Provided by: backintime-common_1.0.34-0.1_all 
NAME
backintime - a simple backup tool for Linux.
This is command line tool. The graphical tools are: backintime-gnome and backintime-kde4.
SYNOPSIS
backintime [ --profile <profile name> | --profile-id <profile id> ] [ --keep-mount ] [ --quiet ] [
--config PATH ] [ --checksum ] [ --backup | --backup-job | --snapshots-path | --snapshots-list |
--snapshots-list-path | --last-snapshot | --last-snapshot-path | --unmount | --benchmark-cipher [SIZE] |
--pw-cache [start|stop|restart|reload|status] | --decode [PATH] | --restore [WHAT [WHERE [SNAPSHOT_ID]]]
| --help | --version | --license ]
DESCRIPTION
Back In Time is a simple backup tool for Linux. The backup is done by taking snapshots of a specified set
of folders.
All you have to do is configure: where to save snapshots, what folders to backup. You can also specify a
backup schedule: disabled, every 5 minutes, every 10 minutes, every hour, every day, every week, every
month. To configure it use one of the graphical interfaces available (backintime-gnome or backintime-
kde4).
It acts as a 'user mode' backup tool. This means that you can backup/restore only folders you have write
access to (actually you can backup read-only folders, but you can't restore them).
If you want to run it as root you need to use 'su'.
A new snapshot is created only if something changed since the last snapshot (if any).
A snapshot contains all the files from the selected folders (except for exclude patterns). In order to
reduce disk space it use hard-links (if possible) between snapshots for unchanged files. This way a file
of 10Mb, unchanged for 10 snapshots, will use only 10Mb on the disk.
When you restore a file 'A', if it already exists on the file system it will be renamed to
'A.backup.currentdate'.
For automatic backup it use 'cron' so there is no need for a daemon, but 'cron' must be running.
Modes
Local
Store snapshots on local HDD's (internal or USB). The drive has to be mounted before creating a new
snapshot.
Local encrypted
Store encrypted snapshots on local HDD's (internal or USB). Backintime uses 'encfs' with standard
configuration to encrypt all data. You have to be member of group fuse to use this. In terminal type
'sudo adduser <USER> fuse'. To apply changes you have to logout and login again.
SSH
With Mode set to SSH you can store the backup on a remote host using the SecureShellHost protocol
(ssh). The remote path will be mount local using sshfs to provide file-access for the graphical
interface and the backup process. Rsync and other processes called during backup process will run
directly on the remote host using ssh.
To prepare your user account for ssh-mode you have to add the user to group 'fuse' by typing 'sudo
adduser <USER> fuse' in terminal. To apply changes you have to logout and login again.
Next you have to create a password-less login to the remote host (for further informations look at
http://www.debian-administration.org/articles/152). Type in terminal 'ssh-keygen -t dsa' hit enter
for default path and enter a passphrase for the private key.
Finally type 'ssh-copy-id -i ~/.ssh/id_dsa.pub <REMOTE_USER>@<HOST>' and enter your password on
remote host.
In Settingsdialog you need to set the host and remote user. If you enter a relative path (no leading
/ ) it will start from remote users homedir. The password has to be the passphrase for your private
key.
Cipher (the algorithm used to encrypt the data during transfer)
To optimize performance you can choose the cipher used by ssh. Depending on your environment you can
have a massive speed increase compared to the default cipher.
--benchmark-cipher will give you an overview over which cipher is the fastest in your environment.
If the bottleneck of your environment is the hard-drive or the network you will not see a big
difference between the ciphers. In this case you should stay on 'default'.
Please read security informations about the cipher before using them in untrusted networks (Wifi,
Internet). Some of them (Arcfour, 3DES, ...) should be handled as not secure anymore.
Remote Host
If your remote host is an embedded Linux NAS or any other device with limited functions, you could
run into some problems caused by feature-less commands. For example some devices may not have
hardlink support for 'cp', 'chmod' and 'rsync'. In this case it may help to install so-called Optware
on your device if available.
WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
If you don't know how to compile packages and how to modify a Linux system you should NOT try to do
this. There is a significant chance to break your device and make it completely unusable with the
following procedure. We will not take any warranty for this. Make a backup of your device before
proceed! You have been warned!
You should install at least packages called 'bash', 'coreutils' and 'rsync'. You will have to change
users default shell from '/bin/sh' to '/opt/bin/bash' in '/etc/passwd'. Add '/opt/bin:/opt/sbin:' to
the start of the PATH environment variable in '/etc/profiles'.
To check if it does work you can compare the output of '/bin/cp --help' and '/opt/bin/cp --help'. If
'ssh <user>@<host> cp --help' called from your PC will print the same as '/opt/bin/cp --help' called
on the remote host (via interactive ssh session) you are ready to go.
