<li>Can <ahref="https://rclone.org/commands/rclone_serve/">serve</a> local or remote files over <ahref="https://rclone.org/commands/rclone_serve_http/">HTTP</a>/<ahref="https://rclone.org/commands/rclone_serve_webdav/">WebDav</a>/<ahref="https://rclone.org/commands/rclone_serve_ftp/">FTP</a>/<ahref="https://rclone.org/commands/rclone_serve_sftp/">SFTP</a>/<ahref="https://rclone.org/commands/rclone_serve_dlna/">dlna</a></li>
<h2id="install-with-docker">Install with docker</h2>
<p>The rclone maintains a <ahref="https://hub.docker.com/r/rclone/rclone">docker image for rclone</a>. These images are autobuilt by docker hub from the rclone source based on a minimal Alpine linux image.</p>
<p>The <code>:latest</code> tag will always point to the latest stable release. You can use the <code>:beta</code> tag to get the latest build from master. You can also use version tags, eg <code>:1.49.1</code>, <code>:1.49</code> or <code>:1</code>.</p>
<p>There are a few command line options to consider when starting an rclone Docker container from the rclone image.</p>
<ul>
<li><p>You need to mount the host rclone config dir at <code>/config/rclone</code> into the Docker container. Due to the fact that rclone updates tokens inside its config file, and that the update process involves a file rename, you need to mount the whole host rclone config dir, not just the single host rclone config file.</p></li>
<li><p>You need to mount a host data dir at <code>/data</code> into the Docker container.</p></li>
<li><p>By default, the rclone binary inside a Docker container runs with UID=0 (root). As a result, all files created in a run will have UID=0. If your config and data files reside on the host with a non-root UID:GID, you need to pass these on the container start command line.</p></li>
<li><p>It is possible to use <code>rclone mount</code> inside a userspace Docker container, and expose the resulting fuse mount to the host. The exact <code>docker run</code> options to do that might vary slightly between hosts. See, e.g. the discussion in this <ahref="https://github.com/moby/moby/issues/9448">thread</a>.</p>
<p>You also need to mount the host <code>/etc/passwd</code> and <code>/etc/group</code> for fuse to work inside the container.</p></li>
</ul>
<p>Here are some commands tested on an Ubuntu 18.04.3 host:</p>
<pre><code># config on host at ~/.config/rclone/rclone.conf
# data on host at ~/data
# make sure the config is ok by listing the remotes
docker run --rm \
--volume ~/.config/rclone:/config/rclone \
--volume ~/data:/data:shared \
--user $(id -u):$(id -g) \
rclone/rclone \
listremotes
# perform mount inside Docker container, expose result to host
<p>Make sure you have at least <ahref="https://golang.org/">Go</a> 1.7 installed. <ahref="https://golang.org/dl/">Download go</a> if necessary. The latest release is recommended. Then</p>
<p>You can also build and install rclone in the <ahref="https://github.com/golang/go/wiki/GOPATH">GOPATH</a> (which defaults to <code>~/go</code>) with:</p>
<pre><code>go get -u -v github.com/rclone/rclone</code></pre>
<p>and this will build the binary in <code>$GOPATH/bin</code> (<code>~/go/bin/rclone</code> by default) after downloading the source to <code>$GOPATH/src/github.com/rclone/rclone</code> (<code>~/go/src/github.com/rclone/rclone</code> by default).</p>
<p>First, you’ll need to configure rclone. As the object storage systems have quite complicated authentication these are kept in a config file. (See the <code>--config</code> entry for how to find the config file and choose its location.)</p>
<p>Source and destination paths are specified by the name you gave the storage system in the config file then the sub path, eg “drive:myfolder” to look at “myfolder” in Google drive.</p>
<p>Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration.</p>
<li><ahref="https://rclone.org/commands/rclone_config_dump/">rclone config dump</a> - Dump the config file as JSON.</li>
<li><ahref="https://rclone.org/commands/rclone_config_edit/">rclone config edit</a> - Enter an interactive configuration session.</li>
<li><ahref="https://rclone.org/commands/rclone_config_file/">rclone config file</a> - Show path of configuration file in use.</li>
<li><ahref="https://rclone.org/commands/rclone_config_password/">rclone config password</a> - Update password in an existing remote.</li>
<li><ahref="https://rclone.org/commands/rclone_config_providers/">rclone config providers</a> - List in JSON format all the providers and options.</li>
<li><ahref="https://rclone.org/commands/rclone_config_show/">rclone config show</a> - Print (decrypted) config file, or the config for a single remote.</li>
<li><ahref="https://rclone.org/commands/rclone_config_update/">rclone config update</a> - Update options in an existing remote.</li>
<p>Copy the source to the destination. Doesn’t transfer unchanged files, testing by size and modification time or MD5SUM. Doesn’t delete files from the destination.</p>
<p>Note that it is always the contents of the directory that is synced, not the directory so when source:path is a directory, it’s the contents of source:path that are copied, not the directory name and contents.</p>
<p>If dest:path doesn’t exist, it is created and the source:path contents go there.</p>
<p>If you are familiar with <code>rsync</code>, rclone always works as if you had written a trailing / - meaning “copy the contents of this directory”. This applies to all commands and whether you are talking about the source or destination.</p>
<p>See the <ahref="/docs/#no-traverse">–no-traverse</a> option for controlling whether rclone lists the destination directory or not. Supplying this option when copying a small number of files into a large destination can speed transfers up greatly.</p>
<p>For example, if you have many files in /path/to/src but only a few of them change every day, you can to copy all the files which have changed recently very efficiently like this:</p>
<p>Sync the source to the destination, changing the destination only. Doesn’t transfer unchanged files, testing by size and modification time or MD5SUM. Destination is updated to match source, including deleting files if necessary.</p>
<p><strong>Important</strong>: Since this can cause data loss, test first with the <code>--dry-run</code> flag to see exactly what would be copied and deleted.</p>
<p>Note that files in the destination won’t be deleted if there were any errors at any point.</p>
<p>It is always the contents of the directory that is synced, not the directory so when source:path is a directory, it’s the contents of source:path that are copied, not the directory name and contents. See extended explanation in the <code>copy</code> command above if unsure.</p>
<p>If dest:path doesn’t exist, it is created and the source:path contents go there.</p>
<p>Moves the contents of the source directory to the destination directory. Rclone will error if the source and destination overlap and the remote does not support a server side directory move operation.</p>
<p>If no filters are in use and if possible this will server side move <code>source:path</code> into <code>dest:path</code>. After this <code>source:path</code> will no longer longer exist.</p>
<p>Otherwise for each file in <code>source:path</code> selected by the filters (if any) this will move it into <code>dest:path</code>. If possible a server side move will be used, otherwise it will copy it (server side if possible) into <code>dest:path</code> then delete the original (if no errors on copy) in <code>source:path</code>.</p>
<p>If you want to delete empty source directories after move, use the –delete-empty-src-dirs flag.</p>
<p>See the <ahref="/docs/#no-traverse">–no-traverse</a> option for controlling whether rclone lists the destination directory or not. Supplying this option when moving a small number of files into a large destination can speed transfers up greatly.</p>
<p><strong>Important</strong>: Since this can cause data loss, test first with the –dry-run flag.</p>
<p>Remove the files in path. Unlike <code>purge</code> it obeys include/exclude filters so can be used to selectively delete files.</p>
<p><code>rclone delete</code> only deletes objects but leaves the directory structure alone. If you want to delete a directory and all of its contents use <code>rclone purge</code></p>
<p>Remove the path and all of its contents. Note that this does not obey include/exclude filters - everything will be removed. Use <code>delete</code> if you want to selectively delete files.</p>
<p>Checks the files in the source and destination match. It compares sizes and hashes (MD5 or SHA1) and logs a report of files which don’t match. It doesn’t alter the source or destination.</p>
<p>If you supply the –size-only flag, it will only compare the sizes not the hashes as well. Use this for a quick check.</p>
<p>If you supply the –download flag, it will download the data from both remotes and check them against each other on the fly. This can be useful for remotes that don’t support hashes or if you really want to check all the data.</p>
<p>If you supply the –one-way flag, it will only check that files in source match the files in destination, not the other way around. Meaning extra files in destination that are not in the source will not trigger an error.</p>
<li><code>ls</code> to list size and path of objects only</li>
<li><code>lsl</code> to list modification time, size and path of objects only</li>
<li><code>lsd</code> to list directories only</li>
<li><code>lsf</code> to list objects and directories in easy to parse format</li>
<li><code>lsjson</code> to list objects and directories in JSON format</li>
</ul>
<p><code>ls</code>,<code>lsl</code>,<code>lsd</code> are designed to be human readable. <code>lsf</code> is designed to be human and machine readable. <code>lsjson</code> is designed to be machine readable.</p>
<p>Note that <code>ls</code> and <code>lsl</code> recurse by default - use “–max-depth 1” to stop the recursion.</p>
<p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use “-R” to make them recurse.</p>
<p>Listing a non existent directory will produce an error except for remotes which can’t have empty directories (eg s3, swift, gcs, etc - the bucket based remotes).</p>
<p>Lists the directories in the source path to standard output. Does not recurse by default. Use the -R flag to recurse.</p>
<p>This command lists the total size of the directory (if known, -1 if not), the modification time (if known, the current time if not), the number of objects in the directory (if known, -1 if not) and the name of the directory, Eg</p>
<li><code>ls</code> to list size and path of objects only</li>
<li><code>lsl</code> to list modification time, size and path of objects only</li>
<li><code>lsd</code> to list directories only</li>
<li><code>lsf</code> to list objects and directories in easy to parse format</li>
<li><code>lsjson</code> to list objects and directories in JSON format</li>
</ul>
<p><code>ls</code>,<code>lsl</code>,<code>lsd</code> are designed to be human readable. <code>lsf</code> is designed to be human and machine readable. <code>lsjson</code> is designed to be machine readable.</p>
<p>Note that <code>ls</code> and <code>lsl</code> recurse by default - use “–max-depth 1” to stop the recursion.</p>
<p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use “-R” to make them recurse.</p>
<p>Listing a non existent directory will produce an error except for remotes which can’t have empty directories (eg s3, swift, gcs, etc - the bucket based remotes).</p>
<li><code>ls</code> to list size and path of objects only</li>
<li><code>lsl</code> to list modification time, size and path of objects only</li>
<li><code>lsd</code> to list directories only</li>
<li><code>lsf</code> to list objects and directories in easy to parse format</li>
<li><code>lsjson</code> to list objects and directories in JSON format</li>
</ul>
<p><code>ls</code>,<code>lsl</code>,<code>lsd</code> are designed to be human readable. <code>lsf</code> is designed to be human and machine readable. <code>lsjson</code> is designed to be machine readable.</p>
<p>Note that <code>ls</code> and <code>lsl</code> recurse by default - use “–max-depth 1” to stop the recursion.</p>
<p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use “-R” to make them recurse.</p>
<p>Listing a non existent directory will produce an error except for remotes which can’t have empty directories (eg s3, swift, gcs, etc - the bucket based remotes).</p>
<p>By default <code>dedupe</code> interactively finds duplicate files and offers to delete all but one or rename them to be different. Only useful with Google Drive which can have duplicate file names.</p>
<p>In the first pass it will merge directories with the same name. It will do this iteratively until all the identical directories have been merged.</p>
<p>The <code>dedupe</code> command will delete all but one of any identical (same md5sum) files it finds without confirmation. This means that for most duplicated files the <code>dedupe</code> command will not be interactive. You can use <code>--dry-run</code> to see what would happen without doing anything.</p>
