upstream/borgbackup
1
0
Fork 0
mirror of https://github.com/borgbackup/borg.git synced 2026-04-21 06:07:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

deployment: synthesize alternative --restrict-to-path example

Browse source
This commit is contained in:
Marian Beermann 2016-10-06 01:00:07 +02:00
parent cf1c73b4f9
commit 573cb616d3
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
borg/archiver.py
View file

@ -1012,7 +1012,8 @@ class Archiver:
subparser.set_defaults(func=self.do_serve)
subparser.add_argument('--restrict-to-path', dest='restrict_to_paths', action='append',
metavar='PATH', help='restrict repository access to PATH. '
'Can be specified multiple times to allow the client access to several directories.')
'Can be specified multiple times to allow the client access to several directories. '
'Access to all sub-directories is granted implicitly; PATH doesn\'t need to directly point to a repository.')
subparser.add_argument('--append-only', dest='append_only', action='store_true',
help='only allow appending to repository segment files')
init_epilog = textwrap.dedent("""

7
docs/deployment.rst
View file

@ -55,9 +55,10 @@ Borg is instructed to restrict clients into their own paths:
``borg serve --restrict-to-path /home/backup/repos/<client fqdn>``
The client will be able to access any file or subdirectory inside of ``/home/backup/repos/<client fqdn>``
but no other directories. You can allow a client to access several directories by passing multiple
`--restrict-to-path` flags, for instance: ``borg serve --restrict-to-path /home/backup/repos/<client fqdn>/root --restrict-to-path /home/backup/repos/<client fqdn>/home``,
or instead simply use `--restrict-to-path` once to restrict the client to ``/home/backup/repos/<client fqdn>/*``.
but no other directories. You can allow a client to access several separate directories by passing multiple
`--restrict-to-path` flags, for instance: ``borg serve --restrict-to-path /home/backup/repos/<client fqdn> --restrict-to-path /home/backup/repos/<other client fqdn>``,
which could make sense if multiple machines belong to one person which should then have access to all the
backups of their machines.
There is only one ssh key per client allowed. Keys are added for ``johndoe.clnt.local``, ``web01.srv.local`` and
``app01.srv.local``. But they will access the backup under only one UNIX user account as: