Please visit the manjaro Forum to contact me, if you see anything security-related in this project.

BackSnap was designed to be used only as root. This is necessary because the Btrfs command needs to be used as root. To prevent Backsnap from causing any damage to your system, the commands used internally are subject to restrictions.

• BackSnap does mount or unmount filesystems (btrfs volumes) to /tmp/... only to make a backup of them
  • This is restricted to /tmp/BtrfsRoot
• BackSnap does not delete any snapshots
  • Exception: If the GUI (-g) is used for maintenance, the backups requested for deletion are deleted individually.
  • This is restricted to /tmp/BackSnap
• BackSnap does not modify files
  • Exception 1: It copies the description of the snapshot to the backup
  • Exception 2: It creates and mantains configfiles under /etc/backsnap.d/*.conf

To make backups of a computer over ssh you need to be able to issue btrfs-commands (as root or with sudo). This can be achieved by using ssh-keys and by restricting their usage to some of the btrfs commands.

• id
• mount
• mount -t btrfs
• btrfs send
• btrfs subvolume show
• btrfs subvolume list
• btrfs filesystem show
• btrfs property set
• btrfs property get
• rsync -vcptgo
• rw-access to /etc/backsnap.d/*.conf

• btrfs receive
• btrfs subvolume delete -Cv (only if you want to delete outdated snapshots)
• sync
• pv -f
• mkdir -pv