<p>Get quota information from the remote, like bytes used/free/quota and bytes used in the trash. Not supported by all remotes.</p>
<p>This will print to stdout something like this:</p>
<pre><code>Total: 17G
Used: 7.444G
Free: 1.315G
Trashed: 100.000M
Other: 8.241G</code></pre>
<p>Where the fields are:</p>
<ul>
<li>Total: total size available.</li>
<li>Used: total size used</li>
<li>Free: total amount this user could upload.</li>
<li>Trashed: total amount in the trash</li>
<li>Other: total amount in other storage (eg Gmail, Google Photos)</li>
<li>Objects: total number of objects in the storage</li>
</ul>
<p>Note that not all the backends provide all the fields - they will be missing if they are not known for that backend. Where it is known that the value is unlimited the value will also be omitted.</p>
<p>Use the –head flag to print characters only at the start, –tail for the end and –offset and –count to print a section in the middle. Note that if offset is negative it will count from the end, so –offset -1 –count 1 is equivalent to –tail 1.</p>
<p>Note that if the config process would normally ask a question the default is taken. Each time that happens rclone will print a message saying how to affect the value taken.</p>
<p>Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration.</p>
<p>If source:path is a file or directory then it copies it to a file or directory named dest:path.</p>
<p>This can be used to upload single files to other than their current name. If the source is a directory then it acts exactly like the copy command.</p>
<p>So</p>
<pre><code>rclone copyto src dst</code></pre>
<p>where src and dst are rclone paths, either remote:path or /path/to/local or C:.</p>
<p>This will:</p>
<pre><code>if src is file
copy it to dst, overwriting an existing file if it exists
if src is directory
copy it to dst, overwriting existing files if they exist
<p>rclone cryptcheck checks a remote against a crypted remote. This is the equivalent of running rclone check, but able to check the checksums of the crypted remote.</p>
<p>For it to work the underlying remote of the cryptedremote must support some kind of checksum.</p>
<p>It works by reading the nonce from each file on the cryptedremote: and using that to encrypt each file on the remote:. It then checks the checksum of the underlying file on the cryptedremote: against the checksum of the file it has just encrypted.</p>
<p>If you supply the –one-way flag, it will only check that files in source match the files in destination, not the other way around. Meaning extra files in destination that are not in the source will not trigger an error.</p>
<p>Produces a Dropbox hash file for all the objects in the path. The hashes are calculated according to <ahref="https://www.dropbox.com/developers/reference/content-hash">Dropbox content hash rules</a>. The output is in the same format as md5sum and sha1sum.</p>
<p>Remove a single file from remote. Unlike <code>delete</code> it cannot be used to remove a directory and it doesn’t obey include/exclude filters - if the specified file exists, it will always be removed.</p>
<p>This produces markdown docs for the rclone commands to the directory supplied. These are in a format suitable for hugo to render into the rclone.org website.</p>
<p>Produces a hash file for all the objects in the path using the hash named. The output is in the same format as the standard md5sum/sha1sum tool.</p>
<p>Run without a hash to see the list of supported hashes, eg</p>
<p>If successful, the last line of the output will contain the link. Exact capabilities depend on the remote, but the link will always be created with the least constraints – e.g. no expiry, no password protection, accessible without account.</p>
<p>List the contents of the source path (directories and objects) to standard output in a form which is easy to parse by scripts. By default this will just be the names of the objects and directories, one per line. The directories will have a / suffix.</p>
<p>If you specify “h” in the format you will get the MD5 hash by default, use the “–hash” flag to change which hash you want. Note that this can be returned as an empty string if it isn’t available on the object (and for directories), “ERROR” if there was an error reading it from the object and “UNSUPPORTED” if that object does not support that hash type.</p>
<p>(Though “rclone md5sum .” is an easier way of typing this.)</p>
<p>By default the separator is “;” this can be changed with the –separator flag. Note that separators aren’t escaped in the path so putting it last is a good strategy.</p>
<li><code>ls</code> to list size and path of objects only</li>
<li><code>lsl</code> to list modification time, size and path of objects only</li>
<li><code>lsd</code> to list directories only</li>
<li><code>lsf</code> to list objects and directories in easy to parse format</li>
<li><code>lsjson</code> to list objects and directories in JSON format</li>
</ul>
<p><code>ls</code>,<code>lsl</code>,<code>lsd</code> are designed to be human readable. <code>lsf</code> is designed to be human and machine readable. <code>lsjson</code> is designed to be machine readable.</p>
<p>Note that <code>ls</code> and <code>lsl</code> recurse by default - use “–max-depth 1” to stop the recursion.</p>
<p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use “-R” to make them recurse.</p>
<p>Listing a non existent directory will produce an error except for remotes which can’t have empty directories (eg s3, swift, gcs, etc - the bucket based remotes).</p>
<p>If –hash is not specified the Hashes property won’t be emitted.</p>
<p>If –no-modtime is specified then ModTime will be blank.</p>
<p>If –encrypted is not specified the Encrypted won’t be emitted.</p>
<p>If –dirs-only is not specified files in addition to directories are returned</p>
<p>If –files-only is not specified directories in addition to the files will be returned.</p>
<p>The Path field will only show folders below the remote path being listed. If “remote:path” contains the file “subfolder/file.txt”, the Path for “file.txt” will be “subfolder/file.txt”, not “remote:path/subfolder/file.txt”. When used without –recursive the Path will always be the same as Name.</p>
<p>The time is in RFC3339 format with up to nanosecond precision. The number of decimal digits in the seconds will depend on the precision that the remote can hold the times, so if times are accurate to the nearest millisecond (eg Google Drive) then 3 digits will always be shown (“2017-05-31T16:15:57.034+01:00”) whereas if the times are accurate to the nearest second (Dropbox, Box, WebDav etc) no digits will be shown (“2017-05-31T16:15:57+01:00”).</p>
<li><code>ls</code> to list size and path of objects only</li>
<li><code>lsl</code> to list modification time, size and path of objects only</li>
<li><code>lsd</code> to list directories only</li>
<li><code>lsf</code> to list objects and directories in easy to parse format</li>
<li><code>lsjson</code> to list objects and directories in JSON format</li>
</ul>
<p><code>ls</code>,<code>lsl</code>,<code>lsd</code> are designed to be human readable. <code>lsf</code> is designed to be human and machine readable. <code>lsjson</code> is designed to be machine readable.</p>
<p>Note that <code>ls</code> and <code>lsl</code> recurse by default - use “–max-depth 1” to stop the recursion.</p>
<p>The other list commands <code>lsd</code>,<code>lsf</code>,<code>lsjson</code> do not recurse by default - use “-R” to make them recurse.</p>
<p>Listing a non existent directory will produce an error except for remotes which can’t have empty directories (eg s3, swift, gcs, etc - the bucket based remotes).</p>
<p>The umount operation can fail, for example when the mountpoint is busy. When that happens, it is the user’s responsibility to stop the mount manually with</p>
<h3id="installing-on-windows">Installing on Windows</h3>
<p>To run rclone mount on Windows, you will need to download and install <ahref="http://www.secfs.net/winfsp/">WinFsp</a>.</p>
<p>WinFsp is an <ahref="https://github.com/billziss-gh/winfsp">open source</a> Windows File System Proxy which makes it easy to write user space file systems for Windows. It provides a FUSE emulation layer which rclone uses combination with <ahref="https://github.com/billziss-gh/cgofuse">cgofuse</a>. Both of these packages are by Bill Zissimopoulos who was very helpful during the implementation of rclone mount for Windows.</p>
<h4id="windows-caveats">Windows caveats</h4>
<p>Note that drives created as Administrator are not visible by other accounts (including the account that was elevated as Administrator). So if you start a Windows drive from an Administrative Command Prompt and then try to access the same drive from Explorer (which does not run as Administrator), you will not be able to see the new drive.</p>
<p>The easiest way around this is to start the drive from a normal command prompt. It is also possible to start a drive from the SYSTEM account (using <ahref="https://github.com/billziss-gh/winfsp/wiki/WinFsp-Service-Architecture">the WinFsp.Launcher infrastructure</a>) which creates drives accessible for everyone on the system or alternatively using <ahref="https://nssm.cc/usage">the nssm service manager</a>.</p>
<p>Without the use of “–vfs-cache-mode” this can only write files sequentially, it can only seek when reading. This means that many applications won’t work with their files on an rclone mount without “–vfs-cache-mode writes” or “–vfs-cache-mode full”. See the <ahref="#file-caching">File Caching</a> section for more info.</p>
<p>The bucket based remotes (eg Swift, S3, Google Compute Storage, B2, Hubic) do not support the concept of empty directories, so empty directories will have a tendency to disappear once they fall out of the directory cache.</p>
<p>File systems expect things to be 100% reliable, whereas cloud storage systems are a long way from 100% reliable. The rclone sync/copy commands cope with this with lots of retries. However rclone mount can’t use retries in the same way without making local copies of the uploads. Look at the <ahref="#file-caching">file caching</a> for solutions to make mount more reliable.</p>
<p>In theory 0s should be the correct value for filesystems which can change outside the control of the kernel. However this causes quite a few problems such as <ahref="https://github.com/rclone/rclone/issues/2157">rclone using too much memory</a>, <ahref="https://forum.rclone.org/t/rclone-1-39-vs-1-40-mount-issue/5112">rclone not serving files to samba</a> and <ahref="https://github.com/rclone/rclone/issues/2095#issuecomment-371141147">excessive time listing directories</a>.</p>
<p>The kernel can cache the info about a file for the time given by “–attr-timeout”. You may see corruption if the remote file changes length during this window. It will show up as either a truncated file or a file with garbage on the end. With “–attr-timeout 1s” this is very unlikely but not impossible. The higher you set “–attr-timeout” the more likely it is. The default setting of “1s” is the lowest setting which mitigates the problems above.</p>
<p>If you set it higher (‘10s’ or ‘1m’ say) then the kernel will call back to rclone less often making it more efficient, however there is more chance of the corruption issue above.</p>
<p>If files don’t change on the remote outside of the control of rclone then there is no chance of corruption.</p>
<p>When running rclone mount as a systemd service, it is possible to use Type=notify. In this case the service will enter the started state after the mountpoint has been successfully set up. Units having the rclone mount service specified as a requirement will see all files and folders immediately in this mode.</p>
<p>–vfs-read-chunk-size will enable reading the source objects in parts. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read at the cost of an increased number of requests.</p>
<p>When –vfs-read-chunk-size-limit is also specified and greater than –vfs-read-chunk-size, the chunk size for each open file will get doubled for each chunk read, until the specified value is reached. A value of -1 will disable the limit and the chunk size will grow indefinitely.</p>
<p>With –vfs-read-chunk-size 100M and –vfs-read-chunk-size-limit 0 the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When –vfs-read-chunk-size-limit 500M is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.</p>
<p>Chunked reading will only work with –vfs-cache-mode < full, as the file will always be copied to the vfs cache before opening with –vfs-cache-mode full.</p>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
--max-read-ahead SizeSuffix The number of bytes that can be prefetched for sequential reads. (default 128k)
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
-o, --option stringArray Option for libfuse/WinFsp. Repeat if required.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--volname string Set the volume name (not supported by all OSes).
