xenial (1) backintime-qt.1.gz

Provided by: backintime-common_1.1.12-2~build0.16.04.1_all bug

NAME

       backintime - a simple backup tool for Linux.

       This is the command line tool.  The graphical tool is backintime-qt4.

SYNOPSIS

       backintime  [--checksum]  [--config  PATH]  [--debug] [--delete] [--help | -h] [--keep-mount] [--license]
       [--local-backup]  [--no-crontab]  [--no-local-backup]  [--profile  NAME  |  --profile-id  ID]   [--quiet]
       [--version]

       {  backup  |  backup-job  | benchmark-cipher [FILE-SIZE] | check-config | decode [PATH] | last-snapshot |
       last-snapshot-path  |   pw-cache   [start|stop|restart|reload|status]   |   remove[-and-do-not-ask-again]
       [SNAPSHOT_ID]   |   restore  [WHAT  [WHERE  [SNAPSHOT_ID]]]  |  snapshots-list  |  snapshots-list-path  |
       snapshots-path | unmount }

DESCRIPTION

       Back In Time is a simple backup tool for Linux. The backup is done by taking snapshots of a specified set
       of folders.

       All you have to do is configure: where to save snapshots, what folders to backup.  You can also specify a
       backup schedule: disabled, every 5 minutes, every 10 minutes, every hour, every day,  every  week,  every
       month.  To  configure  it  use one of the graphical interfaces available (backintime-gnome or backintime-
       kde4).

       It acts as a 'user mode' backup tool. This means that you can backup/restore only folders you have  write
       access to (actually you can backup read-only folders, but you can't restore them).

       If you want to run it as root you need to use 'sudo -i backintime'.

       A new snapshot is created only if something changed since the last snapshot (if any).

       A  snapshot  contains  all the files from the selected folders (except for exclude patterns). In order to
       reduce disk space it use hard-links (if possible) between snapshots for unchanged files. This way a  file
       of 10MiB, unchanged for 10 snapshots, will use only 10MiB on the disk.

       When  you  restore  a  file  'A',  if  it  already  exists  on  the  file  system  it  will be renamed to
       'A.backup.currentdate'.

       For automatic backup it use 'cron' so there is no need for a daemon, but 'cron' must be running.

   Modes
       Local
           Store snapshots on local HDD's (internal or USB). The drive has to be mounted before creating  a  new
           snapshot.

       Local encrypted
           Store  encrypted snapshots on local HDD's (internal or USB).  Back In Time uses 'encfs' with standard
           configuration to encrypt all data.  Please take a look at A NOTE ON SECURITY.  You have to be  member
           of  group fuse to use this. In terminal type 'sudo adduser <USER> fuse'. To apply changes you have to
           logout and login again.

       SSH
           With Mode set to SSH you can store the backup on a remote host  using  the  SecureShellHost  protocol
           (ssh).   The  remote  path  will  be mount local using sshfs to provide file-access for the graphical
           interface and the backup process.  Rsync and other processes called during backup  process  will  run
           directly on the remote host using ssh.

           To  prepare  your  user account for ssh-mode you have to add the user to group 'fuse' by typing 'sudo
           adduser <USER> fuse' in terminal.  To apply changes you have to logout and login again.

           Next you have to create a password-less login to the remote host (for  further  information  look  at
           http://www.debian-administration.org/articles/152).   Type  in terminal 'ssh-keygen -t rsa' hit enter
           for default path and enter a passphrase for the private key.

           Finally type 'ssh-copy-id -i ~/.ssh/id_rsa.pub  <REMOTE_USER>@<HOST>'  and  enter  your  password  on
           remote host.

           In  Settingsdialog you need to set the host and remote user. If you enter a relative path (no leading
           / ) it will start from remote users homedir. The password has to be the passphrase for  your  private
           key.

           Cipher (the algorithm used to encrypt the data during transfer)
           To  optimize performance you can choose the cipher used by ssh. Depending on your environment you can
           have a massive speed increase compared to the default cipher.

           benchmark-cipher will give you an overview over which cipher is the fastest in your environment.

           If the bottleneck of your environment is the hard-drive or  the  network  you  will  not  see  a  big
           difference between the ciphers. In this case you should rather stay on 'default'.

           Please  read  security  information  about  the cipher before using them in untrusted networks (Wifi,
           Internet). Some of them (Arcfour, 3DES, ...) should be handled as not secure anymore.

