borg man page

borg — BorgBackup is a deduplicating backup program with optional compression and authenticated encryption.

General

Borg consists of a number of commands. Each command accepts a number of arguments and options and interprets various environment variables. The following sections will describe each command in detail.

Commands, options, parameters, paths and such are set in fixed-width. Option values are underlined. Borg has few options accepting a fixed set of values (e.g. --encryption of borg_init). Experimental features are marked with red stripes on the sides, like this paragraph.

Experimental features are not stable, which means that they may be changed in incompatible ways or even removed entirely without prior notice in following releases.

Repository URLs

Local filesystem (or locally mounted network filesystem):

/path/to/repo - filesystem path to repo directory, absolute path

path/to/repo - filesystem path to repo directory, relative path

Also, stuff like ~/path/to/repo or ~other/path/to/repo works (this is expanded by your shell).

Note: you may also prepend a file:// to a filesystem path to get URL style.

Remote repositories accessed via ssh user@host:

user@host:/path/to/repo - remote repo, absolute path

ssh://user@host:port/path/to/repo - same, alternative syntax, port can be given

Remote repositories with relative paths can be given using this syntax:

user@host:path/to/repo - path relative to current directory

user@host:~/path/to/repo - path relative to user’s home directory

user@host:~other/path/to/repo - path relative to other’s home directory

Note: giving user@host:/./path/to/repo or user@host:/~/path/to/repo or user@host:/~other/path/to/repo is also supported, but not required here.

Remote repositories with relative paths, alternative syntax with port:

ssh://user@host:port/./path/to/repo - path relative to current directory

ssh://user@host:port/~/path/to/repo - path relative to user’s home directory

ssh://user@host:port/~other/path/to/repo - path relative to other’s home directory

If you frequently need the same repo URL, it is a good idea to set the BORG_REPO environment variable to set a default for the repo URL:

export BORG_REPO='ssh://user@host:port/path/to/repo'

Then just leave away the repo URL if only a repo URL is needed and you want to use the default - it will be read from BORG_REPO then.

Use :: syntax to give the repo URL when syntax requires giving a positional argument for the repo (e.g. borg mount :: /mnt).

Repository / Archive Locations

Many commands want either a repository (just give the repo URL, see above) or an archive location, which is a repo URL followed by ::archive_name.

Archive names must not contain the / (slash) character. For simplicity, maybe also avoid blanks or other characters that have special meaning on the shell or in a filesystem (borg mount will use the archive name as directory name).

If you have set BORG_REPO (see above) and an archive location is needed, use ::archive_name - the repo URL part is then read from BORG_REPO.

Type of log output

The log level of the builtin logging configuration defaults to WARNING. This is because we want Borg to be mostly silent and only output warnings, errors and critical messages, unless output has been requested by supplying an option that implies output (e.g. --list or --progress).

Log levels: DEBUG < INFO < WARNING < ERROR < CRITICAL

Use --debug to set DEBUG log level - to get debug, info, warning, error and critical level output.

Use --info (or -v or --verbose) to set INFO log level - to get info, warning, error and critical level output.

Use --warning (default) to set WARNING log level - to get warning, error and critical level output.

Use --error to set ERROR log level - to get error and critical level output.

Use --critical to set CRITICAL log level - to get critical level output.

While you can set misc. log levels, do not expect that every command will give different output on different log levels - it’s just a possibility.

WARNING:

Options --critical and --error are provided for completeness, their usage is not recommended as you might miss important information.

Return codes

Borg can exit with the following return codes (rc):

Return code Meaning
0 success (logged as INFO)
1 warning (operation reached its normal end, but there were warnings – you should check the log, logged as WARNING)
2 error (like a fatal error, a local or remote exception, the operation did not reach its normal end, logged as ERROR)
128+N killed by signal N (e.g. 137 == kill -9)

If you use --show-rc, the return code is also logged at the indicated level as the last log entry.

Environment Variables

Borg uses some environment variables for automation:

General:
BORG_REPO

When set, use the value to give the default repository location. If a command needs an archive parameter, you can abbreviate as ::archive. If a command needs a repository parameter, you can either leave it away or abbreviate as ::, if a positional parameter is required.

BORG_PASSPHRASE

When set, use the value to answer the passphrase question for encrypted repositories. It is used when a passphrase is needed to access an encrypted repo as well as when a new passphrase should be initially set when initializing an encrypted repo. See also BORG_NEW_PASSPHRASE.

BORG_PASSCOMMAND

When set, use the standard output of the command (trailing newlines are stripped) to answer the passphrase question for encrypted repositories. It is used when a passphrase is needed to access an encrypted repo as well as when a new passphrase should be initially set when initializing an encrypted repo. If BORG_PASSPHRASE is also set, it takes precedence. See also BORG_NEW_PASSPHRASE.

BORG_NEW_PASSPHRASE

When set, use the value to answer the passphrase question when a new passphrase is asked for. This variable is checked first. If it is not set, BORG_PASSPHRASE and BORG_PASSCOMMAND will also be checked. Main usecase for this is to fully automate borg change-passphrase.

BORG_DISPLAY_PASSPHRASE

When set, use the value to answer the “display the passphrase for verification” question when defining a new passphrase for encrypted repositories.

BORG_HOSTNAME_IS_UNIQUE=no

Borg assumes that it can derive a unique hostname / identity (see borg debug info). If this is not the case or you do not want Borg to automatically remove stale locks, set this to no.

BORG_LOGGING_CONF

When set, use the given filename as INI-style logging configuration.

BORG_RSH

When set, use this command instead of ssh. This can be used to specify ssh options, such as a custom identity file ssh -i /path/to/private/key. See man ssh for other options.

BORG_REMOTE_PATH

When set, use the given path as borg executable on the remote (defaults to “borg” if unset). Using --remote-path PATH commandline option overrides the environment variable.

BORG_FILES_CACHE_TTL

When set to a numeric value, this determines the maximum “time to live” for the files cache entries (default: 20). The files cache is used to quickly determine whether a file is unchanged. The FAQ explains this more detailed in: always_chunking

TMPDIR

where temporary files are stored (might need a lot of temporary space for some operations)

Some automatic “answerers” (if set, they automatically answer confirmation questions):
BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no (or =yes)

For “Warning: Attempting to access a previously unknown unencrypted repository”

BORG_RELOCATED_REPO_ACCESS_IS_OK=no (or =yes)

For “Warning: The repository at location … was previously located at …”

BORG_CHECK_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)

For “Warning: ‘check –repair’ is an experimental feature that might result in data loss.”

BORG_DELETE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)

For “You requested to completely DELETE the repository including all archives it contains:”

BORG_RECREATE_I_KNOW_WHAT_I_AM_DOING=NO (or =YES)

For “recreate is an experimental feature.”

Note: answers are case sensitive. setting an invalid answer value might either give the default answer or ask you interactively, depending on whether retries are allowed (they by default are allowed). So please test your scripts interactively before making them a non-interactive script.

Directories and files:
BORG_KEYS_DIR

Default to ‘~/.config/borg/keys’. This directory contains keys for encrypted repositories.

BORG_KEY_FILE

When set, use the given filename as repository key file.

BORG_SECURITY_DIR

Default to ‘~/.config/borg/security’. This directory contains information borg uses to track its usage of NONCES (“numbers used once” - usually in encryption context) and other security relevant data.

BORG_CACHE_DIR

Default to ‘~/.cache/borg’. This directory contains the local cache and might need a lot of space for dealing with big repositories).

BORG_CONFIG_DIR

Default to ‘~/.config/borg’. This directory contains the whole config directories.

Building:
BORG_OPENSSL_PREFIX

Adds given OpenSSL header file directory to the default locations (setup.py).

BORG_LZ4_PREFIX

Adds given LZ4 header file directory to the default locations (setup.py).

BORG_LIBB2_PREFIX

Adds given prefix directory to the default locations. If a ‘include/blake2.h’ is found Borg will be linked against the system libb2 instead of a bundled implementation. (setup.py)

Please note:

  • be very careful when using the “yes” sayers, the warnings with prompt exist for your / your data’s security/safety
  • also be very careful when putting your passphrase into a script, make sure it has appropriate file permissions (e.g. mode 600, root:root).

File systems

We strongly recommend against using Borg (or any other database-like software) on non-journaling file systems like FAT, since it is not possible to assume any consistency in case of power failures (or a sudden disconnect of an external drive or similar failures).

While Borg uses a data store that is resilient against these failures when used on journaling file systems, it is not possible to guarantee this with some hardware – independent of the software used. We don’t know a list of affected hardware.

If you are suspicious whether your Borg repository is still consistent and readable after one of the failures mentioned above occurred, run borg check --verify-data to make sure it is consistent. Requirements for Borg repository file systems.INDENT 0.0

  • Long file names
  • At least three directory levels with short names
  • Typically, file sizes up to a few hundred MB. Large repositories may require large files (>2 GB).
  • Up to 1000 files per directory (10000 for repositories initialized with Borg 1.0)
  • mkdir(2) should be atomic, since it is used for locking
  • Hardlinks are needed for borg_upgrade --inplace

Units

To display quantities, Borg takes care of respecting the usual conventions of scale. Disk sizes are displayed in decimal, using powers of ten (so kB means 1000 bytes). For memory usage, binary prefixes are used, and are indicated using the IEC binary prefixes, using powers of two (so KiB means 1024 bytes).

Date and Time

We format date and time conforming to ISO-8601, that is: YYYY-MM-DD and HH:MM:SS (24h clock).

For more information about that, see: https://xkcd.com/1179/

Unless otherwise noted, we display local date and time. Internally, we store and process date and time as UTC.

Resource Usage

Borg might use a lot of resources depending on the size of the data set it is dealing with.

If one uses Borg in a client/server way (with a ssh: repository), the resource usage occurs in part on the client and in another part on the server.

If one uses Borg as a single process (with a filesystem repo), all the resource usage occurs in that one process, so just add up client + server to get the approximate resource usage.

CPU client:

borg create: does chunking, hashing, compression, crypto (high CPU usage) chunks cache sync: quite heavy on CPU, doing lots of hashtable operations. borg extract: crypto, decompression (medium to high CPU usage) borg check: similar to extract, but depends on options given. borg prune / borg delete archive: low to medium CPU usage borg delete repo: done on the server It won’t go beyond 100% of 1 core as the code is currently single-threaded. Especially higher zlib and lzma compression levels use significant amounts of CPU cycles. Crypto might be cheap on the CPU (if hardware accelerated) or expensive (if not).