--write-back-cache Makes kernel buffer writes before sending them to rclone. Without this, writethrough caching is used.</code></pre>
<p>This can be used to rename files or upload single files to other than their existing name. If the source is a directory then it acts exactly like the move command.</p>
<p>This displays a text based user interface allowing the navigation of a remote. It is most useful for answering the question - “What is using all my disk space?”.</p>
<p>To make the user interface it first scans the entire remote given and builds an in memory representation. rclone ncdu can be used during this scanning phase and you will see it building up the directory structure as it goes along.</p>
<p>This an homage to the <ahref="https://dev.yorhel.nl/ncdu">ncdu tool</a> but for rclone remotes. It is missing lots of features at the moment but is useful as it stands.</p>
<p>This runs a command against a running rclone. Use the –url flag to specify an non default URL to connect on. This can be either a “:port” which is taken to mean “http://localhost:port” or a “host:port” which is taken to mean “http://host:port”</p>
<p>A username and password can be passed in with –user and –pass.</p>
<p>Note that –rc-addr, –rc-user, –rc-pass will be read also for –url, –user, –pass.</p>
<p>The –json parameter can be used to pass in a JSON blob as an input instead of key=value arguments. This is the only way of passing in more complicated values.</p>
<p>Use –loopback to connect to the rclone instance running “rclone rc”. This is very useful for testing commands without having to run an rclone rc server, eg:</p>
<p>If the remote file already exists, it will be overwritten.</p>
<p>rcat will try to upload small files in a single request, which is usually more efficient than the streaming/chunked upload endpoints, which use multiple requests. Exact behaviour depends on the remote. What is considered a small file may be set through <code>--streaming-upload-cutoff</code>. Uploading only starts after the cutoff is reached or if the file ends before that. The data must fit into RAM. The cutoff needs to be small enough to adhere the limits of your remote, please see there. Generally speaking, setting this cutoff too high will decrease your performance.</p>
<p>Note that the upload can also not be retried because the data is not kept around until the upload succeeds. If you need to transfer a lot of data, you’re better off caching locally and then <code>rclone move</code> it to the destination.</p>
<p>This is useful if you are controlling rclone via the rc API.</p>
<p>If you pass in a path to a directory, rclone will serve that directory for GET requests on the URL passed in. It will also open the URL in the browser when rclone is run.</p>
<p>See the <ahref="https://rclone.org/rc/">rc documentation</a> for more info on the rc flags.</p>
<pre><code>rclone rcd <path to files to serve>* [flags]</code></pre>
<p>This removes any empty directories (or directories that only contain empty directories) under the path that it finds, including the path if it has nothing in.</p>
<p>rclone serve dlna is a DLNA media server for media stored in a rclone remote. Many devices, such as the Xbox and PlayStation, can automatically discover this server in the LAN and play audio/video from it. VLC is also supported. Service discovery uses UDP multicast packets (SSDP) and will thus only work on LANs.</p>
<p>Rclone will list all files present in the remote, without filtering based on media formats or file extensions. Additionally, there is no media transcoding support. This means that some players might show files that they are not able to play back correctly.</p>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<h3id="file-caching-1">File Caching</h3>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>In this mode all reads and writes are buffered to and from disk. When a file is opened for read it will be downloaded in its entirety first.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)</code></pre>
<p>rclone serve ftp implements a basic ftp server to serve the remote over FTP protocol. This can be viewed with a ftp client or you can make a remote of type ftp to read and write it.</p>
<p>Use –addr to specify which IP address and port the server should listen on, eg –addr 1.2.3.4:8000 or –addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
<p>If you set –addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<h3id="file-caching-2">File Caching</h3>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-cache-max-size int Max total size of objects in the cache. (default off)</code></pre>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>In this mode all reads and writes are buffered to and from disk. When a file is opened for read it will be downloaded in its entirety first.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
<p>If you supply the parameter <code>--auth-proxy /path/to/program</code> then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocl with input on STDIN and output on STDOUT.</p>
<p>There is an example program <ahref="https://github.com/rclone/rclone/blob/master/test_proxy.py">bin/test_proxy.py</a> in the rclone source code.</p>
<p>The program’s job is to take a <code>user</code> and <code>pass</code> on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won’t use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.</p>
<p>This config generated must have this extra parameter - <code>_root</code> - root to use for the backend</p>
<p>And it may have this parameter - <code>_obscure</code> - comma separated strings for parameters to obscure</p>
<p>For example the program might take this on STDIN</p>
<pre><code>{
"user": "me",
"pass": "mypassword"
}</code></pre>
<p>And return this on STDOUT</p>
<pre><code>{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}</code></pre>
<p>This would mean that an SFTP backend would be created on the fly for the <code>user</code> and <code>pass</code> returned in the output to the host given. Note that since <code>_obscure</code> is set to <code>pass</code>, rclone will obscure the <code>pass</code> parameter before creating the backend (which is required for sftp backends).</p>
<p>The progam can manipulate the supplied <code>user</code> in any way, for example to make proxy to many different sftp backends, you could make the <code>user</code> be <code>user@example.com</code> and then set the <code>host</code> to <code>example.com</code> in the output and the user to <code>user</code>. For security you’d probably want to restrict the <code>host</code> to a limited list.</p>
<p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don’t use <code>pass</code>. This also means that if a user’s password is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
<p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication. (empty value allow every password)
--passive-port string Passive port range to use. (default "30000-32000")
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)</code></pre>
<p>rclone serve http implements a basic web server to serve the remote over HTTP. This can be viewed in a web browser or you can make a remote of type http read from it.</p>
<p>Use –addr to specify which IP address and port the server should listen on, eg –addr 1.2.3.4:8000 or –addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
<p>If you set –addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
<p>–server-read-timeout and –server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
<p>–max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.</p>
<p>–baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used –baseurl “/rclone” then rclone would serve from a URL starting with “/rclone/”. This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing “/” on –baseurl, so –baseurl “rclone”, –baseurl “/rclone” and –baseurl “/rclone/” are all treated identically.</p>
<p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the –user and –pass flags.</p>
<p>Use –htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
<p>By default this will serve over http. If you want you can serve over https. You will need to supply the –cert and –key flags. If you wish to do client side certificate validation then you will need to supply –client-ca also.</p>
<p>–cert should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. –key should be the PEM encoded private key and –client-ca should be the PEM encoded client certificate authority certificate.</p>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
--htpasswd string htpasswd file - if not provided no authentication is done
--key string SSL PEM Private key
--max-header-bytes int Maximum size of request header (default 4096)
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--realm string realm for authentication (default "rclone")
--server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)</code></pre>
<p>rclone serve restic implements restic’s REST backend API over HTTP. This allows restic to use rclone as a data storage mechanism for cloud providers that restic does not support directly.</p>
<p>Once you have set up the remote, check it is working with, for example “rclone lsd remote:”. You may have called the remote something other than “remote:” - just substitute whatever you called it in the following instructions.</p>
<p>You might wish to start this server on boot.</p>
<h3id="setting-up-restic-to-use-rclone">Setting up restic to use rclone</h3>
<p>Now you can <ahref="http://restic.readthedocs.io/en/latest/030_preparing_a_new_repo.html#rest-server">follow the restic instructions</a> on setting up restic.</p>
<p>Note that you will need restic 0.8.2 or later to interoperate with rclone.</p>
<p>Note that you can use the endpoint to host multiple repositories. Do this by adding a directory name or path after the URL. Note that these <strong>must</strong> end with /. Eg</p>
<p>Use –addr to specify which IP address and port the server should listen on, eg –addr 1.2.3.4:8000 or –addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
<p>If you set –addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
<p>–server-read-timeout and –server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
<p>–max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.</p>
<p>–baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used –baseurl “/rclone” then rclone would serve from a URL starting with “/rclone/”. This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing “/” on –baseurl, so –baseurl “rclone”, –baseurl “/rclone” and –baseurl “/rclone/” are all treated identically.</p>
<p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the –user and –pass flags.</p>
<p>Use –htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
<p>By default this will serve over http. If you want you can serve over https. You will need to supply the –cert and –key flags. If you wish to do client side certificate validation then you will need to supply –client-ca also.</p>
<p>–cert should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. –key should be the PEM encoded private key and –client-ca should be the PEM encoded client certificate authority certificate.</p>
<p>rclone serve sftp implements an SFTP server to serve the remote over SFTP. This can be used with an SFTP client or you can make a remote of type sftp to use with it.</p>
<p>You can use the filter flags (eg –include, –exclude) to control what is served.</p>
<p>The server will log errors. Use -v to see access logs.</p>
<p>–bwlimit will be respected for file transfers. Use –stats to control the stats printing.</p>
<p>You must provide some means of authentication, either with –user/–pass, an authorized keys file (specify location with –authorized-keys - the default is the same as ssh) or set the –no-auth flag for no authentication when logging in.</p>
<p>Note that this also implements a small number of shell commands so that it can provide md5sum/sha1sum/df information for the rclone sftp backend. This means that is can support SHA1SUMs, MD5SUMs and the about command when paired with the rclone sftp backend.</p>
<p>If you don’t supply a –key then rclone will generate one and cache it for later use.</p>
<p>By default the server binds to localhost:2022 - if you want it to be reachable externally then supply “–addr :2022” for example.</p>
<p>Note that the default of “–vfs-cache-mode off” is fine for the rclone sftp backend, but it may not be with other SFTP clients.</p>
<h3id="directory-cache-4">Directory Cache</h3>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>The <code>--buffer-size</code> flag determines the amount of memory, that will be used to buffer data in advance.</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<h3id="file-caching-4">File Caching</h3>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
<p>You’ll need to enable VFS caching if you want, for example, to read and write simultaneously to a file. See below for more details.</p>
<p>Note that the VFS cache works in addition to the cache backend and you may find that you need one or the other or both.</p>
<pre><code>--cache-dir string Directory rclone will use for caching.
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-cache-max-size int Max total size of objects in the cache. (default off)</code></pre>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>These operations are not possible</p>
<ul>
<li>Files opened for write only can’t be seeked</li>
<li>Existing files opened for write must have O_TRUNC set</li>
<li>Files opened for write only will ignore O_APPEND, O_TRUNC</li>
<p>In this mode all reads and writes are buffered to and from disk. When a file is opened for read it will be downloaded in its entirety first.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
<p>If an upload or download fails it will be retried up to –low-level-retries times.</p>
<p>If you supply the parameter <code>--auth-proxy /path/to/program</code> then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocl with input on STDIN and output on STDOUT.</p>
<p>There is an example program <ahref="https://github.com/rclone/rclone/blob/master/test_proxy.py">bin/test_proxy.py</a> in the rclone source code.</p>
<p>The program’s job is to take a <code>user</code> and <code>pass</code> on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won’t use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.</p>
<p>This config generated must have this extra parameter - <code>_root</code> - root to use for the backend</p>
<p>And it may have this parameter - <code>_obscure</code> - comma separated strings for parameters to obscure</p>
<p>For example the program might take this on STDIN</p>
<pre><code>{
"user": "me",
"pass": "mypassword"
}</code></pre>
<p>And return this on STDOUT</p>
<pre><code>{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}</code></pre>
<p>This would mean that an SFTP backend would be created on the fly for the <code>user</code> and <code>pass</code> returned in the output to the host given. Note that since <code>_obscure</code> is set to <code>pass</code>, rclone will obscure the <code>pass</code> parameter before creating the backend (which is required for sftp backends).</p>
<p>The progam can manipulate the supplied <code>user</code> in any way, for example to make proxy to many different sftp backends, you could make the <code>user</code> be <code>user@example.com</code> and then set the <code>host</code> to <code>example.com</code> in the output and the user to <code>user</code>. For security you’d probably want to restrict the <code>host</code> to a limited list.</p>
<p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don’t use <code>pass</code>. This also means that if a user’s password is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
<p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
--gid uint32 Override the gid field set by the filesystem. (default 1000)
-h, --help help for sftp
--key string SSH private key file (leave blank to auto generate)
--no-auth Allow connections with no authentication if set.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--uid uint32 Override the uid field set by the filesystem. (default 1000)
--umask int Override the permission bits set by the filesystem. (default 2)
--user string User name for authentication.
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)</code></pre>
<p>rclone serve webdav implements a basic webdav server to serve the remote over HTTP via the webdav protocol. This can be viewed with a webdav client, through a web browser, or you can make a remote of type webdav to read and write it.</p>
<p>If this flag is set to “auto” then rclone will choose the first supported hash on the backend or you can use a named hash such as “MD5” or “SHA-1”.</p>
<p>Use –addr to specify which IP address and port the server should listen on, eg –addr 1.2.3.4:8000 or –addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.</p>
<p>If you set –addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.</p>
<p>–server-read-timeout and –server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.</p>
<p>–max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.</p>
<p>–baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used –baseurl “/rclone” then rclone would serve from a URL starting with “/rclone/”. This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing “/” on –baseurl, so –baseurl “rclone”, –baseurl “/rclone” and –baseurl “/rclone/” are all treated identically.</p>
<p>You can either use an htpasswd file which can take lots of users, or set a single username and password with the –user and –pass flags.</p>
<p>Use –htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.</p>
<p>By default this will serve over http. If you want you can serve over https. You will need to supply the –cert and –key flags. If you wish to do client side certificate validation then you will need to supply –client-ca also.</p>
<p>–cert should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. –key should be the PEM encoded private key and –client-ca should be the PEM encoded client certificate authority certificate.</p>
<p>Using the <code>--dir-cache-time</code> flag, you can set how long a directory should be considered up to date and not refreshed from the backend. Changes made locally in the mount may appear immediately or invalidate the cache. However, changes done on the remote will only be picked up once the cache expires.</p>
<p>Alternatively, you can send a <code>SIGHUP</code> signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:</p>
<p>Each open file descriptor will try to keep the specified amount of data in memory at all times. The buffered data is bound to one file descriptor and won’t be shared between multiple open file descriptors of the same file.</p>
<p>This flag is a upper limit for the used memory per file descriptor. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used. The maximum memory used by rclone for buffering can be up to <code>--buffer-size * open files</code>.</p>
<p>These flags control the VFS file caching options. The VFS layer is used by rclone mount to make a cloud storage system work more like a normal file system.</p>
<p>If run with <code>-vv</code> rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with <code>--cache-dir</code> or setting the appropriate environment variable.</p>
<p>The cache has 4 different modes selected by <code>--vfs-cache-mode</code>. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.</p>
<p>Note that files are written back to the remote only when they are closed so if rclone is quit or dies with open files then these won’t get written back to the remote. However they will still be in the on disk cache.</p>
<p>If using –vfs-cache-max-size note that the cache may exceed this size for two reasons. Firstly because it is only checked every –vfs-cache-poll-interval. Secondly because open files cannot be evicted from the cache.</p>
<p>This is very similar to “off” except that files opened for read AND write will be buffered to disks. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.</p>
<p>This may be appropriate for your needs, or you may prefer to look at the cache backend which does a much more sophisticated job of caching, including caching directory hierarchies and chunks of files.</p>
<p>In this mode, unlike the others, when a file is written to the disk, it will be kept on the disk after it is written to the remote. It will be purged on a schedule according to <code>--vfs-cache-max-age</code>.</p>
<p>This mode should support all normal file system operations.</p>
<p>If you supply the parameter <code>--auth-proxy /path/to/program</code> then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocl with input on STDIN and output on STDOUT.</p>
<p>There is an example program <ahref="https://github.com/rclone/rclone/blob/master/test_proxy.py">bin/test_proxy.py</a> in the rclone source code.</p>
<p>The program’s job is to take a <code>user</code> and <code>pass</code> on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won’t use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.</p>
<p>This config generated must have this extra parameter - <code>_root</code> - root to use for the backend</p>
<p>And it may have this parameter - <code>_obscure</code> - comma separated strings for parameters to obscure</p>
<p>For example the program might take this on STDIN</p>
<pre><code>{
"user": "me",
"pass": "mypassword"
}</code></pre>
<p>And return this on STDOUT</p>
<pre><code>{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}</code></pre>
<p>This would mean that an SFTP backend would be created on the fly for the <code>user</code> and <code>pass</code> returned in the output to the host given. Note that since <code>_obscure</code> is set to <code>pass</code>, rclone will obscure the <code>pass</code> parameter before creating the backend (which is required for sftp backends).</p>
<p>The progam can manipulate the supplied <code>user</code> in any way, for example to make proxy to many different sftp backends, you could make the <code>user</code> be <code>user@example.com</code> and then set the <code>host</code> to <code>example.com</code> in the output and the user to <code>user</code>. For security you’d probably want to restrict the <code>host</code> to a limited list.</p>
<p>Note that an internal cache is keyed on <code>user</code> so only use that for configuration, don’t use <code>pass</code>. This also means that if a user’s password is changed the cache will need to expire (which takes 5 mins) before it takes effect.</p>
<p>This can be used to build general purpose proxies to any kind of backend that rclone supports.</p>
--htpasswd string htpasswd file - if not provided no authentication is done
--key string SSL PEM Private key
--max-header-bytes int Maximum size of request header (default 4096)
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--realm string realm for authentication (default "rclone")
--server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)</code></pre>
<p>rclone settier changes storage tier or class at remote if supported. Few cloud storage services provides different storage classes on objects, for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool and Archive, Google Cloud Storage, Regional Storage, Nearline, Coldline etc.</p>
<p>Note that, certain tier changes make objects not available to access immediately. For example tiering to archive in azure blob storage makes objects in frozen state, user can restore by setting tier to Hot/Cool, similarly S3 to Glacier makes object inaccessible.true</p>
-C, --no-create Do not create the file if it does not exist.