If you have questions on how to install and configure the Optware please refer to the community of
your device. You can also take a look on BackInTime FAQ on Launchpad
https://answers.launchpad.net/backintime/+faqs
If you successfully modified your device to be able to make backups over ssh, it would be nice if you
write a 'How to' on Launchpad's Answers so we can add this to the FAQ.
SSH encrypted
Store encrypted snapshots on remote hosts using SSH. Backintime uses 'encfs --reverse' to mount the
root filesystem '/'. Rsync will sync this encrypted view of '/' to a remote host over SSH. All
encoding will be done on the local machine. So the password will never be exposed to the remote host
and you can use the (normally) more powerful processor in you local machine for encryption instead of
weak NAS CPU's. The downside on this is 'encfs --reverse' does not support 'Filename Initialization
Vector Chaining' and 'Per-File Initialization Vectors' from the standard configuration (take a look
at 'man encfs' for further informations).
Because of all data is transferred encrypted the log output shows encrypted filenames, too. In the
Logview-Dialog you can use 'decode' option to decrypt the paths automatically or you can use
'backintime --decode' to manually decrypt paths. Backintime will show all snapshots decoded so you
can browse all files as normal.
Exclude does not support wildcards ('foo*', '[fF]oo', 'fo?') because after encoding a file these
wildcards can't match any more. Only separate asterisk that match a full file or folder will work
('foo/*', 'foo/**/bar'). All other excludes that have wildcards will be silently ignored.
Please refer to the 'SSH' section above for informations on setting up the SSH connection.
Password
If 'Save Password to Keyring' is activated BackinTime will save the Password into GnomeKeyring (Seahorse)
or KDE-KWallet. Both are secure password storages which encrypt the password with the users login-
password. So they can only be accessed if the user is logged in.
A backup cronjob during the user isn't logged in can not collect the password from keyring. Also if the
homedir is encrypted the keyring is not accessible from cronjobs (even if the user is logged in). For
these cases the password can be cached in RAM. If 'Cache Password for Cron' is activated BackinTime will
start a small daemon in user-space which will collect the password from keyring and provide them for
cronjobs. They will never be written to the harddrive but a user with root permissions could access the
daemon and read the password.
user-callback
During backup process the application can call a user callback at different steps. This callback is
"$XDG_CONFIG_HOME/backintime/user-callback" (by default $XDG_CONFIG_HOME is ~/.config).
The first argument is the profile id (1=Main Profile, ...).
The second argument is the profile name.
The third argument is the reason:
1 Backup process begins.
2 Backup process ends.
3 A new snapshot was taken. The extra arguments are snapshot ID and snapshot path.
4 There was an error. The second argument is the error code.
Error codes:
1 The application is not configured.
2 A "take snapshot" process is already running.
3 Can't find snapshots folder (is it on a removable drive ?).
4 A snapshot for "now" already exist.
OPTIONS (use these before other actions)
--profile <profile name>
select profile by name
--profile-id <profile id>
select profile by id
--keep-mount
Don't unmount on exit. Only valid with --snapshots-list-path and --last-snapshot-path.
--quiet
suppress status messages on standard output.
--config PATH
read config from PATH.
--checksum
force to use checksum for checking if files have been changed. This is the same as 'Use checksum
to detect changes' in Options. But you can use this to periodically run checksums from cronjobs.
ACTIONS
-b, --backup
take a snapshot now (if needed)
--backup-job
take a snapshot (if needed) depending on schedule rules (used for cron jobs)
--snapshots-path
display path where is saves the snapshots (if configured)
--snapshots-list
display the list of snapshot IDs (if any)
--snapshots-list-path
display the paths to snapshots (if any)
--last-snapshot
display last snapshot ID (if any)
--last-snapshot-path
display the path to the last snapshot (if any)
--unmount
Unmount the profile.
--benchmark-cipher [SIZE]
Show a benchmark of all ciphers for ssh transfer.
--pw-cache [start|stop|restart|reload|status]
Control the Password Cache Daemon. If no argument is given the Password Cache will start in
foreground.
--decode [PATH]
decode encrypted PATH. If no PATH is given Backintime will read paths from standard input.
--restore [WHAT [WHERE [SNAPSHOT_ID]]]
Restore file WHAT to path WHERE from snapshot SNAPSHOT_ID. If arguments are missing they will be
prompted. To restore to the original path WHERE can be an empty string '' or just press Enter at
the prompt. SNAPSHOT_ID can be an index (starting with 0 for the last snapshot) or the exact
SnapshotID (19 caracters like '20130606-230501-984')
-h, --help
display a short help
-v, --version
show version
--license
show license
SEE ALSO
backintime-gnome, backintime-kde4, backintime-config.
Back In Time also has a website: http://backintime.le-web.org
AUTHOR
This manual page was written by BIT Team(<bit-team@lists.launchpad.net>).
version 1.0.34 Oct 2013 backintime(1)