Baqpaq runs with the permissions of the user that started the application,
and has access to profiles created by that user. For example,
if your username is
user1 and you start Baqpaq as a normal user,
the app will have access to all files that can be accessed by
To take backups of files that you don’t have access for, start Baqpaq as
root user using the Baqpaq (Admin Mode) launcher in applications menu.
In this mode, Baqpaq will have access to all files and folders on the system.
Admin profiles are kept separate from the profiles for each user.
You must have permissions to run applications with Admin priviledges on your system.
Use sudo to run Baqpaq with root priviledges on the command-line.
For example, to create a snapshot for a root profile, you can run
sudo baqpaq create -p <profile-name>
The profile name specified in the command should be a profile that belongs to the root user i.e. created by Baqpaq while running as root user.
For each user, profiles are stored in
For root user, profiles are stored in
You can take a backup of these folders if you need to re-install your system.
A copy of the profile is also saved in the backup location and can be
imported on the new system. Refer Profiles > Import
for more information.
Your Linux distribution must allow running GUI applications as root user. This is supported on all Linux distributions that use the X display server, and by most distributions that run Wayland.
Scheduled jobs create a log file in
<Backup Path>/logs when they run.
You can view the logs by clicking the Logs button in toolbar.
Click an item on the left-hand panel to view the contents in the right-hand panel.
Items with a Red status icon indicate that the task has failed and it requires your attention.
You can remove log files using the Clear button. Log files are not removed automatically.
Log files are excluded when the backup is uploaded to cloud storage. The log files are small in size and uploading a large number of small files can take a lot of time. Excluding the log files allows the upload action to complete quickly.
Baqpaq stores the passphrase you provide, using one of 3 methods. This can be changed from Profile Settings > Advanced
Passphrase will be saved in the user’s home directory (
$HOME/.config/baqpaq/keyinfo) in a simple text file.
The passphrase is saved in a slightly-obscured format to deter casual snoopers.
File permissions are set to 600 i.e. the file can be read and written only by the current user.
Scheduled tasks (if enabled) can run even if user is not logged-in.
This mode is recommended if scheduled tasks are enabled.
Passphrase will be saved in GNOME keyring and is protected by the keyring password.
GNOME keyring is a component of GNOME desktop that stores secrets, passwords, keys, certificates and make them available to applications.
If the keyring password is same as your login password, then it will be unlocked automatically when you login to your desktop. If the password is not the same, then you will be prompted to unlock the keyring when Baqpaq tries to fetch the password for the first time.
You can change the current password for the keyring using the Seahorse application (Passwords and Keys) in application menu. It is recommended to keep the keyring password same as your login password so that it is unlocked automatically on login.
Scheduled tasks (if enabled) will fail if user is not logged-in. Fetching the passphrase can also fail if user is logged-in but the keyring is in locked state.
This mode is recommended if scheduled tasks are not enabled.
Most Gtk-based desktops (MATE, Xfce, Cinnamon, etc) use GNOME services (and GNOME keyring) for managing passwords. Qt-based desktops like KDE Plasma and LXQt use KWallet which is not supported by Baqpaq.
In this mode a script file needs to be specified for fetching the passphrase.
The script file will be executed with bash to get the passphrase for the profile whenever it is needed.
Scheduled tasks (if enabled) will execute the script file to get the passphrase.
Only the first line of script output will be used as the passphrase. Remaining output (if any) is discarded.
This mode is suitable if credentials are stored on another machine, and if you need to run a script to fetch the password. Since the script is created by the user, it lets you implement your own security mechanism.
Baqpaq v21.09 by Tony George (firstname.lastname@example.org) Usage: baqpaq <command> [options] Commands: i, init[-profile] Initialize profile c, create[-snapshot] Create snapshot ls, list[-snapshots] List snapshot for profile lp, list-profiles List all profiles check, validate Check consistency of repository and snapshots ms, mount-snapshot Mount snapshot to temporary folder mp, mount-profile Mount the backup repository for profile us, unmount-snapshot Unmount snapshot up, unmount-profile Unmount the backup repository for profile ds, delete-snapshot Delete snapshot dp, delete-profile Delete profile e, extract[-snapshot] Extract snapshot p, prune[-profile] Prune the backup repository for profile sync[-profile] Sync profile to remote machine using RSync upload[-profile] Upload profile to cloud storage using RClone sch, schedule-cron Create/Update cron jobs based on profile settings set-passphrase Set new passphrase for profile break-lock Break exclusive lock for repository remove-cache Remove local cache for profile (~/.cache/borg/<profile>) remove-secinfo Remove security info for profile (~/.config/borg/security/<profile>) h, help Show available commands and options v, version Show program version version-cli Show CLI version General Options: -p, --profile <name> Profile name -s, --snap[shot] <name> Snapshot name -s1, --snap1 <name> Snapshot name 1 (for 'diff' command) -s2, --snap2 <name> Snapshot name 2 (for 'diff' command) -c, --comment[s] <comments> Comments for new backup -m, --mpath <path> Path for mounting snapshot or profile -e, --epath <path> Path for extracting snapshot -pp, --pass[phrase] <pass> Override profile passphrase (see Notes 2,3,4) -npp, --new-pass[phrase] <pass> New passphrase for profile (see Notes 2,3,4) -j, --json Print JSON-formatted output for easier parsing -j, --scripted Scripted mode (no prompts) --no-progress Don't print progress info (creates smaller log files if output is logged) Prune Options: -kh, --keep-hourly <count> Number of hourly snapshots to keep -kd, --keep-daily <count> Number of daily snapshots to keep -kw, --keep-weekly <count> Number of weekly snapshots to keep -km, --keep-monthly <count> Number of monthly snapshots to keep -ky, --keep-yearly <count> Number of yearly snapshots to keep -kl, --keep-last <count> Number of latest snapshots to keep
Create, prune, validate, sync, and upload profiles.
# create baqpaq create -p "<profile>" # prune baqpaq prune -p "<profile>" # validate baqpaq check -p "<profile>" # sync baqpaq sync -p "<profile>" # upload baqpaq upload -p "<profile>" # extract baqpaq extract -p "<profile>" -s "<snapshot>" -e "<destination>" # delete snapshots baqpaq delete -p "<profile>" -s "<snap1,snap2,..>"
<profile> you can specify the profile name (like
or the profile ID (like
<snapshot> the snapshot name needs to be specified (like
Short-hand commands and options can be used to save keystrokes. For example,
# longer syntax (more readable) baqpaq create --profile "<profile>" # shorter syntax baqpaq c -p "<profile>"
The passphrase is stored on the system and does not need to be specified on the command line.
-pp if specified, will override the passphrase for the current invocation.
baqpaq create -p "profile" -pp "<passphrase>"
Profile passphrase can be changed using option
baqpaq set-passphrase -npp "<new-passphrase>" -p "<profile>"
The data repository for a profile can be mounted using:
baqpaq mount -p "<profile>"
Mount path is assigned automatically, but can also be specified using
The mounted repository is read-only and cannot be modified while mounted. The repository must be unmounted explicitly after use. There is no need to specify the mount path while unmounting.
baqpaq unmount -p "<profile>"