-t, --timestamp string Change the modification times to the specified time instead of the current time of day. The argument is of the form 'YYMMDD' (ex. 17.10.30) or 'YYYY-MM-DDTHH:MM:SS' (ex. 2006-01-02T15:04:05)</code></pre>
<p>You can use any of the filtering options with the tree command (eg –include and –exclude). You can also use –fast-list.</p>
<p>The tree command has many options for controlling the listing which are compatible with the tree command. Note that not all of them have short options as they conflict with rclone’s short options.</p>
<p>rclone normally syncs or copies directories. However, if the source remote points to a file, rclone will just copy that file. The destination remote must point to a directory - rclone will give the error <code>Failed to create file system for "remote:file": is a file not a directory</code> if it isn’t.</p>
<p>It is recommended to use <code>copy</code> when copying individual files, not <code>sync</code>. They have pretty much the same effect but <code>copy</code> will use a lot less memory.</p>
<h2id="syntax-of-remote-paths">Syntax of remote paths</h2>
<p>The syntax of the paths passed to the rclone command are as follows.</p>
<h3id="pathtodir">/path/to/dir</h3>
<p>This refers to the local file system.</p>
<p>On Windows only <code>\</code> may be used instead of <code>/</code> in local paths <strong>only</strong>, non local paths must use <code>/</code>.</p>
<p>This refers to a directory <code>path/to/dir</code> on <code>remote:</code> as defined in the config file (configured with <code>rclone config</code>).</p>
<p>On most backends this is refers to the same directory as <code>remote:path/to/dir</code> and that format should be preferred. On a very small number of remotes (FTP, SFTP, Dropbox for business) this will refer to a different directory. On these, paths without a leading <code>/</code> will refer to your “home” directory and paths with a leading <code>/</code> will refer to the root.</p>
<p>This is an advanced form for creating remotes on the fly. <code>backend</code> should be the name or prefix of a backend (the <code>type</code> in the config file) and all the configuration for the backend should be provided on the command line (or in environment variables).</p>
<p>To copy files and directories from <code>example.com</code> in the relative directory <code>path/to/dir</code> to <code>/tmp/dir</code> using sftp.</p>
<h2id="quoting-and-the-shell">Quoting and the shell</h2>
<p>When you are typing commands to your computer you are using something called the command line shell. This interprets various characters in an OS specific way.</p>
<p>Here are some gotchas which may help users unfamiliar with the shell rules</p>
<h3id="linux-osx">Linux / OSX</h3>
<p>If your names have spaces or shell metacharacters (eg <code>*</code>, <code>?</code>, <code>$</code>, <code>'</code>, <code>"</code> etc) then you must quote them. Use single quotes <code>'</code> by default.</p>
<p>If you are using the root directory on its own then don’t quote it (see <ahref="https://github.com/rclone/rclone/issues/464">#464</a> for why), eg</p>
<h2id="copying-files-or-directories-with-in-the-names">Copying files or directories with <code>:</code> in the names</h2>
<p>rclone uses <code>:</code> to mark a remote name. This is, however, a valid filename component in non-Windows OSes. The remote name parser will only search for a <code>:</code> up to the first <code>/</code> so if you need to act on a file or directory like this then use the full path starting with a <code>/</code>, or use <code>./</code> as a current directory prefix.</p>
<p>So to sync a directory called <code>sync:me</code> to a remote called <code>remote:</code> use</p>
<p>This means if you want to copy one folder to another then rclone won’t download all the files and re-upload them; it will instruct the server to copy them in place.</p>
<p>Remotes which don’t support server side copy <strong>will</strong> download and re-upload in this case.</p>
<p>Server side copies are used with <code>sync</code> and <code>copy</code> and will be identified in the log when using the <code>-v</code> flag. The <code>move</code> command may also use them if remote doesn’t support server side move directly. This is done by issuing a server side copy then a delete which is much quicker than a download and re-upload.</p>
<p>Options that take parameters can have the values passed in two ways, <code>--option=value</code> or <code>--option value</code>. However boolean (true/false) options behave slightly differently to the other options in that <code>--boolean</code> sets the option to <code>true</code> and the absence of the flag sets it to <code>false</code>. It is also possible to specify <code>--boolean=false</code> or <code>--boolean=true</code>. Note that <code>--boolean false</code> is not valid - this is parsed as <code>--boolean</code> and the <code>false</code> is parsed as an extra command line argument for rclone.</p>
<p>Options which use TIME use the go time parser. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as “300ms”, “-1.5h” or “2h45m”. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”.</p>
<p>Options which use SIZE use kByte by default. However, a suffix of <code>b</code> for bytes, <code>k</code> for kBytes, <code>M</code> for MBytes, <code>G</code> for GBytes, <code>T</code> for TBytes and <code>P</code> for PBytes may be used. These are the binary units, eg 1, 2**10, 2**20, 2**30 respectively.</p>
<p>When using <code>sync</code>, <code>copy</code> or <code>move</code> any files which would have been overwritten or deleted are moved in their original hierarchy into this directory.</p>
<p>If <code>--suffix</code> is set, then the moved files will have the suffix added to them. If there is a file with the same path (after the suffix has been added) in DIR, then it will be overwritten.</p>
<p>The remote in use must support server side move or copy and you must use the same remote as the destination of the sync. The backup directory must not overlap the destination directory.</p>
<p>will sync <code>/path/to/local</code> to <code>remote:current</code>, but for any files which would have been updated or deleted will be stored in <code>remote:old</code>.</p>
<p>If running rclone from a script you might want to use today’s date as the directory name passed to <code>--backup-dir</code> to store the old files, or you might want to pass <code>--suffix</code> with today’s date.</p>
<p>Local address to bind to for outgoing connections. This can be an IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name. If the host name doesn’t resolve or resolves to more than one IP address it will give an error.</p>
<p>This option controls the bandwidth limit. Limits can be specified in two ways: As a single limit, or as a timetable.</p>
<p>Single limits last for the duration of the session. To use a single limit, specify the desired bandwidth in kBytes/s, or use a suffix b|k|M|G. The default is <code>0</code> which means to not limit bandwidth.</p>
<p>It is also possible to specify a “timetable” of limits, which will cause certain limits to be applied at certain times. To specify a timetable, format your entries as “WEEKDAY-HH:MM,BANDWIDTH WEEKDAY-HH:MM,BANDWIDTH…” where: WEEKDAY is optional element. It could be written as whole world or only using 3 first characters. HH:MM is an hour from 00:00 to 23:59.</p>
<p>In this example, the transfer bandwidth will be every day set to 512kBytes/sec at 8am. At noon, it will raise to 10Mbytes/s, and drop back to 512kBytes/sec at 1pm. At 6pm, the bandwidth limit will be set to 30MBytes/s, and at 11pm it will be completely disabled (full speed). Anything between 11pm and 8am will remain unlimited.</p>
<p>An example of timetable with WEEKDAY could be:</p>
<p>It mean that, the transfer bandwidth will be set to 512kBytes/sec on Monday. It will raise to 10Mbytes/s before the end of Friday. At 10:00 on Sunday it will be set to 1Mbyte/s. From 20:00 at Sunday will be unlimited.</p>
<p>Bandwidth limits only apply to the data transfer. They don’t apply to the bandwidth of the directory listings etc.</p>
<p>Note that the units are Bytes/s, not Bits/s. Typically connections are measured in Bits/s - to convert divide by 8. For example, let’s say you have a 10 Mbit/s connection and you wish rclone to use half of it - 5 Mbit/s. This is 5/8 = 0.625MByte/s so you would use a <code>--bwlimit 0.625M</code> parameter for rclone.</p>
<p>On Unix systems (Linux, MacOS, …) the bandwidth limiter can be toggled by sending a <code>SIGUSR2</code> signal to rclone. This allows to remove the limitations of a long running rclone transfer and to restore it back to the value specified with <code>--bwlimit</code> quickly when needed. Assuming there is only one rclone instance running, you can toggle the limiter like this:</p>
<p>When using <code>mount</code> or <code>cmount</code> each open file descriptor will use this much memory for buffering. See the <ahref="/commands/rclone_mount/#file-buffering">mount</a> documentation for more details.</p>
<p>The number of checkers to run in parallel. Checkers do the equality checking of files during a sync. For some storage systems (eg S3, Swift, Dropbox) this can take a significant amount of time so they are run in parallel.</p>
<p>Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check the file hash and size to determine if files are equal.</p>
<p>This is very useful when transferring between remotes which store the same hash type on the object, eg Drive and Swift. For details of which remotes support which hash type see the table in the <ahref="https://rclone.org/overview/">overview section</a>.</p>
<p>When using <code>sync</code>, <code>copy</code> or <code>move</code> DIR is checked in addition to the destination for files. If a file identical to the source is found that file is NOT copied from source. This is useful to copy just files that have changed since the last backup.</p>
<p>You must use the same remote as the destination of the sync. The compare directory must not overlap the destination directory.</p>
<p>See <code>--copy-dest</code> and <code>--backup-dir</code>.</p>
<p>Normally the config file is in your home directory as a file called <code>.config/rclone/rclone.conf</code> (or <code>.rclone.conf</code> if created with an older version). If <code>$XDG_CONFIG_HOME</code> is set it will be at <code>$XDG_CONFIG_HOME/rclone/rclone.conf</code>.</p>
<p>If there is a file <code>rclone.conf</code> in the same directory as the rclone executable it will be preferred. This file must be created manually for Rclone to use it, it will never be created automatically.</p>
<p>Set the connection timeout. This should be in go time format which looks like <code>5s</code> for 5 seconds, <code>10m</code> for 10 minutes, or <code>3h30m</code>.</p>
<p>The connection timeout is the amount of time rclone will wait for a connection to go through to a remote object storage system. It is <code>1m</code> by default.</p>
<p>When using <code>sync</code>, <code>copy</code> or <code>move</code> DIR is checked in addition to the destination for files. If a file identical to the source is found that file is server side copied from DIR to the destination. This is useful for incremental backup.</p>
<p>The remote in use must support server side copy and you must use the same remote as the destination of the sync. The compare directory must not overlap the destination directory.</p>
<p>See <code>--compare-dest</code> and <code>--backup-dir</code>.</p>
<p>Mode to run dedupe command in. One of <code>interactive</code>, <code>skip</code>, <code>first</code>, <code>newest</code>, <code>oldest</code>, <code>rename</code>. The default is <code>interactive</code>. See the dedupe command for more information as to what these options mean.</p>
<p>This disables a comma separated list of optional features. For example to disable server side move and server side copy use:</p>
<pre><code>--disable move,copy</code></pre>
<p>The features can be put in in any case.</p>
<p>To see a list of which features can be disabled use:</p>
<pre><code>--disable help</code></pre>
<p>See the overview <ahref="/overview/#features">features</a> and <ahref="/overview/#optional-features">optional features</a> to get an idea of which feature does what.</p>
<p>This flag can be useful for debugging and in exceptional circumstances (eg Google Drive limiting the total volume of Server Side Copies to 100GB/day).</p>
<p>Do a trial run with no permanent changes. Use this to see what rclone would do without actually doing it. Useful when setting up the <code>sync</code> command which deletes files in the destination.</p>
<p>Using this option will cause rclone to ignore the case of the files when synchronizing so files will not be copied/synced when the existing filenames are the same, even if the casing is different.</p>
<p>Normally rclone will check that the checksums of transferred files match, and give an error “corrupted on transfer” if they don’t.</p>
<p>You can use this option to skip that check. You should only use it if you have had the “corrupted on transfer” error message and you are sure you might want to transfer potentially corrupted data.</p>
<p>While this isn’t a generally recommended option, it can be useful in cases where your files change due to encryption. However, it cannot correct partial transfers in case a transfer was interrupted.</p>
<p>Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check only the modification time. If <code>--checksum</code> is set then it only checks the checksum.</p>
<p>It will also cause rclone to skip verifying the sizes are the same after transfer.</p>
<p>This can be useful for transferring files to and from OneDrive which occasionally misreports the size of image files (see <ahref="https://github.com/rclone/rclone/issues/399">#399</a> for more info).</p>
<p>Using this option will cause rclone to unconditionally upload all files regardless of the state of files on the destination.</p>