CPU server:

It usually doesn’t need much CPU, it just deals with the key/value store (repository) and uses the repository index for that.

borg check: the repository check computes the checksums of all chunks (medium CPU usage) borg delete repo: low CPU usage

CPU (only for client/server operation):

When using borg in a client/server way with a ssh:-type repo, the ssh processes used for the transport layer will need some CPU on the client and on the server due to the crypto they are doing - esp. if you are pumping big amounts of data.

Memory (RAM) client:

The chunks index and the files index are read into memory for performance reasons. Might need big amounts of memory (see below). Compression, esp. lzma compression with high levels might need substantial amounts of memory.

Memory (RAM) server:

The server process will load the repository index into memory. Might need considerable amounts of memory, but less than on the client (see below).

Chunks index (client only):

Proportional to the amount of data chunks in your repo. Lots of chunks in your repo imply a big chunks index. It is possible to tweak the chunker params (see create options).

Files index (client only):

Proportional to the amount of files in your last backups. Can be switched off (see create options), but next backup might be much slower if you do. The speed benefit of using the files cache is proportional to file size.

Repository index (server only):

Proportional to the amount of data chunks in your repo. Lots of chunks in your repo imply a big repository index. It is possible to tweak the chunker params (see create options) to influence the amount of chunks being created.

Temporary files (client):

Reading data and metadata from a FUSE mounted repository will consume up to the size of all deduplicated, small chunks in the repository. Big chunks won’t be locally cached.

Temporary files (server):

None.

Cache files (client only):

Contains the chunks index and files index (plus a collection of single- archive chunk indexes which might need huge amounts of disk space, depending on archive count and size - see FAQ about how to reduce).

Network (only for client/server operation):

If your repository is remote, all deduplicated (and optionally compressed/ encrypted) data of course has to go over the connection (ssh:// repo url). If you use a locally mounted network filesystem, additionally some copy operations used for transaction support also go over the connection. If you backup multiple sources to one target repository, additional traffic happens for cache resynchronization.

Support for file metadata

Besides regular file and directory structures, Borg can preserve

  • symlinks (stored as symlink, the symlink is not followed)
  • special files:

    • character and block device files (restored via mknod)
    • FIFOs (“named pipes”)
    • special file contents can be backed up in --read-special mode. By default the metadata to create them with mknod(2), mkfifo(2) etc. is stored.
  • hardlinked regular files, devices, FIFOs (considering all items in the same archive)
  • timestamps in nanosecond precision: mtime, atime, ctime
  • permissions:

    • IDs of owning user and owning group
    • names of owning user and owning group (if the IDs can be resolved)
    • Unix Mode/Permissions (u/g/o permissions, suid, sgid, sticky)

On some platforms additional features are supported:

Platform ACLs [5] xattr [6] Flags [7]
Linux Yes Yes Yes [1]
Mac OS X Yes Yes Yes (all)
FreeBSD Yes Yes
OpenBSD n/a n/a
NetBSD n/a No [2]
Solaris 11 No [3] n/a
OpenIndiana
Windows (cygwin) No [4] No No

Other Unix-like operating systems may work as well, but have not been tested at all.

Note that most of the platform-dependent features also depend on the file system. For example, ntfs-3g on Linux isn’t able to convey NTFS ACLs.

[1]

Only “nodump”, “immutable”, “compressed” and “append” are supported. Feature request #618 for more flags.

[2]

Feature request #1332

[3]

Feature request #1337

[4]

Cygwin tries to map NTFS ACLs to permissions with varying degress of success.

[5]

The native access control list mechanism of the OS. This normally limits access to non-native ACLs. For example, NTFS ACLs aren’t completely accessible on Linux with ntfs-3g.

[6]

extended attributes; key-value pairs attached to a file, mainly used by the OS. This includes resource forks on Mac OS X.

[7]

aka BSD flags. The Linux set of flags [1] is portable across platforms. The BSDs define additional flags.

In case you are interested in more details (like formulas), please see internals. For details on the available JSON output, refer to json_output.

Common options

All Borg commands share these options:

-h, --help

show this help message and exit

--critical

work on log level CRITICAL

--error

work on log level ERROR

--warning

work on log level WARNING (default)

--info, -v, --verbose

work on log level INFO

--debug

enable debug output, work on log level DEBUG

--debug-topic TOPIC

enable TOPIC debugging (can be specified multiple times). The logger path is borg.debug.<TOPIC> if TOPIC is not fully qualified.

-p, --progress

show progress information

--log-json

Output one JSON object per log line instead of formatted text.

--lock-wait SECONDS

wait at most SECONDS for acquiring a repository/cache lock (default: 1).

--show-version

show/log the borg version

--show-rc

show/log the return code (rc)

--umask M

set umask to M (local and remote, default: 0077)

--remote-path PATH

use PATH as borg executable on the remote (default: “borg”)

--remote-ratelimit RATE

set remote network upload rate limit in kiByte/s (default: 0=unlimited)

--consider-part-files

treat part files like normal files (e.g. to list/extract them)

--debug-profile FILE

Write execution profile in Borg format into FILE. For local use a Python-compatible file can be generated by suffixing FILE with “.pyprof”.

Examples

# Create an archive and log: borg version, files list, return code
$ borg create --show-version --list --show-rc /path/to/repo::my-files files

Borg Init

borg [common options] init [options] [REPOSITORY]

Description

This command initializes an empty repository. A repository is a filesystem directory containing the deduplicated data from zero or more archives.

Encryption can be enabled at repository init time. It cannot be changed later.

It is not recommended to work without encryption. Repository encryption protects you e.g. against the case that an attacker has access to your backup repository.

But be careful with the key / the passphrase:

If you want “passphrase-only” security, use one of the repokey modes. The key will be stored inside the repository (in its “config” file). In above mentioned attack scenario, the attacker will have the key (but not the passphrase).

If you want “passphrase and having-the-key” security, use one of the keyfile modes. The key will be stored in your home directory (in .config/borg/keys). In the attack scenario, the attacker who has just access to your repo won’t have the key (and also not the passphrase).

Make a backup copy of the key file (keyfile mode) or repo config file (repokey mode) and keep it at a safe place, so you still have the key in case it gets corrupted or lost. Also keep the passphrase at a safe place. The backup that is encrypted with that key won’t help you with that, of course.

Make sure you use a good passphrase. Not too short, not too simple. The real encryption / decryption key is encrypted with / locked by your passphrase. If an attacker gets your key, he can’t unlock and use it without knowing the passphrase.

Be careful with special or non-ascii characters in your passphrase:

  • Borg processes the passphrase as unicode (and encodes it as utf-8), so it does not have problems dealing with even the strangest characters.
  • BUT: that does not necessarily apply to your OS / VM / keyboard configuration.

So better use a long passphrase made from simple ascii chars than one that includes non-ascii stuff or characters that are hard/impossible to enter on a different keyboard layout.

You can change your passphrase for existing repos at any time, it won’t affect the encryption/decryption key or other secrets.

Encryption modes

Hash/MAC Not encrypted no auth Not encrypted, but authenticated Encrypted (AEAD w/ AES) and authenticated
SHA-256 none authenticated repokey keyfile
BLAKE2b n/a authenticated-blake2 repokey-blake2 keyfile-blake2

Marked modes are new in Borg 1.1 and are not backwards-compatible with Borg 1.0.x.

On modern Intel/AMD CPUs (except very cheap ones), AES is usually hardware-accelerated. BLAKE2b is faster than SHA256 on Intel/AMD 64-bit CPUs (except AMD Ryzen and future CPUs with SHA extensions), which makes authenticated-blake2 faster than none and authenticated.

On modern ARM CPUs, NEON provides hardware acceleration for SHA256 making it faster than BLAKE2b-256 there. NEON accelerates AES as well.

Hardware acceleration is always used automatically when available.

repokey and keyfile use AES-CTR-256 for encryption and HMAC-SHA256 for authentication in an encrypt-then-MAC (EtM) construction. The chunk ID hash is HMAC-SHA256 as well (with a separate key). These modes are compatible with Borg 1.0.x.

repokey-blake2 and keyfile-blake2 are also authenticated encryption modes, but use BLAKE2b-256 instead of HMAC-SHA256 for authentication. The chunk ID hash is a keyed BLAKE2b-256 hash. These modes are new and not compatible with Borg 1.0.x.

authenticated mode uses no encryption, but authenticates repository contents through the same HMAC-SHA256 hash as the repokey and keyfile modes (it uses it as the chunk ID hash). The key is stored like repokey. This mode is new and not compatible with Borg 1.0.x.

authenticated-blake2 is like authenticated, but uses the keyed BLAKE2b-256 hash from the other blake2 modes. This mode is new and not compatible with Borg 1.0.x.

none mode uses no encryption and no authentication. It uses SHA256 as chunk ID hash. Not recommended, rather consider using an authenticated or authenticated/encrypted mode. This mode has possible denial-of-service issues when running borg create on contents controlled by an attacker. Use it only for new repositories where no encryption is wanted and when compatibility with 1.0.x is important. If compatibility with 1.0.x is not important, use authenticated-blake2 or authenticated instead. This mode is compatible with Borg 1.0.x.

Examples

# Local repository, repokey encryption, BLAKE2b (often faster, since Borg 1.1)
$ borg init --encryption=repokey-blake2 /path/to/repo

# Local repository (no encryption)
$ borg init --encryption=none /path/to/repo

# Remote repository (accesses a remote borg via ssh)
$ borg init --encryption=repokey-blake2 user@hostname:backup

# Remote repository (store the key your home dir)
$ borg init --encryption=keyfile user@hostname:backup

Borg Create

borg [common options] create [options] ARCHIVE [PATH...]

Description

This command creates a backup archive containing all files found while recursively traversing all paths specified. Paths are added to the archive as they are given, that means if relative paths are desired, the command has to be run from the correct directory.

When giving ‘-‘ as path, borg will read data from standard input and create a file ‘stdin’ in the created archive from that data.

The archive will consume almost no disk space for files or parts of files that have already been stored in other archives.

The archive name needs to be unique. It must not end in ‘.checkpoint’ or ‘.checkpoint.N’ (with N being a number), because these names are used for checkpoints and treated in special ways.

In the archive name, you may use the following placeholders: {now}, {utcnow}, {fqdn}, {hostname}, {user} and some others.

Backup speed is increased by not reprocessing files that are already part of existing archives and weren’t modified. The detection of unmodified files is done by comparing multiple file metadata values with previous values kept in the files cache.

This comparison can operate in different modes as given by --files-cache:

  • ctime,size,inode (default)
  • mtime,size,inode (default behaviour of borg versions older than 1.1.0rc4)
  • ctime,size (ignore the inode number)
  • mtime,size (ignore the inode number)
  • rechunk,ctime (all files are considered modified - rechunk, cache ctime)
  • rechunk,mtime (all files are considered modified - rechunk, cache mtime)
  • disabled (disable the files cache, all files considered modified - rechunk)

inode number: better safety, but often unstable on network filesystems

Normally, detecting file modifications will take inode information into consideration to improve the reliability of file change detection. This is problematic for files located on sshfs and similar network file systems which do not provide stable inode numbers, such files will always be considered modified. You can use modes without inode in this case to improve performance, but reliability of change detection might be reduced.

ctime vs. mtime: safety vs. speed

  • ctime is a rather safe way to detect changes to a file (metadata and contents) as it can not be set from userspace. But, a metadata-only change will already update the ctime, so there might be some unnecessary chunking/hashing even without content changes. Some filesystems do not support ctime (change time).
  • mtime usually works and only updates if file contents were changed. But mtime can be arbitrarily set from userspace, e.g. to set mtime back to the same value it had before a content change happened. This can be used maliciously as well as well-meant, but in both cases mtime based cache modes can be problematic.

The mount points of filesystems or filesystem snapshots should be the same for every creation of a new archive to ensure fast operation. This is because the file cache that is used to determine changed files quickly uses absolute filenames. If this is not possible, consider creating a bind mount to a stable location.

The --progress option shows (from left to right) Original, Compressed and Deduplicated (O, C and D, respectively), then the Number of files (N) processed so far, followed by the currently processed path.

When using --stats, you will get some statistics about how much data was added - the “This Archive” deduplicated size there is most interesting as that is how much your repository will grow. Please note that the “All archives” stats refer to the state after creation.

See the output of the “borg help patterns” command for more help on exclude patterns. See the output of the “borg help placeholders” command for more help on placeholders.

The --exclude patterns are not like tar. In tar --exclude .bundler/gems will exclude foo/.bundler/gems. In borg it will not, you need to use --exclude ‘*/.bundler/gems’ to get the same effect. See borg help patterns for more information.

In addition to using --exclude patterns, it is possible to use --exclude-if-present to specify the name of a filesystem object (e.g. a file or folder name) which, when contained within another folder, will prevent the containing folder from being backed up.  By default, the containing folder and all of its contents will be omitted from the backup.  If, however, you wish to only include the objects specified by --exclude-if-present in your backup, and not include any other contents of the containing folder, this can be enabled through using the --keep-exclude-tags option.

Item flags

--list outputs a list of all files, directories and other file system items it considered (no matter whether they had content changes or not). For each item, it prefixes a single-letter flag that indicates type and/or status of the item.

If you are interested only in a subset of that output, you can give e.g. --filter=AME and it will only show regular files with A, M or E status (see below).

A uppercase character represents the status of a regular file relative to the “files” cache (not relative to the repo – this is an issue if the files cache is not used). Metadata is stored in any case and for ‘A’ and ‘M’ also new data chunks are stored. For ‘U’ all data chunks refer to already existing chunks.

  • ‘A’ = regular file, added (see also a_status_oddity in the FAQ)
  • ‘M’ = regular file, modified
  • ‘U’ = regular file, unchanged
  • ‘E’ = regular file, an error happened while accessing/reading this file

A lowercase character means a file type other than a regular file, borg usually just stores their metadata:

  • ‘d’ = directory
  • ‘b’ = block device
  • ‘c’ = char device
  • ‘h’ = regular file, hardlink (to already seen inodes)
  • ‘s’ = symlink
  • ‘f’ = fifo

Other flags used include:

  • ‘i’ = backup data was read from standard input (stdin)
  • ‘-‘ = dry run, item was not backed up
  • ‘x’ = excluded, item was not backed up
  • ‘?’ = missing status code (if you see this, please file a bug report!)

Examples

# Backup ~/Documents into an archive named "my-documents"
$ borg create /path/to/repo::my-documents ~/Documents

# same, but list all files as we process them
$ borg create --list /path/to/repo::my-documents ~/Documents

# Backup ~/Documents and ~/src but exclude pyc files
$ borg create /path/to/repo::my-files \
    ~/Documents                       \
    ~/src                             \
    --exclude '*.pyc'

# Backup home directories excluding image thumbnails (i.e. only
# /home/<one directory>/.thumbnails is excluded, not /home/*/*/.thumbnails etc.)
$ borg create /path/to/repo::my-files /home \
    --exclude 'sh:/home/*/.thumbnails'

# Backup the root filesystem into an archive named "root-YYYY-MM-DD"
# use zlib compression (good, but slow) - default is lz4 (fast, low compression ratio)
$ borg create -C zlib,6 /path/to/repo::root-{now:%Y-%m-%d} / --one-file-system

# Backup a remote host locally ("pull" style) using sshfs
$ mkdir sshfs-mount
$ sshfs root@example.com:/ sshfs-mount
$ cd sshfs-mount
$ borg create /path/to/repo::example.com-root-{now:%Y-%m-%d} .
$ cd ..
$ fusermount -u sshfs-mount

# Make a big effort in fine granular deduplication (big chunk management
# overhead, needs a lot of RAM and disk space, see formula in internals
# docs - same parameters as borg < 1.0 or attic):
$ borg create --chunker-params 10,23,16,4095 /path/to/repo::small /smallstuff

# Backup a raw device (must not be active/in use/mounted at that time)
$ dd if=/dev/sdx bs=10M | borg create /path/to/repo::my-sdx -

# No compression (none)
$ borg create --compression none /path/to/repo::arch ~

# Super fast, low compression (lz4, default)
$ borg create /path/to/repo::arch ~

# Less fast, higher compression (zlib, N = 0..9)
$ borg create --compression zlib,N /path/to/repo::arch ~

# Even slower, even higher compression (lzma, N = 0..9)
$ borg create --compression lzma,N /path/to/repo::arch ~

# Only compress compressible data with lzma,N (N = 0..9)
$ borg create --compression auto,lzma,N /path/to/repo::arch ~

# Use short hostname, user name and current time in archive name
$ borg create /path/to/repo::{hostname}-{user}-{now} ~
# Similar, use the same datetime format as borg 1.1 will have as default
$ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S} ~
# As above, but add nanoseconds
$ borg create /path/to/repo::{hostname}-{user}-{now:%Y-%m-%dT%H:%M:%S.%f} ~

# Backing up relative paths by moving into the correct directory first
$ cd /home/user/Documents
# The root directory of the archive will be "projectA"
$ borg create /path/to/repo::daily-projectA-{now:%Y-%m-%d} projectA

Borg Extract

borg [common options] extract [options] ARCHIVE [PATH...]

Description

This command extracts the contents of an archive. By default the entire archive is extracted but a subset of files and directories can be selected by passing a list of PATHs as arguments. The file selection can further be restricted by using the --exclude option.

See the output of the “borg help patterns” command for more help on exclude patterns.

By using --dry-run, you can do all extraction steps except actually writing the output data: reading metadata and data chunks from the repo, checking the hash/hmac, decrypting, decompressing.

--progress can be slower than no progress display, since it makes one additional pass over the archive metadata.

NOTE:

Currently, extract always writes into the current working directory (“.”), so make sure you cd to the right place before calling borg extract.

Examples

# Extract entire archive
$ borg extract /path/to/repo::my-files

# Extract entire archive and list files while processing
$ borg extract --list /path/to/repo::my-files

# Verify whether an archive could be successfully extracted, but do not write files to disk
$ borg extract --dry-run /path/to/repo::my-files

# Extract the "src" directory
$ borg extract /path/to/repo::my-files home/USERNAME/src

# Extract the "src" directory but exclude object files
$ borg extract /path/to/repo::my-files home/USERNAME/src --exclude '*.o'

# Restore a raw device (must not be active/in use/mounted at that time)
$ borg extract --stdout /path/to/repo::my-sdx | dd of=/dev/sdx bs=10M

Borg Check

borg [common options] check [options] [REPOSITORY_OR_ARCHIVE]

Description

The check command verifies the consistency of a repository and the corresponding archives.

First, the underlying repository data files are checked:

  • For all segments the segment magic (header) is checked
  • For all objects stored in the segments, all metadata (e.g. crc and size) and all data is read. The read data is checked by size and CRC. Bit rot and other types of accidental damage can be detected this way.
  • If we are in repair mode and a integrity error is detected for a segment, we try to recover as many objects from the segment as possible.
  • In repair mode, it makes sure that the index is consistent with the data stored in the segments.
  • If you use a remote repo server via ssh:, the repo check is executed on the repo server without causing significant network traffic.
  • The repository check can be skipped using the --archives-only option.

Second, the consistency and correctness of the archive metadata is verified:

  • Is the repo manifest present? If not, it is rebuilt from archive metadata chunks (this requires reading and decrypting of all metadata and data).
  • Check if archive metadata chunk is present. if not, remove archive from manifest.
  • For all files (items) in the archive, for all chunks referenced by these files, check if chunk is present. If a chunk is not present and we are in repair mode, replace it with a same-size replacement chunk of zeros. If a previously lost chunk reappears (e.g. via a later backup) and we are in repair mode, the all-zero replacement chunk will be replaced by the correct chunk. This requires reading of archive and file metadata, but not data.
  • If we are in repair mode and we checked all the archives: delete orphaned chunks from the repo.
  • if you use a remote repo server via ssh:, the archive check is executed on the client machine (because if encryption is enabled, the checks will require decryption and this is always done client-side, because key access will be required).
  • The archive checks can be time consuming, they can be skipped using the --repository-only option.

The --verify-data option will perform a full integrity verification (as opposed to checking the CRC32 of the segment) of data, which means reading the data from the repository, decrypting and decompressing it. This is a cryptographic verification, which will detect (accidental) corruption. For encrypted repositories it is tamper-resistant as well, unless the attacker has access to the keys.

It is also very slow.

Borg Rename

borg [common options] rename [options] ARCHIVE NEWNAME

Description

This command renames an archive in the repository.

This results in a different archive ID.

Examples

$ borg create /path/to/repo::archivename ~
$ borg list /path/to/repo
archivename                          Mon, 2016-02-15 19:50:19

$ borg rename /path/to/repo::archivename newname
$ borg list /path/to/repo
newname                              Mon, 2016-02-15 19:50:19

Borg List

borg [common options] list [options] [REPOSITORY_OR_ARCHIVE] [PATH...]

Description

This command lists the contents of a repository or an archive.

See the “borg help patterns” command for more help on exclude patterns.

The following keys are available for --format:

  • NEWLINE: OS dependent line separator
  • NL: alias of NEWLINE
  • NUL: NUL character for creating print0 / xargs -0 like output, see barchive/bpath
  • SPACE
  • TAB
  • CR
  • LF

Keys for listing repository archives:

  • name: archive name interpreted as text (might be missing non-text characters, see barchive)
  • archive: archive name interpreted as text (might be missing non-text characters, see barchive)
  • barchive: verbatim archive name, can contain any character except NUL
  • comment: archive comment interpreted as text (might be missing non-text characters, see bcomment)
  • bcomment: verbatim archive comment, can contain any character except NUL
  • id: internal ID of the archive
  • time: time (start) of creation of the archive
  • start: time (start) of creation of the archive
  • end: time (end) of creation of the archive

Keys for listing archive files:

  • type
  • mode
  • uid
  • gid
  • user
  • group
  • path: path interpreted as text (might be missing non-text characters, see bpath)
  • bpath: verbatim POSIX path, can contain any character except NUL
  • source: link target for links (identical to linktarget)
  • linktarget
  • flags
  • size
  • csize: compressed size
  • dsize: deduplicated size
  • dcsize: deduplicated compressed size
  • num_chunks: number of chunks in this file
  • unique_chunks: number of unique chunks in this file
  • mtime
  • ctime
  • atime
  • isomtime
  • isoctime
  • isoatime
  • md5
  • sha1
  • sha224
  • sha256
  • sha384
  • sha512
  • archiveid
  • archivename
  • extra: prepends {source} with ” -> ” for soft links and ” link to ” for hard links
  • health: either “healthy” (file ok) or “broken” (if file has all-zero replacement chunks)

Examples

$ borg list /path/to/repo
Monday                               Mon, 2016-02-15 19:15:11
repo                                 Mon, 2016-02-15 19:26:54
root-2016-02-15                      Mon, 2016-02-15 19:36:29
newname                              Mon, 2016-02-15 19:50:19
...

$ borg list /path/to/repo::root-2016-02-15
drwxr-xr-x root   root          0 Mon, 2016-02-15 17:44:27 .
drwxrwxr-x root   root          0 Mon, 2016-02-15 19:04:49 bin
-rwxr-xr-x root   root    1029624 Thu, 2014-11-13 00:08:51 bin/bash
lrwxrwxrwx root   root          0 Fri, 2015-03-27 20:24:26 bin/bzcmp -> bzdiff
-rwxr-xr-x root   root       2140 Fri, 2015-03-27 20:24:22 bin/bzdiff
...

$ borg list /path/to/repo::archiveA --format="{mode} {user:6} {group:6} {size:8d} {isomtime} {path}{extra}{NEWLINE}"
drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 .
drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code
drwxrwxr-x user   user          0 Sun, 2015-02-01 11:00:00 code/myproject
-rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
...

Borg Diff

borg [common options] diff [options] REPO_ARCHIVE1 ARCHIVE2 [PATH...]

Description

This command finds differences (file contents, user/group/mode) between archives.

A repository location and an archive name must be specified for REPO_ARCHIVE1. ARCHIVE2 is just another archive name in same repository (no repository location allowed).

For archives created with Borg 1.1 or newer diff automatically detects whether the archives are created with the same chunker params. If so, only chunk IDs are compared, which is very fast.

For archives prior to Borg 1.1 chunk contents are compared by default. If you did not create the archives with different chunker params, pass --same-chunker-params. Note that the chunker params changed from Borg 0.xx to 1.0.

See the output of the “borg help patterns” command for more help on exclude patterns.

Examples

$ borg init -e=none testrepo
$ mkdir testdir
$ cd testdir
$ echo asdf > file1
$ dd if=/dev/urandom bs=1M count=4 > file2
$ touch file3
$ borg create ../testrepo::archive1 .

$ chmod a+x file1
$ echo "something" >> file2
$ borg create ../testrepo::archive2 .

$ rm file3
$ touch file4
$ borg create ../testrepo::archive3 .

$ cd ..
$ borg diff testrepo::archive1 archive2
[-rw-r--r-- -> -rwxr-xr-x] file1
   +135 B    -252 B file2

$ borg diff testrepo::archive2 archive3
added           0 B file4
removed         0 B file3

$ borg diff testrepo::archive1 archive3
[-rw-r--r-- -> -rwxr-xr-x] file1
   +135 B    -252 B file2
added           0 B file4
removed         0 B file3

Borg Delete

borg [common options] delete [options] [TARGET] [ARCHIVE...]

Description

This command deletes an archive from the repository or the complete repository. Disk space is reclaimed accordingly. If you delete the complete repository, the local cache for it (if any) is also deleted.

When using --stats, you will get some statistics about how much data was deleted - the “Deleted data” deduplicated size there is most interesting as that is how much your repository will shrink. Please note that the “All archives” stats refer to the state after deletion.

Examples

# delete a single backup archive:
$ borg delete /path/to/repo::Monday

# delete the whole repository and the related local cache:
$ borg delete /path/to/repo
You requested to completely DELETE the repository *including* all archives it contains:
repo                                 Mon, 2016-02-15 19:26:54
root-2016-02-15                      Mon, 2016-02-15 19:36:29
newname                              Mon, 2016-02-15 19:50:19
Type 'YES' if you understand this and want to continue: YES

Borg Prune

borg [common options] prune [options] [REPOSITORY]

Description

The prune command prunes a repository by deleting all archives not matching any of the specified retention options. This command is normally used by automated backup scripts wanting to keep a certain number of historic backups.

Also, prune automatically removes checkpoint archives (incomplete archives left behind by interrupted backup runs) except if the checkpoint is the latest archive (and thus still needed). Checkpoint archives are not considered when comparing archive counts against the retention limits (--keep-X).

If a prefix is set with -P, then only archives that start with the prefix are considered for deletion and only those archives count towards the totals specified by the rules. Otherwise, all archives in the repository are candidates for deletion! There is no automatic distinction between archives representing different contents. These need to be distinguished by specifying matching prefixes.

If you have multiple sequences of archives with different data sets (e.g. from different machines) in one shared repository, use one prune call per data set that matches only the respective archives using the -P option.

The --keep-within option takes an argument of the form “<int><char>”, where char is “H”, “d”, “w”, “m”, “y”. For example, --keep-within 2d means to keep all archives that were created within the past 48 hours. “1m” is taken to mean “31d”. The archives kept with this option do not count towards the totals specified by any other options.

A good procedure is to thin out more and more the older your backups get. As an example, --keep-daily 7 means to keep the latest backup on each day, up to 7 most recent days with backups (days without backups do not count). The rules are applied from secondly to yearly, and backups selected by previous rules do not count towards those of later rules. The time that each backup starts is used for pruning purposes. Dates and times are interpreted in the local timezone, and weeks go from Monday to Sunday. Specifying a negative number of archives to keep means that there is no limit.

The --keep-last N option is doing the same as --keep-secondly N (and it will keep the last N archives under the assumption that you do not create more than one backup archive in the same second).

When using --stats, you will get some statistics about how much data was deleted - the “Deleted data” deduplicated size there is most interesting as that is how much your repository will shrink. Please note that the “All archives” stats refer to the state after pruning.

Examples

Be careful, prune is a potentially dangerous command, it will remove backup archives.

The default of prune is to apply to all archives in the repository unless you restrict its operation to a subset of the archives using --prefix. When using --prefix, be careful to choose a good prefix - e.g. do not use a prefix “foo” if you do not also want to match “foobar”.

It is strongly recommended to always run prune -v --list --dry-run ... first so you will see what it would do without it actually doing anything.

# Keep 7 end of day and 4 additional end of week archives.
# Do a dry-run without actually deleting anything.
$ borg prune -v --list --dry-run --keep-daily=7 --keep-weekly=4 /path/to/repo

# Same as above but only apply to archive names starting with the hostname
# of the machine followed by a "-" character:
$ borg prune -v --list --keep-daily=7 --keep-weekly=4 --prefix='{hostname}-' /path/to/repo

# Keep 7 end of day, 4 additional end of week archives,
# and an end of month archive for every month:
$ borg prune -v --list --keep-daily=7 --keep-weekly=4 --keep-monthly=-1 /path/to/repo

# Keep all backups in the last 10 days, 4 additional end of week archives,
# and an end of month archive for every month:
$ borg prune -v --list --keep-within=10d --keep-weekly=4 --keep-monthly=-1 /path/to/repo

There is also a visualized prune example in docs/misc/prune-example.txt:

borg prune visualized
=====================

Assume it is 2016-01-01, today's backup has not yet been made and you have
created at least one backup on each day in 2015 except on 2015-12-19 (no
backup made on that day).

This is what borg prune --keep-daily 14 --keep-monthly 6 would keep.

Backups kept by the --keep-daily rule are marked by a "d" to the right,
backups kept by the --keep-monthly rule are marked by a "m" to the right.

