&.
.sp
Archive names must not contain the \fB/\fP (slash) character. For simplicity,
also avoid spaces or other characters that have special meaning to the
shell or in a filesystem (\fBborg mount\fP uses the archive name as a directory
name).
.SS Logging
.sp
Borg writes all log output to stderr by default. However, output on stderr does
not necessarily indicate an error. Check the log levels of the messages and the
return code of borg to determine error, warning, or success conditions.
.sp
If you want to capture the log output to a file, just redirect it:
.INDENT 0.0
.INDENT 3.5
.sp
.EX
borg create \-\-repo repo archive myfiles 2>> logfile
.EE
.UNINDENT
.UNINDENT
.sp
Custom logging configurations can be implemented via BORG_LOGGING_CONF.
.sp
The log level of the built\-in logging configuration defaults to WARNING.
This is because we want Borg to be mostly silent and only output
warnings, errors, and critical messages unless output has been requested
by supplying an option that implies output (e.g., \fB\-\-list\fP or \fB\-\-progress\fP).
.sp
Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL
.sp
Use \fB\-\-debug\fP to set the DEBUG log level —
this prints debug, info, warning, error, and critical messages.
.sp
Use \fB\-\-info\fP (or \fB\-v\fP or \fB\-\-verbose\fP) to set the INFO log level —
this prints info, warning, error, and critical messages.
.sp
Use \fB\-\-warning\fP (default) to set the WARNING log level —
this prints warning, error, and critical messages.
.sp
Use \fB\-\-error\fP to set the ERROR log level —
this prints error and critical messages.
.sp
Use \fB\-\-critical\fP to set the CRITICAL log level —
this prints only critical messages.
.sp
While you can set miscellaneous log levels, do not expect every command to
produce different output at different log levels — it\(aqs merely a possibility.
.sp
\fBWARNING:\fP
.INDENT 0.0
.INDENT 3.5
Options \fB\-\-critical\fP and \fB\-\-error\fP are provided for completeness,
their usage is not recommended as you might miss important information.
.UNINDENT
.UNINDENT
.SS Return codes
.sp
Borg can exit with the following return codes (rc):
.TS
box center;
l|l.
T{
Return code
T}	T{
Meaning
T}
_
T{
0
T}	T{
success (logged as INFO)
T}
_
T{
1
T}	T{
generic warning (operation reached its normal end, but there were warnings —
you should check the log; logged as WARNING)
T}
_
T{
2
T}	T{
generic error (like a fatal error or a local/remote exception; the operation
did not reach its normal end; logged as ERROR)
T}
_
T{
3..99
T}	T{
specific error (enabled by BORG_EXIT_CODES=modern)
T}
_
T{
100..127
T}	T{
specific warning (enabled by BORG_EXIT_CODES=modern)
T}
_
T{
128+N
T}	T{
killed by signal N (e.g. 137 == kill \-9)
T}
.TE
.sp
If you use \fB\-\-show\-rc\fP, the return code is also logged at the indicated
level as the last log entry.
.sp
The modern exit codes (return codes, \(dqrc\(dq) are documented here: see \fImsgid\fP\&.
.SS Environment Variables
.sp
Borg uses some environment variables for automation:
.INDENT 0.0
.TP
.B General:
.INDENT 7.0
.TP
.B BORG_REPO
When set, use the value to give the default repository location.
Use this so you do not need to type \fB\-\-repo /path/to/my/repo\fP all the time.
.TP
.B BORG_OTHER_REPO
Similar to BORG_REPO, but gives the default for \fB\-\-other\-repo\fP\&.
.TP
.B BORG_PASSPHRASE (and BORG_OTHER_PASSPHRASE)
When set, use the value to answer the passphrase question for encrypted repositories.
It is used when a passphrase is needed to access an encrypted repo as well as when a new
passphrase should be initially set when initializing an encrypted repo.
See also BORG_NEW_PASSPHRASE.
.TP
.B BORG_PASSCOMMAND (and BORG_OTHER_PASSCOMMAND)
When set, use the standard output of the command (trailing newlines are stripped) to answer the
passphrase question for encrypted repositories.
It is used when a passphrase is needed to access an encrypted repo as well as when a new
passphrase should be initially set when initializing an encrypted repo. Note that the command
is executed without a shell. So variables, like \fB$HOME\fP will work, but \fB~\fP won\(aqt.