<p>Normally rclone would skip any files that have the same modification time and are the same size (or have the same checksum if using <code>--checksum</code>).</p>
<p>Treat source and destination files as immutable and disallow modification.</p>
<p>With this option set, files will be created and deleted as requested, but existing files will never be updated. If an existing file does not match between the source and destination, rclone will give the error <code>Source and destination exist but do not match: immutable file modified</code>.</p>
<p>Note that only commands which transfer files (e.g. <code>sync</code>, <code>copy</code>, <code>move</code>) are affected by this behavior, and only modification is disallowed. Files may still be deleted explicitly (e.g. <code>delete</code>, <code>purge</code>) or implicitly (e.g. <code>sync</code>, <code>move</code>). Use <code>copy --immutable</code> if it is desired to avoid deletion as well as modification.</p>
<p>This can be useful as an additional layer of protection for immutable or append-only data sets (notably backup archives), where modification implies corruption and should not be propagated.</p>
<p>During rmdirs it will not remove root directory, even if it’s empty.</p>
<h3id="log-filefile">–log-file=FILE</h3>
<p>Log all of rclone’s output to FILE. This is not active by default. This can be useful for tracking down problems with syncs in combination with the <code>-v</code> flag. See the <ahref="#logging">Logging section</a> for more info.</p>
<p>Note that if you are using the <code>logrotate</code> program to manage rclone’s logs, then you should use the <code>copytruncate</code> option as rclone doesn’t have a signal to rotate logs.</p>
<h3id="log-format-list">–log-format LIST</h3>
<p>Comma separated list of log format options. <code>date</code>, <code>time</code>, <code>microseconds</code>, <code>longfile</code>, <code>shortfile</code>, <code>UTC</code>. The default is “<code>date</code>,<code>time</code>”.</p>
<p><code>DEBUG</code> is equivalent to <code>-vv</code>. It outputs lots of debug info - useful for bug reports and really finding out what rclone is doing.</p>
<p><code>INFO</code> is equivalent to <code>-v</code>. It outputs information about each transfer and prints stats once a minute by default.</p>
<p><code>NOTICE</code> is the default log level if no logging flags are supplied. It outputs very little when things are working normally. It outputs warnings and significant events.</p>
<p>This controls the number of low level retries rclone does.</p>
<p>A low level retry is used to retry a failing operation - typically one HTTP request. This might be uploading a chunk of a big file for example. You will see low level retries in the log with the <code>-v</code> flag.</p>
<p>This shouldn’t need to be changed from the default in normal operations. However, if you get a lot of low level retries you may wish to reduce the value so rclone moves on to a high level retry (see the <code>--retries</code> flag) quicker.</p>
<p>This is the maximum allowable backlog of files in a sync/copy/move queued for being checked or transferred.</p>
<p>This can be set arbitrarily large. It will only use memory when the queue is in use. Note that it will use in the order of N kB of memory when the backlog is in use.</p>
<p>Setting this large allows rclone to calculate how many files are pending more accurately and give a more accurate estimated finish time.</p>
<p>Setting this small will make rclone more synchronous to the listings of the remote which may be desirable.</p>
<p>This tells rclone not to delete more than N files. If that limit is exceeded then a fatal error will be generated and rclone will stop the operation in progress.</p>
<p>This modifies the recursion depth for all the commands except purge.</p>
<p>So if you do <code>rclone --max-depth 1 ls remote:path</code> you will see only the files in the top level directory. Using <code>--max-depth 2</code> means you will see all the files in first two directory levels and so on.</p>
<p>For historical reasons the <code>lsd</code> command defaults to using a <code>--max-depth</code> of 1 - you can override this with the command line flag.</p>
<p>You can use this command to disable recursion (with <code>--max-depth 1</code>).</p>
<p>Note that if you use this with <code>sync</code> and <code>--delete-excluded</code> the files not recursed through are considered excluded and will be deleted on the destination. Test first with <code>--dry-run</code> if you are not sure what will happen.</p>
<p>When checking whether a file has been modified, this is the maximum allowed time difference that a file can have and still be considered equivalent.</p>
<p>The default is <code>1ns</code> unless this is overridden by a remote. For example OS X only stores modification times to the nearest second so if you are reading and writing to an OS X filing system this will be <code>1s</code> by default.</p>
<p>This command line flag allows you to override that computed default.</p>
<p>When downloading files to the local backend above this size, rclone will use multiple threads to download the file. (default 250M)</p>
<p>Rclone preallocates the file (using <code>fallocate(FALLOC_FL_KEEP_SIZE)</code> on unix or <code>NTSetInformationFile</code> on Windows both of which takes no time) then each thread writes directly into the file at the correct place. This means that rclone won’t create fragmented or sparse files and there won’t be any assembly time at the end of the transfer.</p>
<p>The number of threads used to dowload is controlled by <code>--multi-thread-streams</code>.</p>
<p>Use <code>-vv</code> if you wish to see info about the threads.</p>
<p>This will work with the <code>sync</code>/<code>copy</code>/<code>move</code> commands and friends <code>copyto</code>/<code>moveto</code>. Multi thread downloads will be used with <code>rclone mount</code> and <code>rclone serve</code> if <code>--vfs-cache-mode</code> is set to <code>writes</code> or above.</p>
<p><strong>NB</strong> that this <strong>only</strong> works for a local destination but will work with any source.</p>
<p><strong>NB</strong> that multi thread copies are disabled for local to local copies as they are faster without unless <code>--multi-thread-streams</code> is set explicitly.</p>
<p>When using multi thread downloads (see above <code>--multi-thread-cutoff</code>) this sets the maximum number of streams to use. Set to <code>0</code> to disable multi thread downloads. (Default 4)</p>
<p>Exactly how many streams rclone uses for the download depends on the size of the file. To calculate the number of download streams Rclone divides the size of the file by the <code>--multi-thread-cutoff</code> and rounds up, up to the maximum set with <code>--multi-thread-streams</code>.</p>
<p>So if <code>--multi-thread-cutoff 250MB</code> and <code>--multi-thread-streams 4</code> are in effect (the defaults):</p>
<ul>
<li>0MB.250MB files will be downloaded with 1 stream</li>
<li>250MB..500MB files will be downloaded with 2 streams</li>
<li>500MB..750MB files will be downloaded with 3 streams</li>
<li>750MB+ files will be downloaded with 4 streams</li>
<p>Don’t set <code>Accept-Encoding: gzip</code>. This means that rclone won’t ask the server for compressed files automatically. Useful if you’ve set the server to return files with <code>Content-Encoding: gzip</code> but you uploaded compressed files.</p>
<p>The <code>--no-traverse</code> flag controls whether the destination file system is traversed when using the <code>copy</code> or <code>move</code> commands. <code>--no-traverse</code> is not compatible with <code>sync</code> and will be ignored if you supply it with <code>sync</code>.</p>
<p>If you are only copying a small number of files (or are filtering most of the files) and/or have a large number of files on the destination then <code>--no-traverse</code> will stop rclone listing the destination and save time.</p>
<p>However, if you are copying a large number of files, especially if you are doing a copy where lots of the files under consideration haven’t changed and won’t need copying then you shouldn’t use <code>--no-traverse</code>.</p>
<p>See <ahref="https://rclone.org/commands/rclone_copy/">rclone copy</a> for an example of how to use it.</p>
<h3id="no-update-modtime">–no-update-modtime</h3>
<p>When using this flag, rclone won’t update modification times of remote files if they are incorrect as it would normally.</p>
<p>This flag makes rclone update the stats in a static block in the terminal providing a realtime overview of the transfer.</p>
<p>Any log messages will scroll above the static block. Log messages will push the static block down to the bottom of the terminal where it will stay.</p>
<p>Normally this is updated every 500mS but this period can be overridden with the <code>--stats</code> flag.</p>
<p>This can be used with the <code>--stats-one-line</code> flag for a simpler display.</p>
<p>Note: On Windows until<ahref="https://github.com/Azure/go-ansiterm/issues/26">this bug</a> is fixed all non-ASCII characters will be replaced with <code>.</code> when <code>--progress</code> is in use.</p>
<p>Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check only the size.</p>
<p>This can be useful transferring files from Dropbox which have been modified by the desktop sync client which doesn’t set checksums of modification times in the same way as rclone.</p>
<p>Commands which transfer data (<code>sync</code>, <code>copy</code>, <code>copyto</code>, <code>move</code>, <code>moveto</code>) will print data transfer stats at regular intervals to show their progress.</p>
<p>If you set the stats interval then all commands can show stats. This can be useful when running other commands, <code>check</code> or <code>mount</code> for example.</p>
<p>Stats are logged at <code>INFO</code> level by default which means they won’t show at default log level <code>NOTICE</code>. Use <code>--stats-log-level NOTICE</code> or <code>-v</code> to make them show. See the <ahref="#logging">Logging section</a> for more info on log levels.</p>
<p>By default, the <code>--stats</code> output will truncate file names and paths longer than 40 characters. This is equivalent to providing <code>--stats-file-name-length 40</code>. Use <code>--stats-file-name-length 0</code> to disable any truncation of file names printed by stats.</p>
<p>Log level to show <code>--stats</code> output at. This can be <code>DEBUG</code>, <code>INFO</code>, <code>NOTICE</code>, or <code>ERROR</code>. The default is <code>INFO</code>. This means at the default level of logging which is <code>NOTICE</code> the stats won’t show - if you want them to then use <code>--stats-log-level NOTICE</code>. See the <ahref="#logging">Logging section</a> for more info on log levels.</p>
<p>When this is specified, rclone enables the single-line stats and prepends the display with a date string. The default is <code>2006/01/02 15:04:05 -</code></p>
<p>When this is specified, rclone enables the single-line stats and prepends the display with a user-supplied date string. The date string MUST be enclosed in quotes. Follow <ahref="https://golang.org/pkg/time/#Time.Format">golang specs</a> for date formatting syntax.</p>
<p>When using <code>sync</code>, <code>copy</code> or <code>move</code> any files which would have been overwritten or deleted will have the suffix added to them. If there is a file with the same path (after the suffix has been added), then it will be overwritten.</p>
<p>The remote in use must support server side move or copy and you must use the same remote as the destination of the sync.</p>
<p>This is for use with files to add the suffix in the current directory or with <code>--backup-dir</code>. See <code>--backup-dir</code> for more info.</p>
<p>will sync <code>/path/to/local</code> to <code>remote:current</code>, but for any files which would have been updated or deleted have .bak added.</p>
<p>When using <code>--suffix</code>, setting this causes rclone put the SUFFIX before the extension of the files that it backs up rather than after.</p>
<p>So let’s say we had <code>--suffix -2019-01-01</code>, without the flag <code>file.txt</code> would be backed up to <code>file.txt-2019-01-01</code> and with the flag it would be backed up to <code>file-2019-01-01.txt</code>. This can be helpful to make sure the suffixed files can still be opened.</p>
<p>If using <code>--syslog</code> this sets the syslog facility (eg <code>KERN</code>, <code>USER</code>). See <code>man syslog</code> for a list of possible facilities. The default facility is <code>DAEMON</code>.</p>
<p>Limit HTTP transactions per second to this. Default is 0 which is used to mean unlimited transactions per second.</p>
<p>For example to limit rclone to 10 HTTP transactions per second use <code>--tpslimit 10</code>, or to 1 transaction every 2 seconds use <code>--tpslimit 0.5</code>.</p>
<p>Use this when the number of transactions per second from rclone is causing a problem with the cloud storage provider (eg getting you banned or rate limited).</p>
<p>This can be very useful for <code>rclone mount</code> to control the behaviour of applications using it.</p>
<p>Max burst of transactions for <code>--tpslimit</code>. (default 1)</p>
<p>Normally <code>--tpslimit</code> will do exactly the number of transaction per second specified. However if you supply <code>--tps-burst</code> then rclone can save up some transactions from when it was idle giving a burst of up to the parameter supplied.</p>
<p>For example if you provide <code>--tpslimit-burst 10</code> then if rclone has been idle for more than 10*<code>--tpslimit</code> then it can do 10 transactions very quickly before they are limited again.</p>
<p>This may be used to increase performance of <code>--tpslimit</code> without changing the long term average number of transactions per second.</p>
<p>By default, rclone doesn’t keep track of renamed files, so if you rename a file locally then sync it to a remote, rclone will delete the old file on the remote and upload a new copy.</p>