           Remote Host
           If your remote host is an embedded Linux NAS or any other device with limited  functions,  you  could
           run  into  some  problems  caused  by  feature-less  commands.  For example some devices may not have
           hardlink support for 'cp', 'chmod' and 'rsync'. In this case it may help to install so-called Optware
           or Entware on your device if available.

           WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
           If  you  don't know how to compile packages and how to modify a Linux system you should NOT try to do
           this. There is a significant chance to break your device and make it  completely  unusable  with  the
           following  procedure.  We  will  not  take any warranty for this. Make a backup of your device before
           proceed!  You have been warned!

           You should install at least packages called 'bash', 'coreutils' and 'rsync'.  You will have to change
           users  default shell from '/bin/sh' to '/opt/bin/bash' in '/etc/passwd'. To add '/opt/bin:/opt/sbin:'
           to the start of the PATH environment you can use 'Add prefix to SSH  commands'  in  'Expert  Options'
           with 'PATH=/opt/bin:/opt/sbin:\ATH'.

           To  check if it does work you can compare the output of '/bin/cp --help' and '/opt/bin/cp --help'. If
           'ssh <user>@<host> cp --help' called from your PC will print the same as '/opt/bin/cp --help'  called
           on the remote host (via interactive ssh session) you are ready to go.

           If  you  have  questions on how to install and configure the Optware please refer to the community of
           your device. You can also take  a  look  on  Back  In  Time  FAQ  on  GitHub  https://github.com/bit-
           team/backintime/wiki/FAQ

           If you successfully modified your device to be able to make backups over ssh, it would be nice if you
           write a 'How to' on Launchpad's Answers so we can add this to the FAQ.

       SSH encrypted
           Store encrypted snapshots on remote hosts using SSH. Backintime uses 'encfs --reverse' to  mount  the
           root  filesystem  '/'.  Rsync  will  sync  this  encrypted view of '/' to a remote host over SSH. All
           encoding will be done on the local machine. So the password will never be exposed to the remote  host
           and you can use the (normally) more powerful processor in you local machine for encryption instead of
           weak NAS CPU's. The downside on this is 'encfs --reverse' does not support  'Filename  Initialization
           Vector  Chaining'  and 'Per-File Initialization Vectors' from the standard configuration (take a look
           at 'man encfs' for further information). Please take a look at A NOTE ON SECURITY.

           Because of all data is transferred encrypted the log output shows encrypted filenames,  too.  In  the
           Logview-Dialog  you  can  use  'decode'  option  to  decrypt  the  paths automatically or you can use
           'backintime decode' to manually decrypt paths. Back In Time will show all snapshots  decoded  so  you
           can browse all files as normal.

           Exclude  does  not  support  wildcards  ('foo*', '[fF]oo', 'fo?') because after encoding a file these
           wildcards can't match any more. Only separate asterisk that match a full file  or  folder  will  work
           ('foo/*', 'foo/**/bar'). All other excludes that have wildcards will be silently ignored.

           Please refer to the 'SSH' section above for information on setting up the SSH connection.

   Password
       If  'Save  Password  to  Keyring'  is  activated  Back  In  Time will save the Password into GnomeKeyring
       (Seahorse) or KDE-KWallet. Both are secure password storages which encrypt the password  with  the  users
       login-password. So they can only be accessed if the user is logged in.

       A  backup  cronjob during the user isn't logged in can not collect the password from keyring. Also if the
       homedir is encrypted the keyring is not accessible from cronjobs (even if the user  is  logged  in).  For
       these  cases  the  password  can be cached in RAM. If 'Cache Password for Cron' is activated Back In Time
       will start a small daemon in user-space which will collect the password from keyring and provide them for
       cronjobs.  They  will never be written to the harddrive but a user with root permissions could access the
       daemon and read the password.

   user-callback
       During backup process the application can call a user callback at  different  steps.   This  callback  is
       "$XDG_CONFIG_HOME/backintime/user-callback" (by default $XDG_CONFIG_HOME is ~/.config).

       The first argument is the profile id (1=Main Profile, ...).

       The second argument is the profile name.