If BORG_PASSPHRASE is also set, it takes precedence.
See also BORG_NEW_PASSPHRASE.
.TP
.B BORG_PASSPHRASE_FD (and BORG_OTHER_PASSPHRASE_FD)
When set, specifies a file descriptor to read a passphrase
from. Programs starting borg may choose to open an anonymous pipe
and use it to pass a passphrase. This is safer than passing via
BORG_PASSPHRASE, because on some systems (e.g. Linux) environment
can be examined by other processes.
If BORG_PASSPHRASE or BORG_PASSCOMMAND are also set, they take precedence.
.TP
.B BORG_NEW_PASSPHRASE
When set, use the value to answer the passphrase question when a \fBnew\fP passphrase is asked for.
This variable is checked first. If it is not set, BORG_PASSPHRASE and BORG_PASSCOMMAND will also
be checked.
Main use case for this is to fully automate \fBborg change\-passphrase\fP\&.
.TP
.B BORG_DISPLAY_PASSPHRASE
When set, use the value to answer the \(dqdisplay the passphrase for verification\(dq question when defining a new passphrase for encrypted repositories.
.TP
.B BORG_DEBUG_PASSPHRASE
When set to YES, display debugging information that includes passphrases used and passphrase related env vars set.
.TP
.B BORG_EXIT_CODES
When set to \(dqmodern\(dq, the borg process will return more specific exit codes (rc).
When set to \(dqlegacy\(dq, the borg process will return rc 2 for all errors, 1 for all warnings, 0 for success.
Default is \(dqmodern\(dq.
.TP
.B BORG_HOST_ID
Borg usually computes a host id from the FQDN plus the results of \fBuuid.getnode()\fP (which usually returns
a unique id based on the MAC address of the network interface. Except if that MAC happens to be all\-zero \- in
that case it returns a random value, which is not what we want (because it kills automatic stale lock removal).
So, if you have an all\-zero MAC address or other reasons to better control the host id externally, just set this
environment variable to a unique value. If all your FQDNs are unique, you can just use the FQDN. If not,
use  <FQDN@uniqueid> \&.
.TP
.B BORG_LOCK_WAIT
You can set the default value for the \fB\-\-lock\-wait\fP option with this, so
you do not need to give it as a command line option.
.TP
.B BORG_LOGGING_CONF
When set, use the given filename as INI <https://docs.python.org/3/library/logging.config.html#configuration-file-format>
\-style logging configuration.
A basic example conf can be found at \fBdocs/misc/logging.conf\fP\&.
.TP
.B BORG_RSH
When set, use this command instead of \fBssh\fP\&. This can be used to specify ssh options, such as
a custom identity file \fBssh \-i /path/to/private/key\fP\&. See \fBman ssh\fP for other options. Using
the \fB\-\-rsh CMD\fP command line option overrides the environment variable.
.TP
.B BORG_REMOTE_PATH
When set, use the given path as borg executable on the remote (defaults to \(dqborg\(dq if unset).
Using the \fB\-\-remote\-path PATH\fP command line option overrides the environment variable.
.TP
.B BORG_REPO_PERMISSIONS
Set repository permissions, see also: \fIborg_serve\fP
.TP
.B BORG_FILES_CACHE_SUFFIX
When set to a value at least one character long, instructs borg to use a specifically named
(based on the suffix) alternative files cache. This can be used to avoid loading and saving
cache entries for backup sources other than the current sources.
.TP
.B BORG_FILES_CACHE_TTL
When set to a numeric value, this determines the maximum \(dqtime to live\(dq for the files cache
entries (default: 2). The files cache is used to determine quickly whether a file is unchanged.
.TP
.B BORG_USE_CHUNKS_ARCHIVE
When set to no (default: yes), the \fBchunks.archive.d\fP folder will not be used. This reduces
disk space usage but slows down cache resyncs.
.TP
.B BORG_SHOW_SYSINFO
When set to no (default: yes), system information (like OS, Python version, ...) in
exceptions is not shown.
Please only use for good reasons as it makes issues harder to analyze.
.TP
.B BORG_MSGPACK_VERSION_CHECK
Controls whether Borg checks the \fBmsgpack\fP version.
The default is \fByes\fP (strict check). Set to \fBno\fP to disable the version check and
allow any installed \fBmsgpack\fP version. Use this at your own risk; malfunctioning or
incompatible \fBmsgpack\fP versions may cause subtle bugs or repository data corruption.
.TP
.B BORG_FUSE_IMPL
Choose the low\-level FUSE implementation borg shall use for \fBborg mount\fP\&.
This is a comma\-separated list of implementation names, they are tried in the
given order, e.g.:
.INDENT 7.0
.IP \(bu 2
\fBmfusepy,pyfuse3,llfuse\fP: default, first try to load mfusepy, then pyfuse3, then llfuse.
.IP \(bu 2
\fBllfuse,pyfuse3\fP: first try to load llfuse, then try to load pyfuse3.
.IP \(bu 2
\fBmfusepy\fP: only try to load mfusepy
.IP \(bu 2
\fBpyfuse3\fP: only try to load pyfuse3
.IP \(bu 2
\fBllfuse\fP: only try to load llfuse
.IP \(bu 2
\fBnone\fP: do not try to load an implementation
.UNINDENT
.TP
.B BORG_SELFTEST
This can be used to influence borg\(aqs built\-in self\-tests. The default is to execute the tests
at the beginning of each borg command invocation.
.sp
BORG_SELFTEST=disabled can be used to switch off the tests and rather save some time.
Disabling is not recommended for normal borg users, but large scale borg storage providers can
use this to optimize production servers after at least doing a one\-time test borg (with
self\-tests not disabled) when installing or upgrading machines/OS/Borg.
.TP
.B BORG_WORKAROUNDS
A list of comma\-separated strings that trigger workarounds in borg,
e.g. to work around bugs in other software.
.sp
Currently known strings are:
.INDENT 7.0
.TP
.B basesyncfile
Use the more simple BaseSyncFile code to avoid issues with sync_file_range.
You might need this to run borg on WSL (Windows Subsystem for Linux) or
in systemd.nspawn containers on some architectures (e.g. ARM).
Using this does not affect data safety, but might result in a more bursty
write\-to\-disk behavior (not continuously streaming to disk).
.TP
.B retry_erofs
Retry opening a file without O_NOATIME if opening a file with O_NOATIME
caused EROFS. You will need this to make archives from volume shadow copies
in WSL1 (Windows Subsystem for Linux 1).
.TP
.B authenticated_no_key
Work around a lost passphrase or key for an \fBauthenticated\fP mode repository
(these are only authenticated, but not encrypted).
If the key is missing in the repository config, add \fBkey = anything\fP there.
.sp
This workaround is \fBonly\fP for emergencies and \fBonly\fP to extract data
from an affected repository (read\-only access):
.INDENT 7.0
.INDENT 3.5
.sp
.EX
BORG_WORKAROUNDS=authenticated_no_key borg extract \-\-repo repo archive
.EE
.UNINDENT
.UNINDENT
.sp
After you have extracted all data you need, you MUST delete the repository:
.INDENT 7.0
.INDENT 3.5
.sp
.EX
BORG_WORKAROUNDS=authenticated_no_key borg delete repo
.EE
.UNINDENT
.UNINDENT
.sp
Now you can init a fresh repo. Make sure you do not use the workaround any more.
.UNINDENT
.UNINDENT
.TP
.B Output formatting:
.INDENT 7.0
.TP
.B BORG_LIST_FORMAT
Giving the default value for \fBborg repo\-list \-\-format=X\fP\&.
.TP
.B BORG_RLIST_FORMAT
Giving the default value for \fBborg repo\-list \-\-format=X\fP\&.
.TP
.B BORG_PRUNE_FORMAT
Giving the default value for \fBborg prune \-\-format=X\fP\&.
.UNINDENT
.TP
.B Some automatic \(dqanswerers\(dq (if set, they automatically answer confirmation questions):
.INDENT 7.0
.TP
.B BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)
For \(dqWarning: Attempting to access a previously unknown unencrypted repository\(dq
.TP
.B BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)
For \(dqWarning: The repository at location ... was previously located at ...\(dq
.TP
.B BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
For \(dqThis is a potentially dangerous function...\(dq (check \-\-repair)
.TP
.B BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)
For \(dqYou requested to DELETE the repository completely \fIincluding\fP all archives it contains:\(dq
.UNINDENT
.sp
Note: answers are case sensitive. setting an invalid answer value might either give the default
answer or ask you interactively, depending on whether retries are allowed (they by default are
allowed). So please test your scripts interactively before making them a non\-interactive script.