Calendar view
-------------

                            2015
      January               February               March
Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
          1  2  3  4                     1                     1
 5  6  7  8  9 10 11   2  3  4  5  6  7  8   2  3  4  5  6  7  8
12 13 14 15 16 17 18   9 10 11 12 13 14 15   9 10 11 12 13 14 15
19 20 21 22 23 24 25  16 17 18 19 20 21 22  16 17 18 19 20 21 22
26 27 28 29 30 31     23 24 25 26 27 28     23 24 25 26 27 28 29
                                            30 31

       April                  May                   June
Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
       1  2  3  4  5               1  2  3   1  2  3  4  5  6  7
 6  7  8  9 10 11 12   4  5  6  7  8  9 10   8  9 10 11 12 13 14
13 14 15 16 17 18 19  11 12 13 14 15 16 17  15 16 17 18 19 20 21
20 21 22 23 24 25 26  18 19 20 21 22 23 24  22 23 24 25 26 27 28
27 28 29 30           25 26 27 28 29 30 31  29 30m


        July                 August              September
Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
       1  2  3  4  5                  1  2      1  2  3  4  5  6
 6  7  8  9 10 11 12   3  4  5  6  7  8  9   7  8  9 10 11 12 13
13 14 15 16 17 18 19  10 11 12 13 14 15 16  14 15 16 17 18 19 20
20 21 22 23 24 25 26  17 18 19 20 21 22 23  21 22 23 24 25 26 27
27 28 29 30 31m       24 25 26 27 28 29 30  28 29 30m
                      31m

      October               November              December
Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su  Mo Tu We Th Fr Sa Su
          1  2  3  4                     1      1  2  3  4  5  6
 5  6  7  8  9 10 11   2  3  4  5  6  7  8   7  8  9 10 11 12 13
12 13 14 15 16 17 18   9 10 11 12 13 14 15  14 15 16 17d18d19 20d
19 20 21 22 23 24 25  16 17 18 19 20 21 22  21d22d23d24d25d26d27d
26 27 28 29 30 31m    23 24 25 26 27 28 29  28d29d30d31d
                      30m

List view
---------

--keep-daily 14     --keep-monthly 6
-------------------------------------------------
 1. 2015-12-31          (2015-12-31 kept by daily rule)
 2. 2015-12-30       1. 2015-11-30
 3. 2015-12-29       2. 2015-10-31
 4. 2015-12-28       3. 2015-09-30
 5. 2015-12-27       4. 2015-08-31
 6. 2015-12-26       5. 2015-07-31
 7. 2015-12-25       6. 2015-06-30
 8. 2015-12-24
 9. 2015-12-23
10. 2015-12-22
11. 2015-12-21
12. 2015-12-20
    (no backup made on 2015-12-19)
13. 2015-12-18
14. 2015-12-17


Notes
-----

2015-12-31 is kept due to the --keep-daily 14 rule (because it is applied
first), not due to the --keep-monthly rule.

Because of that, the --keep-monthly 6 rule keeps Nov, Oct, Sep, Aug, Jul and
Jun. December is not considered for this rule, because that backup was already
kept because of the daily rule.

2015-12-17 is kept to satisfy the --keep-daily 14 rule - because no backup was
made on 2015-12-19. If a backup had been made on that day, it would not keep
the one from 2015-12-17.

We did not include yearly, weekly, hourly, minutely or secondly rules to keep
this example simple. They all work in basically the same way.

The weekly rule is easy to understand roughly, but hard to understand in all
details. If interested, read "ISO 8601:2000 standard week-based year".

Borg Info

borg [common options] info [options] [REPOSITORY_OR_ARCHIVE]

Description

This command displays detailed information about the specified archive or repository.

Please note that the deduplicated sizes of the individual archives do not add up to the deduplicated size of the repository (“all archives”), because the two are meaning different things:

This archive / deduplicated size = amount of data stored ONLY for this archive = unique chunks of this archive. All archives / deduplicated size = amount of data stored in the repo = all chunks in the repository.

Borg archives can only contain a limited amount of file metadata. The size of an archive relative to this limit depends on a number of factors, mainly the number of files, the lengths of paths and other metadata stored for files. This is shown as utilization of maximum supported archive size.

Examples

$ borg info /path/to/repo::2017-06-29T11:00-srv
Archive name: 2017-06-29T11:00-srv
Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
Comment:
Hostname: myhostname
Username: root
Time (start): Thu, 2017-06-29 11:03:07
Time (end): Thu, 2017-06-29 11:03:13
Duration: 5.66 seconds
Number of files: 17037
Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
Utilization of max. archive size: 0%
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
This archive:               12.53 GB             12.49 GB              1.62 kB
All archives:              121.82 TB            112.41 TB            215.42 GB

                       Unique chunks         Total chunks
Chunk index:                 1015213            626934122

$ borg info /path/to/repo --last 1
Archive name: 2017-06-29T11:00-srv
Archive fingerprint: b2f1beac2bd553b34e06358afa45a3c1689320d39163890c5bbbd49125f00fe5
Comment:
Hostname: myhostname
Username: root
Time (start): Thu, 2017-06-29 11:03:07
Time (end): Thu, 2017-06-29 11:03:13
Duration: 5.66 seconds
Number of files: 17037
Command line: /usr/sbin/borg create /path/to/repo::2017-06-29T11:00-srv /srv
Utilization of max. archive size: 0%
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
This archive:               12.53 GB             12.49 GB              1.62 kB
All archives:              121.82 TB            112.41 TB            215.42 GB

                       Unique chunks         Total chunks
Chunk index:                 1015213            626934122

$ borg info /path/to/repo
Repository ID: d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
Location: /path/to/repo
Encrypted: Yes (repokey)
Cache: /root/.cache/borg/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
Security dir: /root/.config/borg/security/d857ce5788c51272c61535062e89eac4e8ef5a884ffbe976e0af9d8765dedfa5
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
All archives:              121.82 TB            112.41 TB            215.42 GB

                       Unique chunks         Total chunks
Chunk index:                 1015213            626934122

Borg Mount

borg [common options] mount [options] REPOSITORY_OR_ARCHIVE MOUNTPOINT

Description

This command mounts an archive as a FUSE filesystem. This can be useful for browsing an archive or restoring individual files. Unless the --foreground option is given the command will run in the background until the filesystem is umounted.

The command borgfs provides a wrapper for borg mount. This can also be used in fstab entries: /path/to/repo /mnt/point fuse.borgfs defaults,noauto 0 0

To allow a regular user to use fstab entries, add the user option: /path/to/repo /mnt/point fuse.borgfs defaults,noauto,user 0 0

For mount options, see the fuse(8) manual page. Additional mount options supported by borg:

  • versions: when used with a repository mount, this gives a merged, versioned view of the files in the archives. EXPERIMENTAL, layout may change in future.
  • allow_damaged_files: by default damaged files (where missing chunks were replaced with runs of zeros by borg check --repair) are not readable and return EIO (I/O error). Set this option to read such files.

The BORG_MOUNT_DATA_CACHE_ENTRIES environment variable is meant for advanced users to tweak the performance. It sets the number of cached data chunks; additional memory usage can be up to ~8 MiB times this number. The default is the number of CPU cores.

When the daemonized process receives a signal or crashes, it does not unmount. Unmounting in these cases could cause an active rsync or similar process to unintentionally delete data.

When running in the foreground ^C/SIGINT unmounts cleanly, but other signals or crashes do not.

Borg Umount

borg [common options] umount [options] MOUNTPOINT

Description

This command un-mounts a FUSE filesystem that was mounted with borg mount.

This is a convenience wrapper that just calls the platform-specific shell command - usually this is either umount or fusermount -u.

Examples

# Mounting the repository shows all archives.
# Archives are loaded lazily, expect some delay when navigating to an archive
# for the first time.
$ borg mount /path/to/repo /tmp/mymountpoint
$ ls /tmp/mymountpoint
root-2016-02-14 root-2016-02-15
$ borg umount /tmp/mymountpoint

# Mounting a specific archive is possible as well.
$ borg mount /path/to/repo::root-2016-02-15 /tmp/mymountpoint
$ ls /tmp/mymountpoint
bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt
root  sbin  srv  tmp  usr  var
$ borg umount /tmp/mymountpoint

# The experimental "versions view" merges all archives in the repository
# and provides a versioned view on files.
$ borg mount -o versions /path/to/repo /tmp/mymountpoint
$ ls -l /tmp/mymountpoint/home/user/doc.txt/
total 24
-rw-rw-r-- 1 user group 12357 Aug 26 21:19 doc.cda00bc9.txt
-rw-rw-r-- 1 user group 12204 Aug 26 21:04 doc.fa760f28.txt
$ borg umount /tmp/mymountpoint

# Archive filters are supported.
# These are especially handy for the "versions view",
# which does not support lazy processing of archives.
$ borg mount -o versions --glob-archives '*-my-home' --last 10 /path/to/repo /tmp/mymountpoint

borgfs

$ echo '/mnt/backup /tmp/myrepo fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
$ echo '/mnt/backup::root-2016-02-15 /tmp/myarchive fuse.borgfs defaults,noauto 0 0' >> /etc/fstab
$ mount /tmp/myrepo
$ mount /tmp/myarchive
$ ls /tmp/myrepo
root-2016-02-01 root-2016-02-2015
$ ls /tmp/myarchive
bin  boot  etc      home  lib  lib64  lost+found  media  mnt  opt  root  sbin  srv  tmp  usr  var
NOTE:

borgfs will be automatically provided if you used a distribution package, pip or setup.py to install Borg. Users of the standalone binary will have to manually create a symlink (see pyinstaller-binary).

Borg Key Change-Passphrase

borg [common options] key change-passphrase [options] [REPOSITORY]

Description

The key files used for repository encryption are optionally passphrase protected. This command can be used to change this passphrase.

Please note that this command only changes the passphrase, but not any secret protected by it (like e.g. encryption/MAC keys or chunker seed). Thus, changing the passphrase after passphrase and borg key got compromised does not protect future (nor past) backups to the same repository.

Examples

# Create a key file protected repository
$ borg init --encryption=keyfile -v /path/to/repo
Initializing repository at "/path/to/repo"
Enter new passphrase:
Enter same passphrase again:
Remember your passphrase. Your data will be inaccessible without it.
Key in "/root/.config/borg/keys/mnt_backup" created.
Keep this key safe. Your data will be inaccessible without it.
Synchronizing chunks cache...
Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
Done.

# Change key file passphrase
$ borg key change-passphrase -v /path/to/repo
Enter passphrase for key /root/.config/borg/keys/mnt_backup:
Enter new passphrase:
Enter same passphrase again:
Remember your passphrase. Your data will be inaccessible without it.
Key updated

Fully automated using environment variables:

$ BORG_NEW_PASSPHRASE=old borg init -e=repokey repo
# now "old" is the current passphrase.
$ BORG_PASSPHRASE=old BORG_NEW_PASSPHRASE=new borg key change-passphrase repo
# now "new" is the current passphrase.

Borg Key Export

borg [common options] key export [options] [REPOSITORY] [PATH]

Description

If repository encryption is used, the repository is inaccessible without the key. This command allows to backup this essential key.

There are two backup formats. The normal backup format is suitable for digital storage as a file. The --paper backup format is optimized for printing and typing in while importing, with per line checks to reduce problems with manual input.

For repositories using keyfile encryption the key is saved locally on the system that is capable of doing backups. To guard against loss of this key, the key needs to be backed up independently of the main data backup.

For repositories using the repokey encryption the key is saved in the repository in the config file. A backup is thus not strictly needed, but guards against the repository becoming inaccessible if the file is damaged for some reason.

Borg Key Import

borg [common options] key import [options] [REPOSITORY] [PATH]

Description

This command allows to restore a key previously backed up with the export command.

If the --paper option is given, the import will be an interactive process in which each line is checked for plausibility before proceeding to the next line. For this format PATH must not be given.

Borg Upgrade

borg [common options] upgrade [options] [REPOSITORY]

Description

Upgrade an existing, local Borg repository.

When you do not need borg upgrade

Not every change requires that you run borg upgrade.

You do not need to run it when:

  • moving your repository to a different place
  • upgrading to another point release (like 1.0.x to 1.0.y), except when noted otherwise in the changelog
  • upgrading from 1.0.x to 1.1.x, except when noted otherwise in the changelog

Borg 1.x.y upgrades

Use borg upgrade --tam REPO to require manifest authentication introduced with Borg 1.0.9 to address security issues. This means that modifying the repository after doing this with a version prior to 1.0.9 will raise a validation error, so only perform this upgrade after updating all clients using the repository to 1.0.9 or newer.

This upgrade should be done on each client for safety reasons.

If a repository is accidentally modified with a pre-1.0.9 client after this upgrade, use borg upgrade --tam --force REPO to remedy it.

If you routinely do this you might not want to enable this upgrade (which will leave you exposed to the security issue). You can reverse the upgrade by issuing borg upgrade --disable-tam REPO.

See https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability for details.

Attic and Borg 0.xx to Borg 1.x

This currently supports converting an Attic repository to Borg and also helps with converting Borg 0.xx to 1.0.

Currently, only LOCAL repositories can be upgraded (issue #465).

Please note that borg create (since 1.0.0) uses bigger chunks by default than old borg or attic did, so the new chunks won’t deduplicate with the old chunks in the upgraded repository. See --chunker-params option of borg create and borg recreate.

borg upgrade will change the magic strings in the repository’s segments to match the new Borg magic strings. The keyfiles found in $ATTIC_KEYS_DIR or ~/.attic/keys/ will also be converted and copied to $BORG_KEYS_DIR or ~/.config/borg/keys.

The cache files are converted, from $ATTIC_CACHE_DIR or ~/.cache/attic to $BORG_CACHE_DIR or ~/.cache/borg, but the cache layout between Borg and Attic changed, so it is possible the first backup after the conversion takes longer than expected due to the cache resync.

Upgrade should be able to resume if interrupted, although it will still iterate over all segments. If you want to start from scratch, use borg delete over the copied repository to make sure the cache files are also removed:

borg delete borg

Unless --inplace is specified, the upgrade process first creates a backup copy of the repository, in REPOSITORY.before-upgrade-DATETIME, using hardlinks. This requires that the repository and its parent directory reside on same filesystem so the hardlink copy can work. This takes longer than in place upgrades, but is much safer and gives progress information (as opposed to cp -al). Once you are satisfied with the conversion, you can safely destroy the backup copy.

WARNING: Running the upgrade in place will make the current copy unusable with older version, with no way of going back to previous versions. This can PERMANENTLY DAMAGE YOUR REPOSITORY!  Attic CAN NOT READ BORG REPOSITORIES, as the magic strings have changed. You have been warned.

Examples

# Upgrade the borg repository to the most recent version.
$ borg upgrade -v /path/to/repo
making a hardlink copy in /path/to/repo.before-upgrade-2016-02-15-20:51:55
opening attic repository with borg and converting
no key file found for repository
converting repo index /path/to/repo/index.0
converting 1 segments...
converting borg 0.xx to borg current
no key file found for repository

Upgrading a passphrase encrypted attic repo

attic offered a “passphrase” encryption mode, but this was removed in borg 1.0 and replaced by the “repokey” mode (which stores the passphrase-protected encryption key into the repository config).

Thus, to upgrade a “passphrase” attic repo to a “repokey” borg repo, 2 steps are needed, in this order:

  • borg upgrade repo
  • borg key migrate-to-repokey repo

Borg Recreate

borg [common options] recreate [options] [REPOSITORY_OR_ARCHIVE] [PATH...]

Description

Recreate the contents of existing archives.

This is an experimental feature. Do not use this on your only backup.

--exclude, --exclude-from, --exclude-if-present, --keep-exclude-tags, and PATH have the exact same semantics as in “borg create”. If PATHs are specified the resulting archive will only contain files from these PATHs.

Note that all paths in an archive are relative, therefore absolute patterns/paths will not match (--exclude, --exclude-from, PATHs).

--recompress allows to change the compression of existing data in archives. Due to how Borg stores compressed size information this might display incorrect information for archives that were not recreated at the same time. There is no risk of data loss by this.

--chunker-params will re-chunk all files in the archive, this can be used to have upgraded Borg 0.xx or Attic archives deduplicate with Borg 1.x archives.

USE WITH CAUTION. Depending on the PATHs and patterns given, recreate can be used to permanently delete files from archives. When in doubt, use --dry-run --verbose --list to see how patterns/PATHS are interpreted.

The archive being recreated is only removed after the operation completes. The archive that is built during the operation exists at the same time at “<ARCHIVE>.recreate”. The new archive will have a different archive ID.

With --target the original archive is not replaced, instead a new archive is created.

When rechunking space usage can be substantial, expect at least the entire deduplicated size of the archives using the previous chunker params. When recompressing expect approx. (throughput / checkpoint-interval) in space usage, assuming all chunks are recompressed.

If you recently ran borg check –repair and it had to fix lost chunks with all-zero replacement chunks, please first run another backup for the same data and re-run borg check –repair afterwards to heal any archives that had lost chunks which are still generated from the input data.

Important: running borg recreate to re-chunk will remove the chunks_healthy metadata of all items with replacement chunks, so healing will not be possible any more after re-chunking (it is also unlikely it would ever work: due to the change of chunking parameters, the missing chunk likely will never be seen again even if you still have the data that produced it).

Examples

# Make old (Attic / Borg 0.xx) archives deduplicate with Borg 1.x archives.
# Archives created with Borg 1.1+ and the default chunker params are skipped
# (archive ID stays the same).
$ borg recreate /mnt/backup --chunker-params default --progress

# Create a backup with little but fast compression
$ borg create /mnt/backup::archive /some/files --compression lz4
# Then compress it - this might take longer, but the backup has already completed,
# so no inconsistencies from a long-running backup job.
$ borg recreate /mnt/backup::archive --recompress --compression zlib,9

# Remove unwanted files from all archives in a repository.
# Note the relative path for the --exclude option - archives only contain relative paths.
$ borg recreate /mnt/backup --exclude home/icke/Pictures/drunk_photos

# Change archive comment
$ borg create --comment "This is a comment" /mnt/backup::archivename ~
$ borg info /mnt/backup::archivename
Name: archivename
Fingerprint: ...
Comment: This is a comment
...
$ borg recreate --comment "This is a better comment" /mnt/backup::archivename
$ borg info /mnt/backup::archivename
Name: archivename
Fingerprint: ...
Comment: This is a better comment
...

Borg Export-Tar

borg [common options] export-tar [options] ARCHIVE FILE [PATH...]

Description

This command creates a tarball from an archive.

When giving ‘-‘ as the output FILE, Borg will write a tar stream to standard output.

By default (--tar-filter=auto) Borg will detect whether the FILE should be compressed based on its file extension and pipe the tarball through an appropriate filter before writing it to FILE:

  • .tar.gz: gzip
  • .tar.bz2: bzip2
  • .tar.xz: xz

Alternatively a --tar-filter program may be explicitly specified. It should read the uncompressed tar stream from stdin and write a compressed/filtered tar stream to stdout.

The generated tarball uses the GNU tar format.

export-tar is a lossy conversion: BSD flags, ACLs, extended attributes (xattrs), atime and ctime are not exported. Timestamp resolution is limited to whole seconds, not the nanosecond resolution otherwise supported by Borg.

A --sparse option (as found in borg extract) is not supported.

By default the entire archive is extracted but a subset of files and directories can be selected by passing a list of PATHs as arguments. The file selection can further be restricted by using the --exclude option.

See the output of the “borg help patterns” command for more help on exclude patterns.

--progress can be slower than no progress display, since it makes one additional pass over the archive metadata.

Examples

# export as uncompressed tar
$ borg export-tar /path/to/repo::Monday Monday.tar

# exclude some types, compress using gzip
$ borg export-tar /path/to/repo::Monday Monday.tar.gz --exclude '*.so'

# use higher compression level with gzip
$ borg export-tar testrepo::linux --tar-filter="gzip -9" Monday.tar.gz

# export a gzipped tar, but instead of storing it on disk,
# upload it to a remote site using curl.
$ borg export-tar ... --tar-filter="gzip" - | curl --data-binary @- https://somewhere/to/POST

# remote extraction via "tarpipe"
$ borg export-tar /path/to/repo::Monday - | ssh somewhere "cd extracted; tar x"

Borg Serve

borg [common options] serve [options]

Description

This command starts a repository server process. This command is usually not used manually.

Examples

borg serve has special support for ssh forced commands (see authorized_keys example below): it will detect that you use such a forced command and extract the value of the --restrict-to-path option(s).

It will then parse the original command that came from the client, makes sure that it is also borg serve and enforce path restriction(s) as given by the forced command. That way, other options given by the client (like --info or --umask) are preserved (and are not fixed by the forced command).

Environment variables (such as BORG_HOSTNAME_IS_UNIQUE) contained in the original command sent by the client are not interpreted, but ignored. If BORG_XXX environment variables should be set on the borg serve side, then these must be set in system-specific locations like /etc/environment or in the forced command itself (example below).

# Allow an SSH keypair to only run borg, and only have access to /path/to/repo.
# Use key options to disable unneeded and potentially dangerous SSH functionality.
# This will help to secure an automated remote backup system.
$ cat ~/.ssh/authorized_keys
command="borg serve --restrict-to-path /path/to/repo",restrict ssh-rsa AAAAB3[...]

# Set a BORG_XXX environment variable on the "borg serve" side
$ cat ~/.ssh/authorized_keys
command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa [...]
NOTE:

The examples above use the restrict directive. This does automatically block potential dangerous ssh features, even when they are added in a future update. Thus, this option should be preferred.

If you’re using openssh-server < 7.2, however, you have to explicitly specify the ssh features to restrict and cannot simply use the restrict option as it has been introduced in v7.2. We recommend to use no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc in this case.

Borg with-Lock

borg [common options] with-lock [options] REPOSITORY COMMAND [ARGS...]

Description

This command runs a user-specified command while the repository lock is held.

It will first try to acquire the lock (make sure that no other operation is running in the repo), then execute the given command as a subprocess and wait for its termination, release the lock and return the user command’s return code as borg’s return code.

NOTE:

If you copy a repository with the lock held, the lock will be present in the copy. Thus, before using borg on the copy from a different host, you need to use “borg break-lock” on the copied repository, because Borg is cautious and does not automatically remove stale locks made by a different host.

Borg Break-Lock

borg [common options] break-lock [options] [REPOSITORY]

Description

This command breaks the repository and cache locks. Please use carefully and only while no borg process (on any machine) is trying to access the Cache or the Repository.

Borg Benchmark Crud

borg [common options] benchmark crud [options] REPO PATH

Description

This command benchmarks borg CRUD (create, read, update, delete) operations.

It creates input data below the given PATH and backups this data into the given REPO. The REPO must already exist (it could be a fresh empty repo or an existing repo, the command will create / read / update / delete some archives named borg-test-data* there.

Make sure you have free space there, you’ll need about 1GB each (+ overhead).

If your repository is encrypted and borg needs a passphrase to unlock the key, use:

BORG_PASSPHRASE=mysecret borg benchmark crud REPO PATH

Measurements are done with different input file sizes and counts. The file contents are very artificial (either all zero or all random), thus the measurement results do not necessarily reflect performance with real data. Also, due to the kind of content used, no compression is used in these benchmarks.

C- == borg create (1st archive creation, no compression, do not use files cache)

C-Z- == all-zero files. full dedup, this is primarily measuring reader/chunker/hasher. C-R- == random files. no dedup, measuring throughput through all processing stages.

R- == borg extract (extract archive, dry-run, do everything, but do not write files to disk)

R-Z- == all zero files. Measuring heavily duplicated files. R-R- == random files. No duplication here, measuring throughput through all processing

stages, except writing to disk.

U- == borg create (2nd archive creation of unchanged input files, measure files cache speed)

The throughput value is kind of virtual here, it does not actually read the file. U-Z- == needs to check the 2 all-zero chunks’ existence in the repo. U-R- == needs to check existence of a lot of different chunks in the repo.

D- == borg delete archive (delete last remaining archive, measure deletion + compaction)

D-Z- == few chunks to delete / few segments to compact/remove. D-R- == many chunks to delete / many segments to compact/remove.

Please note that there might be quite some variance in these measurements. Try multiple measurements and having a otherwise idle machine (and network, if you use it).

Miscellaneous Help

borg help patterns

File patterns support these styles: fnmatch, shell, regular expressions, path prefixes and path full-matches. By default, fnmatch is used for --exclude patterns and shell-style is used for the experimental --pattern option.

If followed by a colon (‘:’) the first two characters of a pattern are used as a style selector. Explicit style selection is necessary when a non-default style is desired or when the desired pattern starts with two alphanumeric characters followed by a colon (i.e. aa:something/*).

Fnmatch, selector fm:

This is the default style for --exclude and --exclude-from. These patterns use a variant of shell pattern syntax, with ‘*’ matching any number of characters, ‘?’ matching any single character, ‘[…]’ matching any single character specified, including ranges, and ‘[!…]’ matching any character not specified. For the purpose of these patterns, the path separator (‘’ for Windows and ‘/’ on other systems) is not treated specially. Wrap meta-characters in brackets for a literal match (i.e. [?] to match the literal character ?). For a path to match a pattern, it must completely match from start to end, or must match from the start to just before a path separator. Except for the root path, paths will never end in the path separator when matching is attempted.  Thus, if a given pattern ends in a path separator, a ‘*’ is appended before matching is attempted.

Shell-style patterns, selector sh:

This is the default style for --pattern and --patterns-from. Like fnmatch patterns these are similar to shell patterns. The difference is that the pattern may include **/ for matching zero or more directory levels, * for matching zero or more arbitrary characters with the exception of any path separator.

Regular expressions, selector re:

Regular expressions similar to those found in Perl are supported. Unlike shell patterns regular expressions are not required to match the complete path and any substring match is sufficient. It is strongly recommended to anchor patterns to the start (‘^’), to the end (‘$’) or both. Path separators (‘’ for Windows and ‘/’ on other systems) in paths are always normalized to a forward slash (‘/’) before applying a pattern. The regular expression syntax is described in the Python documentation for the re module.

Path prefix, selector pp:

This pattern style is useful to match whole sub-directories. The pattern pp:/data/bar matches /data/bar and everything therein.

Path full-match, selector pf:

This pattern style is useful to match whole paths. This is kind of a pseudo pattern as it can not have any variable or unspecified parts - the full, precise path must be given. pf:/data/foo.txt matches /data/foo.txt only.

Implementation note: this is implemented via very time-efficient O(1) hashtable lookups (this means you can have huge amounts of such patterns without impacting performance much). Due to that, this kind of pattern does not respect any context or order. If you use such a pattern to include a file, it will always be included (if the directory recursion encounters it). Other include/exclude patterns that would normally match will be ignored. Same logic applies for exclude.

NOTE:

re:, sh: and fm: patterns are all implemented on top of the Python SRE engine. It is very easy to formulate patterns for each of these types which requires an inordinate amount of time to match paths. If untrusted users are able to supply patterns, ensure they cannot supply re: patterns. Further, ensure that sh: and fm: patterns only contain a handful of wildcards at most.

Exclusions can be passed via the command line option --exclude. When used from within a shell the patterns should be quoted to protect them from expansion.

The --exclude-from option permits loading exclusion patterns from a text file with one pattern per line. Lines empty or starting with the number sign (‘#’) after removing whitespace on both ends are ignored. The optional style selector prefix is also supported for patterns loaded from a file. Due to whitespace removal paths with whitespace at the beginning or end can only be excluded using regular expressions.

Examples:

# Exclude '/home/user/file.o' but not '/home/user/file.odt':
$ borg create -e '*.o' backup /

# Exclude '/home/user/junk' and '/home/user/subdir/junk' but
# not '/home/user/importantjunk' or '/etc/junk':
$ borg create -e '/home/*/junk' backup /

# Exclude the contents of '/home/user/cache' but not the directory itself:
$ borg create -e /home/user/cache/ backup /

# The file '/home/user/cache/important' is *not* backed up:
$ borg create -e /home/user/cache/ backup / /home/user/cache/important

# The contents of directories in '/home' are not backed up when their name
# ends in '.tmp'
$ borg create --exclude 're:^/home/[^/]+\.tmp/' backup /

# Load exclusions from file
$ cat >exclude.txt <<EOF
# Comment line
/home/*/junk
*.tmp
fm:aa:something/*
re:^/home/[^/]\.tmp/
sh:/home/*/.thumbnails
EOF
$ borg create --exclude-from exclude.txt backup /

A more general and easier to use way to define filename matching patterns exists with the experimental --pattern and --patterns-from options. Using these, you may specify the backup roots (starting points) and patterns for inclusion/exclusion. A root path starts with the prefix R, followed by a path (a plain path, not a file pattern). An include rule starts with the prefix +, an exclude rule starts with the prefix -, an exclude-norecurse rule starts with !, all followed by a pattern. Inclusion patterns are useful to include paths that are contained in an excluded path. The first matching pattern is used so if an include pattern matches before an exclude pattern, the file is backed up. If an exclude-norecurse pattern matches a directory, it won’t recurse into it and won’t discover any potential matches for include rules below that directory.

Note that the default pattern style for --pattern and --patterns-from is shell style (sh:), so those patterns behave similar to rsync include/exclude patterns. The pattern style can be set via the P prefix.

Patterns (--pattern) and excludes (--exclude) from the command line are considered first (in the order of appearance). Then patterns from --patterns-from are added. Exclusion patterns from --exclude-from files are appended last.

An example --patterns-from file could look like that:

# "sh:" pattern style is the default, so the following line is not needed:
P sh
R /
# can be rebuild
- /home/*/.cache
# they're downloads for a reason
- /home/*/Downloads
# susan is a nice person
# include susans home
+ /home/susan
# don't backup the other home directories
- /home/*

borg help placeholders

Repository (or Archive) URLs, --prefix and --remote-path values support these placeholders:

{hostname}

The (short) hostname of the machine.

{fqdn}

The full name of the machine.

{now}

The current local date and time, by default in ISO-8601 format. You can also supply your own format string, e.g. {now:%Y-%m-%d_%H:%M:%S}

{utcnow}

The current UTC date and time, by default in ISO-8601 format. You can also supply your own format string, e.g. {utcnow:%Y-%m-%d_%H:%M:%S}

{user}

The user name (or UID, if no name is available) of the user running borg.

{pid}

The current process ID.

{borgversion}

The version of borg, e.g.: 1.0.8rc1

{borgmajor}

The version of borg, only the major version, e.g.: 1

{borgminor}

The version of borg, only major and minor version, e.g.: 1.0

{borgpatch}

The version of borg, only major, minor and patch version, e.g.: 1.0.8

If literal curly braces need to be used, double them for escaping:

borg create /path/to/repo::{{literal_text}}

Examples:

borg create /path/to/repo::{hostname}-{user}-{utcnow} ...
borg create /path/to/repo::{hostname}-{now:%Y-%m-%d_%H:%M:%S} ...
borg prune --prefix '{hostname}-' ...
NOTE:

systemd uses a difficult, non-standard syntax for command lines in unit files (refer to the systemd.unit(5) manual page).

When invoking borg from unit files, pay particular attention to escaping, especially when using the now/utcnow placeholders, since systemd performs its own %-based variable replacement even in quoted text. To avoid interference from systemd, double all percent signs ({hostname}-{now:%Y-%m-%d_%H:%M:%S} becomes {hostname}-{now:%%Y-%%m-%%d_%%H:%%M:%%S}).

borg help compression

It is no problem to mix different compression methods in one repo, deduplication is done on the source data chunks (not on the compressed or encrypted data).