<p>If you use this flag, and the remote supports server side copy or server side move, and the source and destination have a compatible hash, then this will track renames during <code>sync</code> operations and perform renaming server-side.</p>
<p>If the destination does not support server-side copy or move, rclone will fall back to the default behaviour and log an error level message to the console. Note: Encrypted destinations are not supported by <code>--track-renames</code>.</p>
<p>Note that <code>--track-renames</code> is incompatible with <code>--no-traverse</code> and that it uses extra memory to keep track of all the rename candidates.</p>
<p>Note also that <code>--track-renames</code> is incompatible with <code>--delete-before</code> and will select <code>--delete-after</code> instead of <code>--delete-during</code>.</p>
<p>Specifying the value <code>--delete-before</code> will delete all files present on the destination, but not on the source <em>before</em> starting the transfer of any new or updated files. This uses two passes through the file systems, one for the deletions and one for the copies.</p>
<p>Specifying <code>--delete-during</code> will delete files while checking and uploading files. This is the fastest option and uses the least memory.</p>
<p>Specifying <code>--delete-after</code> (the default value) will delay deletion of files until all new/updated files have been successfully transferred. The files to be deleted are collected in the copy pass then deleted after the copy pass has completed successfully. The files to be deleted are held in memory so this mode may use more memory. This is the safest mode as it will only delete files if there have been no errors subsequent to that. If there have been errors before the deletions start then you will get the message <code>not deleting files as there were IO errors</code>.</p>
<p>When doing anything which involves a directory listing (eg <code>sync</code>, <code>copy</code>, <code>ls</code> - in fact nearly every command), rclone normally lists a directory and processes it before using more directory lists to process any subdirectories. This can be parallelised and works very quickly using the least amount of memory.</p>
<p>However, some remotes have a way of listing all files beneath a directory in one (or a small number) of transactions. These tend to be the bucket based remotes (eg S3, B2, GCS, Swift, Hubic).</p>
<p>If you use the <code>--fast-list</code> flag then rclone will use this method for listing directories. This will have the following consequences for the listing:</p>
<ul>
<li>It <strong>will</strong> use fewer transactions (important if you pay for them)</li>
<li>It <strong>will</strong> use more memory. Rclone has to load the whole listing into memory.</li>
<li>It <em>may</em> be faster because it uses fewer transactions</li>
<p>If you pay for transactions and can fit your entire sync listing into memory then <code>--fast-list</code> is recommended. If you have a very big sync to do then don’t use <code>--fast-list</code> otherwise you will run out of memory.</p>
<p>If you use <code>--fast-list</code> on a remote which doesn’t support it, then rclone will just ignore it.</p>
<p>The number of file transfers to run in parallel. It can sometimes be useful to set this to a smaller number if the remote is giving a lot of timeouts or bigger if you have lots of bandwidth and a fast remote.</p>
<p>The default is to run 4 file transfers in parallel.</p>
<p>This can be useful when transferring to a remote which doesn’t support mod times directly (or when using <code>--use-server-modtime</code> to avoid extra API calls) as it is more accurate than a <code>--size-only</code> check and faster than using <code>--checksum</code>.</p>
<p>If an existing destination file has a modification time equal (within the computed modify window precision) to the source file’s, it will be updated if the sizes are different. If <code>--checksum</code> is set then rclone will update the destination if the checksums differ too.</p>
<p>If an existing destination file is older than the source file then it will be updated if the size or checksum differs from the source file.</p>
<p>On remotes which don’t support mod time directly (or when using <code>--use-server-modtime</code>) the time checked will be the uploaded time. This means that if uploading to one of these remotes, rclone will skip any files which exist on the destination and have an uploaded time that is newer than the modification time of the source file.</p>
<p>If this flag is set then rclone will use anonymous memory allocated by mmap on Unix based platforms and VirtualAlloc on Windows for its transfer buffers (size controlled by <code>--buffer-size</code>). Memory allocated like this does not go on the Go heap and can be returned to the OS immediately when it is finished with.</p>
<p>If this flag is not set then rclone will allocate and free the buffers using the Go memory allocator which may use more memory as memory pages are returned less aggressively to the OS.</p>
<p>It is possible this does not work well on all platforms so it is disabled by default; in the future it may be enabled by default.</p>
<p>Some object-store backends (e.g, Swift, S3) do not preserve file modification times (modtime). On these backends, rclone stores the original modtime as additional metadata on the object. By default it will make an API call to retrieve the metadata when the modtime is needed by an operation.</p>
<p>Use this flag to disable the extra API call and rely instead on the server’s modified time. In cases such as a local to remote sync using <code>--update</code>, knowing the local file is newer than the time it was last uploaded to the remote is sufficient. In those cases, this flag can speed up the process and reduce the number of API calls necessary.</p>
<p>Using this flag on a sync operation without also using <code>--update</code> would cause all files modified at any time other than the last upload time to be uploaded again, which is probably not what you want.</p>
<p>With <code>-v</code> rclone will tell you about each file that is transferred and a small number of significant events.</p>
<p>With <code>-vv</code> rclone will become very verbose telling you about every file it considers and transfers. Please send bug reports with a log with this setting.</p>
<p>The outoing SSL/TLS connections rclone makes can be controlled with these options. For example this can be very useful with the HTTP or WebDAV backends. Rclone HTTP servers have their own set of configuration for SSL/TLS which you can find in their documentation.</p>
<h3id="ca-cert-string">–ca-cert string</h3>
<p>This loads the PEM encoded certificate authority certificate and uses it to verify the certificates of the servers rclone connects to.</p>
<p>If you have generated certificates signed with a local CA then you will need this flag to connect to servers using those certificates.</p>
<p><code>--no-check-certificate</code> controls whether a client verifies the server’s certificate chain and host name. If <code>--no-check-certificate</code> is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.</p>
<p>This option defaults to <code>false</code>.</p>
<p><strong>This should be used only for testing.</strong></p>
<p>Your configuration file contains information for logging in to your cloud services. This means that you should keep your <code>.rclone.conf</code> file in a secure location.</p>
<p>If you are in an environment where that isn’t possible, you can add a password to your configuration. This means that you will have to enter the password every time you start rclone.</p>
<p>Your configuration is now encrypted, and every time you start rclone you will now be asked for the password. In the same menu, you can change the password or completely remove encryption from your configuration.</p>
<p>rclone uses <ahref="https://godoc.org/golang.org/x/crypto/nacl/secretbox">nacl secretbox</a> which in turn uses XSalsa20 and Poly1305 to encrypt and authenticate your configuration with secret-key cryptography. The password is SHA-256 hashed, which produces the key for secretbox. The hashed password is not stored.</p>
<p>While this provides very good security, we do not recommend storing your encrypted rclone configuration in public if it contains sensitive information, maybe except if you use a very strong password.</p>
<p>If it is safe in your environment, you can set the <code>RCLONE_CONFIG_PASS</code> environment variable to contain your password, in which case it will be used for decrypting the configuration.</p>
<p>Then source the file when you want to use it. From the shell you would do <code>source set-rclone-password</code>. It will then ask you for the password and set it in the environment variable.</p>
<p>If you are running rclone inside a script, you might want to disable password prompts. To do that, pass the parameter <code>--ask-password=false</code> to rclone. This will make rclone fail instead of asking for a password if <code>RCLONE_CONFIG_PASS</code> doesn’t contain a valid password.</p>
<p>These options are useful when developing or debugging rclone. There are also some more remote specific options which aren’t documented here which are used for testing. These start with remote name eg <code>--drive-test-option</code> - see the docs for the remote in question.</p>
<p>Dump HTTP headers with <code>Authorization:</code> lines removed. May still contain sensitive info. Can be very verbose. Useful for debugging only.</p>
<p>Use <code>--dump auth</code> if you do want the <code>Authorization:</code> headers.</p>
<p>Dump HTTP headers - will contain sensitive info such as <code>Authorization:</code> headers - use <code>--dump headers</code> to dump without <code>Authorization:</code> headers. Can be very verbose. Useful for debugging only.</p>
<p>This dumps a list of the open files at the end of the command. It uses the <code>lsof</code> command to do that so you’ll need that installed to use it.</p>
<p>By default, rclone logs to standard error. This means you can redirect standard error and still see the normal output of rclone commands (eg <code>rclone ls</code>).</p>
<p>By default, rclone will produce <code>Error</code> and <code>Notice</code> level messages.</p>
<p>If you use the <code>-v</code> flag, rclone will produce <code>Error</code>, <code>Notice</code> and <code>Info</code> messages.</p>
<p>If you use the <code>-vv</code> flag, rclone will produce <code>Error</code>, <code>Notice</code>, <code>Info</code> and <code>Debug</code> messages.</p>
<p>You can also control the log levels with the <code>--log-level</code> flag.</p>
<p>If you use the <code>--log-file=FILE</code> option, rclone will redirect <code>Error</code>, <code>Info</code> and <code>Debug</code> messages along with standard error to FILE.</p>
<p>If you use the <code>--syslog</code> flag then rclone will log to syslog and the <code>--syslog-facility</code> control which facility it uses.</p>
<p>Rclone prefixes all log messages with their level in capitals, eg INFO which makes it easy to grep the log file for different kinds of information.</p>
<p>If any errors occur during the command execution, rclone will exit with a non-zero exit code. This allows scripts to detect when rclone operations have failed.</p>
<p>During the startup phase, rclone will exit immediately if an error is detected in the configuration. There will always be a log message immediately before exiting.</p>
<p>When rclone is running it will accumulate errors as it goes along, and only exit with a non-zero exit code if (after retries) there were still failed transfers. For every error counted there will be a high priority log message (visible with <code>-q</code>) showing the message and which file caused the problem. A high priority message is also shown when starting a retry so the user can see that any previous error messages may not be valid after the retry. If rclone has done a retry it will log a high priority message if the retry was successful.</p>
<p>To find the name of the environment variable, first, take the long option name, strip the leading <code>--</code>, change <code>-</code> to <code>_</code>, make upper case and prepend <code>RCLONE_</code>.</p>
<p>For example, to always set <code>--stats 5s</code>, set the environment variable <code>RCLONE_STATS=5s</code>. If you set stats on the command line this will override the environment variable setting.</p>
<p>Or to always use the trash in drive <code>--drive-use-trash</code>, set <code>RCLONE_DRIVE_USE_TRASH=true</code>.</p>
<p>The same parser is used for the options and the environment variables so they take exactly the same form.</p>
<h3id="config-file">Config file</h3>
<p>You can set defaults for values in the config file on an individual remote basis. If you want to use this feature, you will need to discover the name of the config items that you want. The easiest way is to run through <code>rclone config</code> by hand, then look in the config file to see what the values are (the config file can be found by looking at the help for <code>--config</code> in <code>rclone help</code>).</p>
<p>To find the name of the environment variable, you need to set, take <code>RCLONE_CONFIG_</code> + name of remote + <code>_</code> + name of config file option and make it all uppercase.</p>
<h1id="configuring-rclone-on-a-remote-headless-machine">Configuring rclone on a remote / headless machine</h1>
<p>Some of the configurations (those involving oauth2) require an Internet connected web browser.</p>
<p>If you are trying to set rclone up on a remote or headless box with no browser available on it (eg a NAS or a server in a datacenter) then you will need to use an alternative means of configuration. There are two ways of doing it, described below.</p>
<h2id="configuring-using-rclone-authorize">Configuring using rclone authorize</h2>
<p>On the headless box</p>
<pre><code>...
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> n
For this to work, you will need rclone available on a machine that has a web browser available.