.UNINDENT
.INDENT 0.0
.TP
.B Directories and files:
.INDENT 7.0
.TP
.B BORG_BASE_DIR
Defaults to \fB$HOME\fP or \fB~$USER\fP or \fB~\fP (in that order).
If you want to move all borg\-specific folders to a custom path at once, all you need to do is
to modify \fBBORG_BASE_DIR\fP: the other paths for cache, config etc. will adapt accordingly
(assuming you didn\(aqt set them to a different custom value).
.TP
.B BORG_CACHE_DIR
Defaults to \fB$BORG_BASE_DIR/.cache/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
XDG env var <https://specifications.freedesktop.org/basedir-spec/0.6/ar01s03.html>
 \fBXDG_CACHE_HOME\fP is set, then \fB$XDG_CACHE_HOME/borg\fP is being used instead.
This directory contains the local cache and might need a lot
of space for dealing with big repositories. Make sure you\(aqre aware of the associated
security aspects of the cache location: \fIcache_security\fP
.TP
.B BORG_CONFIG_DIR
Defaults to \fB$BORG_BASE_DIR/.config/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
XDG env var <https://specifications.freedesktop.org/basedir-spec/0.6/ar01s03.html>
 \fBXDG_CONFIG_HOME\fP is set, then \fB$XDG_CONFIG_HOME/borg\fP is being used instead.
This directory contains all borg configuration directories, see the FAQ
for a security advisory about the data in this directory: \fIhome_config_borg\fP
.TP
.B BORG_DATA_DIR
Defaults to \fB$BORG_BASE_DIR/.local/share/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
XDG env var <https://specifications.freedesktop.org/basedir-spec/0.6/ar01s03.html>
 \fBXDG_DATA_HOME\fP is set, then \fB$XDG_DATA_HOME/borg\fP is being used instead.
This directory contains all borg data directories, see the FAQ
for a security advisory about the data in this directory: \fIhome_data_borg\fP
.TP
.B BORG_RUNTIME_DIR
Defaults to \fB$BORG_BASE_DIR/.cache/borg\fP\&. If \fBBORG_BASE_DIR\fP is not explicitly set while
XDG env var <https://specifications.freedesktop.org/basedir-spec/0.6/ar01s03.html>
 \fBXDG_RUNTIME_DIR\fP is set, then \fB$XDG_RUNTIME_DIR/borg\fP is being used instead.
This directory contains borg runtime files, like e.g. the socket file.
.TP
.B BORG_SECURITY_DIR
Defaults to \fB$BORG_DATA_DIR/security\fP\&.
This directory contains security relevant data.
.TP
.B BORG_KEYS_DIR
Defaults to \fB$BORG_CONFIG_DIR/keys\fP\&.
This directory contains keys for encrypted repositories.
.TP
.B BORG_KEY_FILE
When set, use the given path as repository key file. Please note that this is only
for rather special applications that externally fully manage the key files:
.INDENT 7.0
.IP \(bu 2
this setting only applies to the keyfile modes (not to the repokey modes).
.IP \(bu 2
using a full, absolute path to the key file is recommended.
.IP \(bu 2
all directories in the given path must exist.
.IP \(bu 2
this setting forces borg to use the key file at the given location.
.IP \(bu 2
the key file must either exist (for most commands) or will be created (\fBborg repo\-create\fP).
.IP \(bu 2
you need to give a different path for different repositories.
.IP \(bu 2
you need to point to the correct key file matching the repository the command will operate on.
.UNINDENT
.TP
.B TMPDIR
This is where temporary files are stored (might need a lot of temporary space for some
operations), see tempfile <https://docs.python.org/3/library/tempfile.html#tempfile.gettempdir>
 for details.
.UNINDENT
.TP
.B Building:
.INDENT 7.0
.TP
.B BORG_OPENSSL_NAME
Defines the subdirectory name for OpenSSL (setup.py).
.TP
.B BORG_OPENSSL_PREFIX
Adds given OpenSSL header file directory to the default locations (setup.py).