If some specific chunk was once compressed and stored into the repo, creating another backup that also uses this chunk will not change the stored chunk. So if you use different compression specs for the backups, whichever stores a chunk first determines its compression. See also borg recreate.

Compression is lz4 by default. If you want something else, you have to specify what you want.

Valid compression specifiers are:

none

Do not compress.

lz4

Use lz4 compression. High speed, low compression. (default)

zlib[,L]

Use zlib (“gz”) compression. Medium speed, medium compression. If you do not explicitely give the compression level L (ranging from 0 to 9), it will use level 6. Giving level 0 (means “no compression”, but still has zlib protocol overhead) is usually pointless, you better use “none” compression.

lzma[,L]

Use lzma (“xz”) compression. Low speed, high compression. If you do not explicitely give the compression level L (ranging from 0 to 9), it will use level 6. Giving levels above 6 is pointless and counterproductive because it does not compress better due to the buffer size used by borg - but it wastes lots of CPU cycles and RAM.

auto,C[,L]

Use a built-in heuristic to decide per chunk whether to compress or not. The heuristic tries with lz4 whether the data is compressible. For incompressible data, it will not use compression (uses “none”). For compressible data, it uses the given C[,L] compression - with C[,L] being any valid compression specifier.

Examples:

borg create --compression lz4 REPO::ARCHIVE data
borg create --compression zlib REPO::ARCHIVE data
borg create --compression zlib,1 REPO::ARCHIVE data
borg create --compression auto,lzma,6 REPO::ARCHIVE data
borg create --compression auto,lzma ...

Debugging Facilities

There is a borg debug command that has some subcommands which are all not intended for normal use and potentially very dangerous if used incorrectly.

For example, borg debug put-obj and borg debug delete-obj will only do what their name suggests: put objects into repo / delete objects from repo.

Please note:

They exist to improve debugging capabilities without direct system access, e.g. in case you ever run into some severe malfunction. Use them only if you know what you are doing or if a trusted Borg developer tells you what to do.

Borg has a --debug-topic TOPIC option to enable specific debugging messages. Topics are generally not documented.

A --debug-profile FILE option exists which writes a profile of the main program’s execution to a file. The format of these files is not directly compatible with the Python profiling tools, since these use the “marshal” format, which is not intended to be secure (quoting the Python docs: “Never unmarshal data received from an untrusted or unauthenticated source.”).

The borg debug profile-convert command can be used to take a Borg profile and convert it to a profile file that is compatible with the Python tools.

Additionally, if the filename specified for --debug-profile ends with “.pyprof” a Python compatible profile is generated. This is only intended for local use by developers.

Additional Notes

Here are misc. notes about topics that are maybe not covered in enough detail in the usage section.

--chunker-params

The chunker params influence how input files are cut into pieces (chunks) which are then considered for deduplication. They also have a big impact on resource usage (RAM and disk space) as the amount of resources needed is (also) determined by the total amount of chunks in the repository (see cache-memory-usage for details).

--chunker-params=10,23,16,4095 results in a fine-grained deduplication| and creates a big amount of chunks and thus uses a lot of resources to manage them. This is good for relatively small data volumes and if the machine has a good amount of free RAM and disk space.

--chunker-params=19,23,21,4095 (default) results in a coarse-grained deduplication and creates a much smaller amount of chunks and thus uses less resources. This is good for relatively big data volumes and if the machine has a relatively low amount of free RAM and disk space.

If you already have made some archives in a repository and you then change chunker params, this of course impacts deduplication as the chunks will be cut differently.

In the worst case (all files are big and were touched in between backups), this will store all content into the repository again.

Usually, it is not that bad though:

  • usually most files are not touched, so it will just re-use the old chunks it already has in the repo
  • files smaller than the (both old and new) minimum chunksize result in only one chunk anyway, so the resulting chunks are same and deduplication will apply

If you switch chunker params to save resources for an existing repo that already has some backup archives, you will see an increasing effect over time, when more and more files have been touched and stored again using the bigger chunksize and all references to the smaller older chunks have been removed (by deleting / pruning archives).

If you want to see an immediate big effect on resource usage, you better start a new repository when changing chunker params.

For more details, see chunker_details.

--noatime / --noctime

You can use these borg create options to not store the respective timestamp into the archive, in case you do not really need it.

Besides saving a little space for the not archived timestamp, it might also affect metadata stream deduplication: if only this timestamp changes between backups and is stored into the metadata stream, the metadata stream chunks won’t deduplicate just because of that.

--umask

If you use --umask, make sure that all repository-modifying borg commands (create, delete, prune) that access the repository in question use the same --umask value.

If multiple machines access the same repository, this should hold true for all of them.

--read-special

The --read-special option is special - you do not want to use it for normal full-filesystem backups, but rather after carefully picking some targets for it.

The option --read-special triggers special treatment for block and char device files as well as FIFOs. Instead of storing them as such a device (or FIFO), they will get opened, their content will be read and in the backup archive they will show up like a regular file.

Symlinks will also get special treatment if (and only if) they point to such a special file: instead of storing them as a symlink, the target special file will get processed as described above.

One intended use case of this is backing up the contents of one or multiple block devices, like e.g. LVM snapshots or inactive LVs or disk partitions.

You need to be careful about what you include when using --read-special, e.g. if you include /dev/zero, your backup will never terminate.

Restoring such files’ content is currently only supported one at a time via --stdout option (and you have to redirect stdout to where ever it shall go, maybe directly into an existing device file of your choice or indirectly via dd).

To some extent, mounting a backup archive with the backups of special files via borg mount and then loop-mounting the image files from inside the mount point will work. If you plan to access a lot of data in there, it likely will scale and perform better if you do not work via the FUSE mount.

Example

Imagine you have made some snapshots of logical volumes (LVs) you want to backup.

NOTE:

For some scenarios, this is a good method to get “crash-like” consistency (I call it crash-like because it is the same as you would get if you just hit the reset button or your machine would abrubtly and completely crash). This is better than no consistency at all and a good method for some use cases, but likely not good enough if you have databases running.

Then you create a backup archive of all these snapshots. The backup process will see a “frozen” state of the logical volumes, while the processes working in the original volumes continue changing the data stored there.

You also add the output of lvdisplay to your backup, so you can see the LV sizes in case you ever need to recreate and restore them.

After the backup has completed, you remove the snapshots again.

$ # create snapshots here
$ lvdisplay > lvdisplay.txt
$ borg create --read-special /path/to/repo::arch lvdisplay.txt /dev/vg0/*-snapshot
$ # remove snapshots here

Now, let’s see how to restore some LVs from such a backup.

$ borg extract /path/to/repo::arch lvdisplay.txt
$ # create empty LVs with correct sizes here (look into lvdisplay.txt).
$ # we assume that you created an empty root and home LV and overwrite it now:
$ borg extract --stdout /path/to/repo::arch dev/vg0/root-snapshot > /dev/vg0/root
$ borg extract --stdout /path/to/repo::arch dev/vg0/home-snapshot > /dev/vg0/home

Append-only mode

A repository can be made “append-only”, which means that Borg will never overwrite or delete committed data (append-only refers to the segment files, but borg will also reject to delete the repository completely). This is useful for scenarios where a backup client machine backups remotely to a backup server using borg serve, since a hacked client machine cannot delete backups on the server permanently.

To activate append-only mode, edit the repository config file and add a line append_only=1 to the [repository] section (or edit the line if it exists).

In append-only mode Borg will create a transaction log in the transactions file, where each line is a transaction and a UTC timestamp.

In addition, borg serve can act as if a repository is in append-only mode with its option --append-only. This can be very useful for fine-tuning access control in .ssh/authorized_keys

command="borg serve --append-only ..." ssh-rsa <key used for not-always-trustable backup clients>
command="borg serve ..." ssh-rsa <key used for backup management>

Running borg init via a borg serve --append-only server will not create an append-only repository. Running borg init --append-only creates an append-only repository regardless of server settings.

Example

Suppose an attacker remotely deleted all backups, but your repository was in append-only mode. A transaction log in this situation might look like this:

transaction 1, UTC time 2016-03-31T15:53:27.383532
transaction 5, UTC time 2016-03-31T15:53:52.588922
transaction 11, UTC time 2016-03-31T15:54:23.887256
transaction 12, UTC time 2016-03-31T15:55:54.022540
transaction 13, UTC time 2016-03-31T15:55:55.472564

From your security logs you conclude the attacker gained access at 15:54:00 and all the backups where deleted or replaced by compromised backups. From the log you know that transactions 11 and later are compromised. Note that the transaction ID is the name of the last file in the transaction. For example, transaction 11 spans files 6 to 11.

In a real attack you’ll likely want to keep the compromised repository intact to analyze what the attacker tried to achieve. It’s also a good idea to make this copy just in case something goes wrong during the recovery. Since recovery is done by deleting some files, a hard link copy (cp -al) is sufficient.

The first step to reset the repository to transaction 5, the last uncompromised transaction, is to remove the hints.N and index.N files in the repository (these two files are always expendable). In this example N is 13.

Then remove or move all segment files from the segment directories in data/ starting with file 6:

rm data/**/{6..13}

That’s all to it.

Drawbacks

As data is only appended, and nothing removed, commands like prune or delete won’t free disk space, they merely tag data as deleted in a new transaction.

Be aware that as soon as you write to the repo in non-append-only mode (e.g. prune, delete or create archives from an admin machine), it will remove the deleted objects permanently (including the ones that were already marked as deleted, but not removed, in append-only mode).

Note that you can go back-and-forth between normal and append-only operation by editing the configuration file, it’s not a “one way trip”.

Further considerations

Append-only mode is not respected by tools other than Borg. rm still works on the repository. Make sure that backup client machines only get to access the repository via borg serve.

Ensure that no remote access is possible if the repository is temporarily set to normal mode for e.g. regular pruning.

Further protections can be implemented, but are outside of Borg’s scope. For example, file system snapshots or wrapping borg serve to set special permissions or ACLs on new data files.

SSH batch mode

When running Borg using an automated script, ssh might still ask for a password, even if there is an SSH key for the target server. Use this to make scripts more robust:

export BORG_RSH='ssh -oBatchMode=yes'

Author

The Borg Collective (see AUTHORS file)

Info

2017-11-11 1.1.2 Borg - Deduplicating Archiver