       The third argument is the reason:

              1      Backup process begins.

              2      Backup process ends.

              3      A new snapshot was taken. The extra arguments are snapshot ID and snapshot path.

              4      There was an error. The second argument is the error code.
                     Error codes:

                     1      The application is not configured.

                     2      A "take snapshot" process is already running.

                     3      Can't find snapshots folder (is it on a removable drive ?).

                     4      A snapshot for "now" already exist.

              5      On (graphical) App start.

              6      On (graphical) App close.

              7      Mount all necessary drives.

              8      Unmount all drives.

OPTIONS

       --checksum
              Force  to  use checksum for checking if files have been changed. This is the same as 'Use checksum
              to detect changes' in Options. But you can use this to periodically run checksums  from  cronjobs.
              Only valid with backup, backup-job and restore.

       --config PATH
              Read config from PATH.

       --debug
              Show debug messages.

       --delete
              Restore  and  delete  newer  files  which  are  not  in  the snapshot.  WARNING: deleting files in
              filesystem root could break your whole system!!!  Only valid with restore.

       -h, --help
              Display a short help

       --keep-mount
              Don't unmount on exit. Only valid with snapshots-path, snapshots-list-path and last-snapshot-path.

       --license
              Show license

       --local-backup
              Create backup files before changing local files.  Only valid with restore.

       --no-crontab
              Do not install crontab entries.  Only valid with check-config.

       --no-local-backup
              Temporary disable creation of backup files before changing local files.  Only valid with restore.

       --profile NAME
              Select profile by name

       --profile-id ID
              Select profile by id

       --quiet
              Suppress status messages on standard output.

       -v, --version
              Show version

COMMANDS

       backup | -b | --backup
              Take a snapshot now (if needed)

       backup-job | --backup-job
              Take a snapshot (if needed) depending on schedule rules (used for cron jobs).  Back In  Time  will
              run in background for this.

       benchmark-cipher | --benchmark-cipher [FILE-SIZE]
              Show a benchmark of all ciphers for ssh transfer.

       check-config
              Verify the profile in config, create snapshot path and crontab entries.

       decode | --decode [PATH]
              Decode encrypted PATH. If no PATH is given Back In Time will read paths from standard input.

       last-snapshot | --last-snapshot
              Display last snapshot ID (if any)

       last-snapshot-path | --last-snapshot-path
              Display the path to the last snapshot (if any)

       pw-cache | --pw-cache [start|stop|restart|reload|status]
              Control  the  Password  Cache  Daemon.  If  no  argument is given the Password Cache will start in
              foreground.

       remove[-and-do-not-ask-again] | --remove[-and-do-not-ask-again] [SNAPSHOT_ID]
              Remove the snapshot. If SNAPSHOT_ID is missing it will be prompted. SNAPSHOT_ID can  be  an  index
              (starting   with   0   for  the  last  snapshot)  or  the  exact  SnapshotID  (19  caracters  like
              '20130606-230501-984').  remove-and-do-not-ask-again will remove  the  snapshot  immediately.   Be
              careful with this!

       restore | --restore [WHAT [WHERE [SNAPSHOT_ID]]]
              Restore  file  WHAT to path WHERE from snapshot SNAPSHOT_ID. If arguments are missing they will be
              prompted. To restore to the original path WHERE can be an empty string '' or just press  Enter  at
              the  prompt.  SNAPSHOT_ID  can  be  an  index (starting with 0 for the last snapshot) or the exact
              SnapshotID (19 caracters like '20130606-230501-984')

       snapshots-list | --snapshots-list
              Display the list of snapshot IDs (if any)

       snapshots-list-path | --snapshots-list-path
              Display the paths to snapshots (if any)

       snapshots-path | --snapshots-path
              Display path where is saves the snapshots (if configured)

       unmount | --unmount
              Unmount the profile.

A NOTE ON SECURITY

       There was a paid security audit for EncFS in Feb 2014 which revealed several potential vulnerabilities.

       From https://defuse.ca/audits/encfs.htm
              EncFS is probably safe as long as the adversary only gets one copy of the ciphertext  and  nothing
              more.  EncFS  is not safe if the adversary has the opportunity to see two or more snapshots of the
              ciphertext at different times. EncFS attempts to protect files from  malicious  modification,  but
              there are serious problems with this feature.

       This might be a problem with Back In Time snapshots.

SEE ALSO

       backintime-qt4, backintime-config.

       Back In Time also has a website: https://github.com/bit-team/backintime

AUTHOR

       This manual page was written by BIT Team(<bit-team@lists.launchpad.net>).