.TP
.B BORG_LIBACL_PREFIX
Adds given prefix directory to the default locations. If an \(aqinclude/acl/libacl.h\(aq is found
Borg will be linked against the system libacl instead of a bundled implementation. (setup.py)
.TP
.B BORG_LIBLZ4_PREFIX
Adds given prefix directory to the default locations. If a \(aqinclude/lz4.h\(aq is found Borg
will be linked against the system liblz4 instead of a bundled implementation. (setup.py)
.TP
.B BORG_LIBZSTD_PREFIX
Adds given prefix directory to the default locations. If a \(aqinclude/zstd.h\(aq is found Borg
will be linked against the system libzstd instead of a bundled implementation. (setup.py)
.UNINDENT
.UNINDENT
.sp
Please note:
.INDENT 0.0
.IP \(bu 2
Be very careful when using the \(dqyes\(dq sayers, the warnings with prompt exist for your / your data\(aqs security/safety.
.IP \(bu 2
Also be very careful when putting your passphrase into a script, make sure it has appropriate file permissions (e.g.
mode 600, root:root).
.UNINDENT
.SS File systems
.sp
We recommend using a reliable, scalable journaling filesystem for the
repository, e.g., zfs, btrfs, ext4, apfs.
.sp
Borg now uses the \fBborgstore\fP package to implement the key/value store it
uses for the repository.
.sp
It currently uses the \fBfile:\fP store (posixfs backend) either with a local
directory or via SSH and a remote \fBborg serve\fP agent using borgstore on the
remote side.
.sp
This means that it will store each chunk into a separate filesystem file
(for more details, see the \fBborgstore\fP project).
.sp
This has some pros and cons (compared to legacy Borg 1.x segment files):
.sp
Pros:
.INDENT 0.0
.IP \(bu 2
Simplicity and better maintainability of the Borg code.
.IP \(bu 2
Sometimes faster, less I/O, better scalability: e.g., borg compact can just
remove unused chunks by deleting a single file and does not need to read
and rewrite segment files to free space.
.IP \(bu 2
In the future, easier to adapt to other kinds of storage:
borgstore\(aqs backends are quite simple to implement.
\fBsftp:\fP and \fBrclone:\fP backends already exist, others might be easy to add.
.IP \(bu 2
Parallel repository access with less locking is easier to implement.
.UNINDENT
.sp
Cons:
.INDENT 0.0
.IP \(bu 2
The repository filesystem will have to deal with a large number of files (there
are provisions in borgstore against having too many files in a single directory
by using a nested directory structure).
.IP \(bu 2
Greater filesystem space overhead (depends on the allocation block size — modern
filesystems like zfs are rather clever here, using a variable block size).
.IP \(bu 2
Sometimes slower, due to less sequential and more random access operations.
.UNINDENT
.SS Units
.sp
To display quantities, Borg takes care of respecting the
usual conventions of scale. Disk sizes are displayed in decimal <https://en.wikipedia.org/wiki/Decimal>
, using powers of ten (so
\fBkB\fP means 1000 bytes). For memory usage, binary prefixes <https://en.wikipedia.org/wiki/Binary_prefix>
 are used, and are
indicated using the IEC binary prefixes <https://en.wikipedia.org/wiki/IEC_80000-13#Prefixes_for_binary_multiples>
,
using powers of two (so \fBKiB\fP means 1024 bytes).
.SS Date and Time
.sp
We format date and time in accordance with ISO 8601, that is: YYYY\-MM\-DD and
HH:MM:SS (24\-hour clock).
.sp
For more information, see:  <https://xkcd.com/1179/> 
.sp
Unless otherwise noted, we display local date and time.
Internally, we store and process date and time as UTC.
TIMESPAN
.sp
Some options accept a TIMESPAN parameter, which can be given as a number of
years (e.g. \fB2y\fP), months (e.g. \fB12m\fP), weeks (e.g. \fB2w\fP),
days (e.g. \fB7d\fP), hours (e.g. \fB8H\fP), minutes (e.g. \fB30M\fP),
or seconds (e.g. \fB150S\fP).
.SS Resource Usage
.sp
Borg might use significant resources depending on the size of the data set it is dealing with.
.sp
If you use Borg in a client/server way (with an SSH repository),
the resource usage occurs partly on the client and partly on the
server.
.sp
If you use Borg as a single process (with a filesystem repository),
all resource usage occurs in that one process, so add up client and
server to get the approximate resource usage.
.INDENT 0.0
.TP
.B CPU client:
.INDENT 7.0
.IP \(bu 2
\fBborg create:\fP chunking, hashing, compression, encryption (high CPU usage)
.IP \(bu 2
\fBchunks cache sync:\fP quite heavy on CPU, doing lots of hash table operations
.IP \(bu 2
\fBborg extract:\fP decryption, decompression (medium to high CPU usage)
.IP \(bu 2
\fBborg check:\fP similar to extract, but depends on options given
.IP \(bu 2
\fBborg prune/borg delete archive:\fP low to medium CPU usage
.IP \(bu 2
\fBborg delete repo:\fP done on the server
.UNINDENT
.sp
It will not use more than 100% of one CPU core as the code is currently single\-threaded.
Especially higher zlib and lzma compression levels use significant amounts
of CPU cycles. Crypto might be cheap on the CPU (if hardware\-accelerated) or
expensive (if not).
.TP
.B CPU server:
It usually does not need much CPU; it just deals with the key/value store
(repository) and uses the repository index for that.
.sp
borg check: the repository check computes the checksums of all chunks
(medium CPU usage)
borg delete repo: low CPU usage
.TP
.B CPU (only for client/server operation):
When using Borg in a client/server way with an ssh\-type repository, the SSH
processes used for the transport layer will need some CPU on the client and
on the server due to the crypto they are doing — especially if you are pumping
large amounts of data.
.TP
.B Memory (RAM) client:
The chunks index and the files index are read into memory for performance
reasons. Might need large amounts of memory (see below).
Compression, especially lzma compression with high levels, might need substantial
amounts of memory.
.TP
.B Memory (RAM) server:
The server process will load the repository index into memory. Might need
considerable amounts of memory, but less than on the client (see below).
.TP
.B Chunks index (client only):
Proportional to the number of data chunks in your repo. Lots of chunks
in your repo imply a big chunks index.
It is possible to tweak the chunker parameters (see create options).
.TP
.B Files index (client only):
Proportional to the number of files in your last backups. Can be switched
off (see create options), but the next backup might be much slower if you do.
The speed benefit of using the files cache is proportional to file size.
.TP
.B Repository index (server only):
Proportional to the number of data chunks in your repo. Lots of chunks
in your repo imply a big repository index.
It is possible to tweak the chunker parameters (see create options) to
influence the number of chunks created.
.TP
.B Temporary files (client):
Reading data and metadata from a FUSE\-mounted repository will consume up to
the size of all deduplicated, small chunks in the repository. Big chunks
will not be locally cached.
.TP
.B Temporary files (server):
A non\-trivial amount of data will be stored in the remote temporary directory
for each client that connects to it. For some remotes, this can fill the
default temporary directory in /tmp. This can be mitigated by ensuring the
$TMPDIR, $TEMP, or $TMP environment variable is properly set for the sshd
process.
For some OSes, this can be done by setting the correct value in the
\&.bashrc (or equivalent login config file for other shells); however, in
other cases it may be necessary to first enable \fBPermitUserEnvironment yes\fP
in your \fBsshd_config\fP file, then add \fBenvironment=\(dqTMPDIR=/my/big/tmpdir\(dq\fP
at the start of the public key to be used in the \fBauthorized_keys\fP file.
.TP
.B Cache files (client only):
Contains the chunks index and files index (plus a collection of single\-
archive chunk indexes), which might need huge amounts of disk space
depending on archive count and size — see the FAQ for how to reduce this.
.TP
.B Network (only for client/server operation):
If your repository is remote, all deduplicated (and optionally compressed/
encrypted) data has to go over the connection (\fBssh://\fP repository URL).
If you use a locally mounted network filesystem, some additional copy
operations used for transaction support also go over the connection. If
you back up multiple sources to one target repository, additional traffic
happens for cache resynchronization.
.UNINDENT
.SS Support for file metadata
.sp
Besides regular file and directory structures, Borg can preserve
.INDENT 0.0
.IP \(bu 2
symlinks (stored as a symlink; the symlink is not followed)
.IP \(bu 2
special files:
.INDENT 2.0
.IP \(bu 2
character and block device files (restored via mknod(2))
.IP \(bu 2
FIFOs (\(dqnamed pipes\(dq)
.IP \(bu 2
special file \fIcontents\fP can be backed up in \fB\-\-read\-special\fP mode.