<p>Find the config file by running <code>rclone config file</code>, for example</p>
<pre><code>$ rclone config file
Configuration file is stored at:
/home/user/.rclone.conf</code></pre>
<p>Now transfer it to the remote box (scp, cut paste, ftp, sftp etc) and place it in the correct place (use <code>rclone config file</code> on the remote box to find out where).</p>
<h1id="filtering-includes-and-excludes">Filtering, includes and excludes</h1>
<p>Rclone has a sophisticated set of include and exclude rules. Some of these are based on patterns and some on other things like file size.</p>
<p>The filters are applied for the <code>copy</code>, <code>sync</code>, <code>move</code>, <code>ls</code>, <code>lsl</code>, <code>md5sum</code>, <code>sha1sum</code>, <code>size</code>, <code>delete</code> and <code>check</code> operations. Note that <code>purge</code> does not obey the filters.</p>
<p>Each path as it passes through rclone is matched against the include and exclude rules like <code>--include</code>, <code>--exclude</code>, <code>--include-from</code>, <code>--exclude-from</code>, <code>--filter</code>, or <code>--filter-from</code>. The simplest way to try them out is using the <code>ls</code> command, or <code>--dry-run</code> together with <code>-v</code>.</p>
<p>The patterns used to match files for inclusion or exclusion are based on “file globs” as used by the unix shell.</p>
<p>If the pattern starts with a <code>/</code> then it only matches at the top level of the directory tree, <strong>relative to the root of the remote</strong> (not necessarily the root of the local drive). If it doesn’t start with <code>/</code> then it is matched starting at the <strong>end of the path</strong>, but it will only match a complete path element:</p>
<p>A <code>[</code> and <code>]</code> together make a character class, such as <code>[a-z]</code> or <code>[aeiou]</code> or <code>[[:alpha:]]</code>. See the <ahref="https://golang.org/pkg/regexp/syntax/">go regexp docs</a> for more info on these.</p>
<p>A <code>{</code> and <code>}</code> define a choice between elements. It should contain a comma separated list of patterns, any of which might match. These patterns can contain wildcards.</p>
<p>Note also that rclone filter globs can only be used in one of the filter command line flags, not in the specification of the remote, so <code>rclone copy "remote:dir*.jpg" /path/to/dir</code> won’t work - what is required is <code>rclone --include "*.jpg" copy remote:dir /path/to/dir</code></p>
<p>Directory matches are <strong>only</strong> used to optimise directory access patterns - you must still match the files that you want to match. Directory matches won’t optimise anything on bucket based remotes (eg s3, swift, google compute storage, b2) which don’t have a concept of directory.</p>
<p>Rclone maintains a combined list of include rules and exclude rules.</p>
<p>Each file is matched in order, starting from the top, against the rule in the list until it finds a match. The file is then included or excluded according to the rule type.</p>
<p>If the matcher fails to find a match after testing against all the entries in the list then the path is included.</p>
<p>A similar process is done on directory entries before recursing into them. This only works on remotes which have a concept of directory (Eg local, google drive, onedrive, amazon drive) and not on bucket based remotes (eg s3, swift, google compute storage, b2).</p>
<p><strong>Important</strong> You should not use <code>--include*</code> together with <code>--exclude*</code>. It may produce different results than you expected. In that case try to use: <code>--filter*</code>.</p>
<p>Note that all the options of the same type are processed together in the order above, regardless of what order they were placed on the command line.</p>
<p>So all <code>--include</code> options are processed first in the order they appeared on the command line, then all <code>--include-from</code> options etc.</p>
<p>To mix up the order includes and excludes, the <code>--filter</code> flag can be used.</p>
<p>Prepare a file like this <code>exclude-file.txt</code></p>
<pre><code># a sample exclude rule file
*.bak
file2.jpg</code></pre>
<p>Then use as <code>--exclude-from exclude-file.txt</code>. This will sync all files except those ending in <code>bak</code> and <code>file2.jpg</code>.</p>
<p>This is useful if you have a lot of rules.</p>
<h3id="include---include-files-matching-pattern"><code>--include</code> - Include files matching pattern</h3>
<p>Add a single include rule with <code>--include</code>.</p>
<p>This adds an implicit <code>--exclude *</code> at the very end of the filter list. This means you can mix <code>--include</code> and <code>--include-from</code> with the other filters (eg <code>--exclude</code>) but you must include all the files you want in the include statement. If this doesn’t provide enough flexibility then you must use <code>--filter-from</code>.</p>
<p>Prepare a file like this <code>include-file.txt</code></p>
<pre><code># a sample include rule file
*.jpg
*.png
file2.avi</code></pre>
<p>Then use as <code>--include-from include-file.txt</code>. This will sync all <code>jpg</code>, <code>png</code> files and <code>file2.avi</code>.</p>
<p>This adds an implicit <code>--exclude *</code> at the very end of the filter list. This means you can mix <code>--include</code> and <code>--include-from</code> with the other filters (eg <code>--exclude</code>) but you must include all the files you want in the include statement. If this doesn’t provide enough flexibility then you must use <code>--filter-from</code>.</p>
<h3id="filter---add-a-file-filtering-rule"><code>--filter</code> - Add a file-filtering rule</h3>
<p>This can be used to add a single include or exclude rule. Include rules start with <code>+</code> and exclude rules start with <code>-</code>. A special rule called <code>!</code> can be used to clear the existing rules.</p>
<p>This example will include all <code>jpg</code> and <code>png</code> files, exclude any files matching <code>secret*.jpg</code> and include <code>file2.avi</code>. It will also include everything in the directory <code>dir</code> at the root of the sync, except <code>dir/Trash</code> which it will exclude. Everything else will be excluded from the sync.</p>
<p>This reads a list of file names from the file passed in and <strong>only</strong> these files are transferred. The <strong>filtering rules are ignored</strong> completely if you use this option.</p>
<p>Rclone will traverse the file system if you use <code>--files-from</code>, effectively using the files in <code>--files-from</code> as a set of filters. Rclone will not error if any of the files are missing.</p>
<p>If you use <code>--no-traverse</code> as well as <code>--files-from</code> then rclone will not traverse the destination file system, it will find each file individually using approximately 1 API call. This can be more efficient for small lists of files.</p>
<p>Paths within the <code>--files-from</code> file will be interpreted as starting with the root specified in the command. Leading <code>/</code> characters are ignored.</p>
<p>For example, suppose you had <code>files-from.txt</code> with this content:</p>
<p>To copy these you’d find a common subdirectory - in this case <code>/home</code> and put the remaining files in <code>files-from.txt</code> with or without leading <code>/</code>, eg</p>
<p>This option controls the minimum size file which will be transferred. This defaults to <code>kBytes</code> but a suffix of <code>k</code>, <code>M</code>, or <code>G</code> can be used.</p>
<p>For example <code>--min-size 50k</code> means no files smaller than 50kByte will be transferred.</p>
<p>This option controls the maximum size file which will be transferred. This defaults to <code>kBytes</code> but a suffix of <code>k</code>, <code>M</code>, or <code>G</code> can be used.</p>
<p>For example <code>--max-size 1G</code> means no files larger than 1GByte will be transferred.</p>
<h3id="ignore-case---make-searches-case-insensitive"><code>--ignore-case</code> - make searches case insensitive</h3>
<p>Normally filter patterns are case sensitive. If this flag is supplied then filter patterns become case insensitive.</p>
<p>Normally a <code>--include "file.txt"</code> will not match a file called <code>FILE.txt</code>. However if you use the <code>--ignore-case</code> flag then <code>--include "file.txt"</code> this will match a file called <code>FILE.txt</code>.</p>
<h2id="exclude-directory-based-on-a-file">Exclude directory based on a file</h2>
<p>It is possible to exclude a directory based on a file, which is present in this directory. Filename should be specified using the <code>--exclude-if-present</code> flag. This flag has a priority over the other filtering flags.</p>
<p>Imagine, you have the following directory structure:</p>
<pre><code>dir1/file1
dir1/dir2/file2
dir1/dir2/dir3/file3
dir1/dir2/dir3/.ignore</code></pre>
<p>You can exclude <code>dir3</code> from sync by running the following command:</p>
<p>Rclone can serve a web based GUI (graphical user interface). This is somewhat experimental at the moment so things may be subject to change.</p>
<p>Run this command in a terminal and rclone will download and then display the GUI in a web browser.</p>
<pre><code>rclone rcd --rc-web-gui</code></pre>
<p>This will produce logs like this and rclone needs to continue to run to serve the GUI:</p>
<pre><code>2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
<p>Enable the serving of remote objects via the HTTP interface. This means objects will be accessible at http://127.0.0.1:5572/ by default, so you can browse to http://127.0.0.1:5572/ or http://127.0.0.1:5572/* to see a listing of the remotes. Objects may be requested from remotes using this syntax http://127.0.0.1:5572/[remote:path]/path/to/object</p>
<p>Path to local files to serve on the HTTP server.</p>
<p>If this is set then rclone will serve the files in that directory. It will also open the root in the web browser if specified. This is for implementing browser based GUIs for rclone functions.</p>
<p>If <code>--rc-user</code> or <code>--rc-pass</code> is set then the URL that is opened will have the authorization in the URL in the <code>http://user:pass@localhost/</code> style.</p>
<p>By default rclone will require authorisation to have been set up on the rc interface in order to use any methods which access any rclone remotes. Eg <code>operations/list</code> is denied as it involved creating a remote as is <code>sync/copy</code>.</p>
<p>If this is set then no authorisation will be required on the server to use these methods. The alternative is to use <code>--rc-user</code> and <code>--rc-pass</code> and use these credentials in the request.</p>
<p>The rc interface supports some special parameters which apply to <strong>all</strong> commands. These start with <code>_</code> to show they are different.</p>
<h3id="running-asynchronous-jobs-with-_async-true">Running asynchronous jobs with _async = true</h3>
<p>Each rc call is classified as a job and it is assigned its own id. By default jobs are executed immediately as they are created or synchronously.</p>
<p>If <code>_async</code> has a true value when supplied to an rc call then it will return immediately with a job id and the task will be run in the background. The <code>job/status</code> call can be used to get information of the background job. The job can be queried for up to 1 minute after it has finished.</p>
<p>It is recommended that potentially long running jobs, eg <code>sync/sync</code>, <code>sync/copy</code>, <code>sync/move</code>, <code>operations/purge</code> are run with the <code>_async</code> flag to avoid any potential problems with the HTTP request and response timing out.</p>
<p>Starting a job with the <code>_async</code> flag:</p>
<p>Query the status to see if the job has finished. For more information on the meaning of these return parameters see the <code>job/status</code> call.</p>
<h3id="assigning-operations-to-groups-with-_group">Assigning operations to groups with _group = <value></h3>
<p>Each rc call has it’s own stats group for tracking it’s metrics. By default grouping is done by the composite group name from prefix <code>job/</code> and id of the job like so <code>job/1</code>.</p>
<p>If <code>_group</code> has a value then stats for that request will be grouped under that value. This allows caller to group stats under their own name.</p>
<p>Stats for specific group can be accessed by passing <code>group</code> to <code>core/stats</code>:</p>
<p>Purge a remote from the cache backend. Supports either a directory or a file. Params: - remote = path to remote (required) - withData = true/false to delete cached data (chunks) as well (optional)</p>
<p>Ensure the specified file chunks are cached on disk.</p>
<p>The chunks= parameter specifies the file chunks to check. It takes a comma separated list of array slice indices. The slice indices are similar to Python slices: start[:end]</p>
<p>start is the 0 based chunk number from the beginning of the file to fetch inclusive. end is 0 based chunk number from the beginning of the file to fetch exclusive. Both values can be negative, in which case they count from the back of the file. The value “-5:” represents the last 5 chunks of a file.</p>
<p>Some valid examples are: “:5,-5:” -> the first and last five chunks “0,-2” -> the first and the second last chunk “0:10” -> the first ten chunks</p>
<p>Any parameter with a key that starts with “file” can be used to specify files to fetch, eg</p>
<h3id="configlistremotes-lists-the-remotes-in-the-config-file.-configlistremotes">config/listremotes: Lists the remotes in the config file. {#config/listremotes}</h3>
<h3id="configproviders-shows-how-providers-are-configured-in-the-config-file.-configproviders">config/providers: Shows how providers are configured in the config file. {#config/providers}</h3>
<p>This tells the go runtime to do a garbage collection run. It isn’t necessary to call this normally, but it can be useful for debugging memory problems.</p>
<h3id="corememstats-returns-the-memory-statistics-corememstats">core/memstats: Returns the memory statistics {#core/memstats}</h3>
<p>This returns the memory statistics of the running program. What the values mean are explained in the go docs: https://golang.org/pkg/runtime/#MemStats</p>
<p>The most interesting values for most people are:</p>
<ul>
<li>HeapAlloc: This is the amount of memory rclone is actually using</li>
<li>HeapSys: This is the amount of memory rclone has obtained from the OS</li>
<li>Sys: this is the total amount of memory requested from the OS
<ul>
<li>It is virtual memory so may include unused memory</li>
</ul></li>
</ul>
<h3id="coreobscure-obscures-a-string-passed-in.-coreobscure">core/obscure: Obscures a string passed in. {#core/obscure}</h3>
<p>Pass a clear string and rclone will obscure it for the config file: - clear - string</p>
<p>Returns - obscured - string</p>
<h3id="corepid-return-pid-of-current-process-corepid">core/pid: Return PID of current process {#core/pid}</h3>
<p>This returns PID of current process. Useful for stopping rclone process.</p>
<h3id="corequit-terminates-the-app.-corequit">core/quit: Terminates the app. {#core/quit}</h3>
<p>(optional) Pass an exit code to be used for terminating the app: - exitCode - int</p>
<h3id="corestats-returns-stats-about-current-transfers.-corestats">core/stats: Returns stats about current transfers. {#core/stats}</h3>
<p>This returns all available stats:</p>
<pre><code>rclone rc core/stats</code></pre>
<p>If group is not provided then summed up stats for all groups will be returned.</p>
<p>Parameters - group - name of the stats group (string)</p>
<p>Returns the following values:</p>
<pre><code>{
"speed": average speed in bytes/sec since start of the process,
"bytes": total transferred bytes since the start of the process,
"errors": number of errors,
"fatalError": whether there has been at least one FatalError,
"retryError": whether there has been at least one non-NoRetryError,
"checks": number of checked files,
"transfers": number of transferred files,
"deletes" : number of deleted files,
"elapsedTime": time in seconds since the start of the process,
"lastError": last occurred error,
"transferring": an array of currently active file transfers:
[
{
"bytes": total transferred bytes for this file,
"eta": estimated time in seconds until file transfer completion
"name": name of the file,
"percentage": progress of the file transfer in percent,
"speed": speed in bytes/sec,
"speedAvg": speed in bytes/sec as an exponentially weighted moving average,
"size": size of the file in bytes
}
],
"checking": an array of names of currently active file checks
[]
}</code></pre>
<p>Values for “transferring”, “checking” and “lastError” are only assigned if data is available. The value for “eta” is null if an eta cannot be determined.</p>
<p>{ “transferred”: an array of completed transfers (including failed ones): [ { “name”: name of the file, “size”: size of the file in bytes, “bytes”: total transferred bytes for this file, “checked”: if the transfer is only checked (skipped, deleted), “timestamp”: integer representing millisecond unix epoch, “error”: string description of the error (empty if successfull), “jobid”: id of the job that this transfer belongs to } ] }</p>
<pre><code>
### core/version: Shows the current version of rclone and the go runtime. {#core/version}
Note that curl doesn't return errors to the shell unless you use the `-f` option
</code></pre>
<p>$ curl -f -X POST ‘http://localhost:5572/rc/error?potato=1&sausage=2’ curl: (22) The requested URL returned error: 400 Bad Request $ echo $? 22</p>
| 1Fichier | No | No | No | No | No | No | No | No | No | Yes |
| Amazon Drive | Yes | No | Yes | Yes | No [#575](https://github.com/rclone/rclone/issues/575) | No | No | No [#2178](https://github.com/rclone/rclone/issues/2178) | No | Yes |
| Amazon S3 | No | Yes | No | No | No | Yes | Yes | No [#2178](https://github.com/rclone/rclone/issues/2178) | No | No |
| Backblaze B2 | No | Yes | No | No | Yes | Yes | Yes | Yes | No | No |
| Box | Yes | Yes | Yes | Yes | No [#575](https://github.com/rclone/rclone/issues/575) | No | Yes | Yes | No | Yes |
| Citrix ShareFile | Yes | Yes | Yes | Yes | No | No | Yes | No | No | Yes |
| The local filesystem | Yes | No | Yes | Yes | No | No | Yes | No | Yes | Yes |
### Purge ###
This deletes a directory quicker than just deleting all the files in
the directory.
