backintime(1) | USER COMMANDS | backintime(1) |
backintime - a simple backup tool for Linux.
This is the command line tool. The graphical tool is backintime-qt4.
backintime [--checksum] [--config PATH] [--debug] [--delete] [--help | -h] [--keep-mount] [--license] [--local-backup] [--no-crontab] [--no-local-backup] [--profile NAME | --profile-id ID] [--quiet] [--version]
{ backup | backup-job | benchmark-cipher [FILE-SIZE] | check-config | decode [PATH] | last-snapshot | last-snapshot-path | pw-cache [start|stop|restart|reload|status] | remove[-and-do-not-ask-again] [SNAPSHOT_ID] | restore [WHAT [WHERE [SNAPSHOT_ID]]] | snapshots-list | snapshots-list-path | snapshots-path | unmount }
Back In Time is a simple backup tool for Linux. The backup is done by taking snapshots of a specified set of folders.
All you have to do is configure: where to save snapshots, what folders to backup. You can also specify a backup schedule: disabled, every 5 minutes, every 10 minutes, every hour, every day, every week, every month. To configure it use one of the graphical interfaces available (backintime-gnome or backintime-kde4).
It acts as a 'user mode' backup tool. This means that you can backup/restore only folders you have write access to (actually you can backup read-only folders, but you can't restore them).
If you want to run it as root you need to use 'sudo -i backintime'.
A new snapshot is created only if something changed since the last snapshot (if any).
A snapshot contains all the files from the selected folders (except for exclude patterns). In order to reduce disk space it use hard-links (if possible) between snapshots for unchanged files. This way a file of 10MiB, unchanged for 10 snapshots, will use only 10MiB on the disk.
When you restore a file 'A', if it already exists on the file system it will be renamed to 'A.backup.currentdate'.
For automatic backup it use 'cron' so there is no need for a daemon, but 'cron' must be running.
To prepare your user account for ssh-mode you have to add the user to group 'fuse' by typing 'sudo adduser <USER> fuse' in terminal. To apply changes you have to logout and login again.
Next you have to create a password-less login to the remote host (for further information look at http://www.debian-administration.org/articles/152). Type in terminal 'ssh-keygen -t rsa' hit enter for default path and enter a passphrase for the private key.
Finally type 'ssh-copy-id -i ~/.ssh/id_rsa.pub <REMOTE_USER>@<HOST>' and enter your password on remote host.
In Settingsdialog you need to set the host and remote user. If you enter a relative path (no leading / ) it will start from remote users homedir. The password has to be the passphrase for your private key.
Cipher (the algorithm used to encrypt the data during
transfer)
To optimize performance you can choose the cipher used by ssh. Depending on
your environment you can have a massive speed increase compared to the
default cipher.
benchmark-cipher will give you an overview over which cipher is the fastest in your environment.
If the bottleneck of your environment is the hard-drive or the network you will not see a big difference between the ciphers. In this case you should rather stay on 'default'.
Please read security information about the cipher before using them in untrusted networks (Wifi, Internet). Some of them (Arcfour, 3DES, ...) should be handled as not secure anymore.
Remote Host
If your remote host is an embedded Linux NAS or any other device with limited
functions, you could run into some problems caused by feature-less commands.
For example some devices may not have hardlink support for 'cp', 'chmod' and
'rsync'. In this case it may help to install so-called Optware or Entware on
your device if available.
WARNING: THIS IS ONLY FOR EXPERIENCED USERS!
If you don't know how to compile packages and how to modify a Linux system you
should NOT try to do this. There is a significant chance to break your
device and make it completely unusable with the following procedure. We will
not take any warranty for this. Make a backup of your device before proceed!
You have been warned!
You should install at least packages called 'bash', 'coreutils' and 'rsync'. You will have to change users default shell from '/bin/sh' to '/opt/bin/bash' in '/etc/passwd'. To add '/opt/bin:/opt/sbin:' to the start of the PATH environment you can use 'Add prefix to SSH commands' in 'Expert Options' with 'PATH=/opt/bin:/opt/sbin:\$PATH'.
To check if it does work you can compare the output of '/bin/cp --help' and '/opt/bin/cp --help'. If 'ssh <user>@<host> cp --help' called from your PC will print the same as '/opt/bin/cp --help' called on the remote host (via interactive ssh session) you are ready to go.
If you have questions on how to install and configure the Optware please refer to the community of your device. You can also take a look on Back In Time FAQ on GitHub https://github.com/bit-team/backintime/wiki/FAQ
If you successfully modified your device to be able to make backups over ssh, it would be nice if you write a 'How to' on Launchpad's Answers so we can add this to the FAQ.
Because of all data is transferred encrypted the log output shows encrypted filenames, too. In the Logview-Dialog you can use 'decode' option to decrypt the paths automatically or you can use 'backintime decode' to manually decrypt paths. Back In Time will show all snapshots decoded so you can browse all files as normal.
Exclude does not support wildcards ('foo*', '[fF]oo', 'fo?') because after encoding a file these wildcards can't match any more. Only separate asterisk that match a full file or folder will work ('foo/*', 'foo/**/bar'). All other excludes that have wildcards will be silently ignored.
Please refer to the 'SSH' section above for information on setting up the SSH connection.
If 'Save Password to Keyring' is activated Back In Time will save the Password into GnomeKeyring (Seahorse) or KDE-KWallet. Both are secure password storages which encrypt the password with the users login-password. So they can only be accessed if the user is logged in.
A backup cronjob during the user isn't logged in can not collect the password from keyring. Also if the homedir is encrypted the keyring is not accessible from cronjobs (even if the user is logged in). For these cases the password can be cached in RAM. If 'Cache Password for Cron' is activated Back In Time will start a small daemon in user-space which will collect the password from keyring and provide them for cronjobs. They will never be written to the harddrive but a user with root permissions could access the daemon and read the password.
During backup process the application can call a user callback at different steps. This callback is "$XDG_CONFIG_HOME/backintime/user-callback" (by default $XDG_CONFIG_HOME is ~/.config).
The first argument is the profile id (1=Main Profile, ...).
The second argument is the profile name.
The third argument is the reason:
There was a paid security audit for EncFS in Feb 2014 which revealed several potential vulnerabilities.
This might be a problem with Back In Time snapshots.
backintime-qt4, backintime-config.
Back In Time also has a website: https://github.com/bit-team/backintime
This manual page was written by BIT Team(<bit-team@lists.launchpad.net>).
July 2015 | version 1.1.24 |