By default, the metadata to create them with mknod(2), mkfifo(2), etc. is stored.
.UNINDENT
.IP \(bu 2
hard\-linked regular files, devices, symlinks, FIFOs (considering all items in the same archive)
.IP \(bu 2
timestamps with nanosecond precision: mtime, atime, ctime
.IP \(bu 2
other timestamps: birthtime (on platforms supporting it)
.IP \(bu 2
permissions:
.INDENT 2.0
.IP \(bu 2
IDs of owning user and owning group
.IP \(bu 2
names of owning user and owning group (if the IDs can be resolved)
.IP \(bu 2
Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)
.UNINDENT
.UNINDENT
.sp
On some platforms additional features are supported:
.\" Yes/No's are grouped by reason/mechanism/reference.
.
.TS
box center;
l|l|l|l.
T{
Platform
T}	T{
ACLs
[5]
T}	T{
xattr
[6]
T}	T{
Flags
[7]
T}
_
T{
Linux
T}	T{
Yes
T}	T{
Yes
T}	T{
Yes [1]
T}
_
T{
macOS
T}	T{
Yes
T}	T{
Yes
T}	T{
Yes (all)
T}
_
T{
FreeBSD
T}	T{
Yes
T}	T{
Yes
T}	T{
Yes (all)
T}
_
T{
OpenBSD
T}	T{
n/a
T}	T{
n/a
T}	T{
Yes (all)
T}
_
T{
NetBSD
T}	T{
n/a
T}	T{
No [2]
T}	T{
Yes (all)
T}
_
T{
Solaris and derivatives
T}	T{
No [3]
T}	T{
No [3]
T}	T{
n/a
T}
_
T{
Windows (cygwin)
T}	T{
No [4]
T}	T{
No
T}	T{
No
T}
.TE
.sp
Other Unix\-like operating systems may work as well, but have not been tested yet.
.sp
Note that most platform\-dependent features also depend on the filesystem.
For example, ntfs\-3g on Linux is not able to convey NTFS ACLs.
.IP [1] 5
Only \(dqnodump\(dq, \(dqimmutable\(dq, \(dqcompressed\(dq and \(dqappend\(dq are supported.
Feature request #618 for more flags.
.IP [2] 5
Feature request #1332
.IP [3] 5
Feature request #1337
.IP [4] 5
Cygwin tries to map NTFS ACLs to permissions with varying degrees of success.
.IP [5] 5
The native access control list mechanism of the OS. This normally limits access to
non\-native ACLs. For example, NTFS ACLs are not completely accessible on Linux with ntfs\-3g.
.IP [6] 5
Extended attributes; key\-value pairs attached to a file, mainly used by the OS.
This includes resource forks on macOS.
.IP [7] 5
Also known as \fIBSD flags\fP\&. The Linux set of flags [1] is portable across platforms.
The BSDs define additional flags.
.SH SEE ALSO
.sp
\fIborg\-common(1)\fP for common command line options
.sp
\fIborg\-repo\-create(1)\fP, \fIborg\-repo\-delete(1)\fP, \fIborg\-repo\-list(1)\fP, \fIborg\-repo\-info(1)\fP,
\fIborg\-create(1)\fP, \fIborg\-mount(1)\fP, \fIborg\-extract(1)\fP,
\fIborg\-list(1)\fP, \fIborg\-info(1)\fP,
\fIborg\-delete(1)\fP, \fIborg\-prune(1)\fP, \fIborg\-compact(1)\fP,
\fIborg\-recreate(1)\fP
.sp
\fIborg\-compression(1)\fP, \fIborg\-patterns(1)\fP, \fIborg\-placeholders(1)\fP
.INDENT 0.0
.IP \(bu 2
Main web site  <https://www.borgbackup.org/> 
.IP \(bu 2
Releases  <https://github.com/borgbackup/borg/releases> 
.IP \(bu 2
Changelog  <https://github.com/borgbackup/borg/blob/master/docs/changes.rst> 
.IP \(bu 2
GitHub  <https://github.com/borgbackup/borg> 
.IP \(bu 2
Security contact  <https://borgbackup.readthedocs.io/en/latest/support.html#security\-contact> 
.UNINDENT
.SH AUTHOR
The Borg Collective

orphan: 
.\" Generated by docutils manpage writer.
.