† Note Swift and Hubic implement this in order to delete directory
markers but they don't actually have a quicker way of deleting files
other than deleting them individually.
‡ StreamUpload is not supported with Nextcloud
### Copy ###
Used when copying an object to and from the same remote. This known
as a server side copy so you can copy a file without downloading it
and uploading it again. It is used if you use `rclone copy` or
`rclone move` if the remote doesn't support `Move` directly.
If the server doesn't support `Copy` directly then for copy operations
the file is downloaded then re-uploaded.
### Move ###
Used when moving/renaming an object on the same remote. This is known
as a server side move of a file. This is used in `rclone move` if the
server doesn't support `DirMove`.
If the server isn't capable of `Move` then rclone simulates it with
`Copy` then delete. If the server doesn't support `Copy` then rclone
will download the file and re-upload it.
### DirMove ###
This is used to implement `rclone move` to move a directory if
possible. If it isn't then it will use `Move` on each file (which
falls back to `Copy` then download and upload - see `Move` section).
### CleanUp ###
This is used for emptying the trash for a remote by `rclone cleanup`.
If the server can't do `CleanUp` then `rclone cleanup` will return an
error.
### ListR ###
The remote supports a recursive list to list all the contents beneath
a directory quickly. This enables the `--fast-list` flag to work.
See the [rclone docs](/docs/#fast-list) for more details.
### StreamUpload ###
Some remotes allow files to be uploaded without knowing the file size
in advance. This allows certain operations to work without spooling the
file to local disk first, e.g. `rclone rcat`.
### LinkSharing ###
Sets the necessary permissions on a file or folder and prints a link
that allows others to access them, even if they don't have an account
on the particular cloud provider.
### About ###
This is used to fetch quota information from the remote, like bytes
used/free/quota and bytes used in the trash.
This is also used to return the space used, available for `rclone mount`.
If the server can't do `About` then `rclone about` will return an
error.
### EmptyDir ###
The remote supports empty directories. See [Limitations](/bugs/#limitations)
for details. Most Object/Bucket based remotes do not support this.
# Global Flags
This describes the global flags available to every rclone command
split into two groups, non backend and backend flags.
## Non Backend Flags
These flags are available for every command.
</code></pre>
<pre><code> --ask-password Allow prompt for password for encrypted configuration. (default true)
--auto-confirm If enabled, do not request console confirmation.
--backup-dir string Make backups into hierarchy based in DIR.
--bind string Local address to bind to for outgoing connections, IPv4, IPv6 or name.
--buffer-size SizeSuffix In memory buffer size when reading files for each --transfer. (default 16M)
--bwlimit BwTimetable Bandwidth limit in kBytes/s, or use suffix b|k|M|G or a full timetable.
--ca-cert string CA certificate used to verify servers
--cache-dir string Directory rclone will use for caching. (default "$HOME/.cache/rclone")
--checkers int Number of checkers to run in parallel. (default 8)</code></pre>
<p>-c, –checksum Skip based on checksum (if available) & size, not mod-time & size –client-cert string Client SSL certificate (PEM) for mutual TLS auth –client-key string Client SSL private key (PEM) for mutual TLS auth –compare-dest string use DIR to server side copy flies from. –config string Config file. (default “$HOME/.config/rclone/rclone.conf”) –contimeout duration Connect timeout (default 1m0s) –copy-dest string Compare dest to DIR also. –cpuprofile string Write cpu profile to file –delete-after When synchronizing, delete files on destination after transferring (default) –delete-before When synchronizing, delete files on destination before transferring –delete-during When synchronizing, delete files during transfer –delete-excluded Delete files on dest excluded from sync –disable string Disable a comma separated list of features. Use help to see a list. -n, –dry-run Do a trial run with no permanent changes –dump DumpFlags List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles –dump-bodies Dump HTTP headers and bodies - may contain sensitive info –dump-headers Dump HTTP headers - may contain sensitive info –exclude stringArray Exclude files matching pattern –exclude-from stringArray Read exclude patterns from file –exclude-if-present string Exclude directories if filename is present –fast-list Use recursive list if available. Uses more memory but fewer transactions. –files-from stringArray Read list of source-file names from file -f, –filter stringArray Add a file-filtering rule –filter-from stringArray Read filtering patterns from a file –ignore-case Ignore case in filters (case insensitive) –ignore-case-sync Ignore case when synchronizing –ignore-checksum Skip post copy check of checksums. –ignore-errors delete even if there are I/O errors –ignore-existing Skip all files that exist on destination –ignore-size Ignore size when skipping use mod-time or checksum. -I, –ignore-times Don’t skip files that match size and time - transfer all files –immutable Do not modify files. Fail if existing files have been modified. –include stringArray Include files matching pattern –include-from stringArray Read include patterns from file –log-file string Log everything to this file –log-format string Comma separated list of log format options (default “date,time”) –log-level string Log level DEBUG|INFO|NOTICE|ERROR (default “NOTICE”) –low-level-retries int Number of low level retries to do. (default 10) –max-age Duration Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off) –max-backlog int Maximum number of objects in sync or check backlog. (default 10000) –max-delete int When synchronizing, limit the number of deletes (default -1) –max-depth int If set limits the recursion depth to this. (default -1) –max-size SizeSuffix Only transfer files smaller than this in k or suffix b|k|M|G (default off) –max-stats-groups int Maximum number of stats groups to keep in memory. On max oldest is discarded. (default 1000) –max-transfer SizeSuffix Maximum size of data to transfer. (default off) –memprofile string Write memory profile to file –min-age Duration Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off) –min-size SizeSuffix Only transfer files bigger than this in k or suffix b|k|M|G (default off) –modify-window duration Max time diff to be considered the same (default 1ns) –multi-thread-cutoff SizeSuffix Use multi-thread downloads for files above this size. (default 250M) –multi-thread-streams int Max number of streams to use for multi-thread downloads. (default 4) –no-check-certificate Do not verify the server SSL certificate. Insecure. –no-gzip-encoding Don’t set Accept-Encoding: gzip. –no-traverse Don’t traverse destination file system on copy. –no-update-modtime Don’t update destination mod-time if files identical. -P, –progress Show progress during transfer. -q, –quiet Print as little stuff
<pre><code>
## Backend Flags
These flags are available for every command. They control the backends
and may be set in the config file.
</code></pre>
<pre><code> --acd-auth-url string Auth server URL.
--box-commit-retries int Max number of times to try committing a multipart file. (default 100)
--box-upload-cutoff SizeSuffix Cutoff for switching to multipart upload (>= 50MB). (default 50M)
--cache-chunk-clean-interval Duration How often should the cache perform cleanups of the chunk storage. (default 1m0s)
--cache-chunk-no-memory Disable the in-memory cache for storing chunks during streaming.
--cache-chunk-path string Directory to cache chunk files. (default "$HOME/.cache/rclone/cache-backend")
--cache-chunk-size SizeSuffix The size of a chunk (partial file data). (default 5M)
--cache-chunk-total-size SizeSuffix The total size that the chunks can take up on the local disk. (default 10G)
--cache-db-path string Directory to store file structure metadata DB. (default "$HOME/.cache/rclone/cache-backend")
--cache-db-purge Clear all the cached data for this remote on start.
--cache-db-wait-time Duration How long to wait for the DB to be available - 0 is unlimited (default 1s)
--cache-info-age Duration How long to cache file structure information (directory listings, file size, times etc). (default 6h0m0s)
--cache-plex-insecure string Skip all certificate verifications when connecting to the Plex server
--cache-plex-password string The password of the Plex user
--cache-plex-url string The URL of the Plex server
--cache-plex-username string The username of the Plex user
--cache-read-retries int How many times to retry a read from a cache storage. (default 10)
--cache-remote string Remote to cache.
--cache-rps int Limits the number of requests per second to the source FS (-1 to disable) (default -1)
--cache-tmp-upload-path string Directory to keep temporary files until they are uploaded.
--cache-tmp-wait-time Duration How long should files be stored in local cache before being uploaded (default 15s)
--cache-workers int How many workers should run in parallel to download chunks. (default 4)
--cache-writes Cache file data on writes through the FS
--chunker-chunk-size SizeSuffix Files larger than chunk size will be split in chunks. (default 2G)
--chunker-fail-hard Choose how chunker should handle files with missing or invalid chunks.
--chunker-hash-type string Choose how chunker handles hash sums. All modes but "none" require metadata. (default "md5")
--chunker-meta-format string Format of the metadata object or "none". By default "simplejson". (default "simplejson")
--chunker-name-format string String format of chunk file names. (default "*.rclone_chunk.###")
--chunker-remote string Remote to chunk/unchunk.
--chunker-start-from int Minimum valid chunk number. Usually 0 or 1. (default 1)</code></pre>
<p>-L, –copy-links Follow symlinks and copy the pointed to item. –crypt-directory-name-encryption Option to either encrypt directory names or leave them intact. (default true) –crypt-filename-encryption string How to encrypt the filenames. (default “standard”) –crypt-password string Password or pass phrase for encryption. –crypt-password2 string Password or pass phrase for salt. Optional but recommended. –crypt-remote string Remote to encrypt/decrypt. –crypt-show-mapping For all files listed show how the names encrypt. –drive-acknowledge-abuse Set to allow files which return cannotDownloadAbusiveFile to be downloaded. –drive-allow-import-name-change Allow the filetype to change when uploading Google docs (e.g. file.doc to file.docx). This will confuse sync and reupload every time. –drive-alternate-export Use alternate export URLs for google documents export., –drive-auth-owner-only Only consider files owned by the authenticated user. –drive-chunk-size SizeSuffix Upload chunk size. Must a power of 2 >= 256k. (default 8M) –drive-client-id string Google Application Client Id –drive-client-secret string Google Application Client Secret –drive-disable-http2 Disable drive using http2 (default true) –drive-export-formats string Comma separated list of preferred formats for downloading Google docs. (default “docx,xlsx,pptx,svg”) –drive-formats string Deprecated: see export_formats –drive-impersonate string Impersonate this user when using a service account. –drive-import-formats string Comma separated list of preferred formats for uploading Google docs. –drive-keep-revision-forever Keep new head revision of each file forever. –drive-list-chunk int Size of listing chunk 100-1000. 0 to disable. (default 1000) –drive-pacer-burst int Number of API calls to allow without sleeping. (default 100) –drive-pacer-min-sleep Duration Minimum time to sleep between API calls. (default 100ms) –drive-root-folder-id string ID of the root folder –drive-scope string Scope that rclone should use when requesting access from drive. –drive-server-side-across-configs Allow server side operations (eg copy) to work across different drive configs. –drive-service-account-credentials string Service Account Credentials JSON blob –drive-service-account-file string Service Account Credentials JSON file path –drive-shared-with-me Only show files that are shared with me. –drive-size-as-quota Show storage quota usage for file size. –drive-skip-checksum-gphotos Skip MD5 checksum on Google photos and videos only. –drive-skip-gdocs Skip google documents in all listings. –drive-team-drive string ID of the Team Drive –drive-trashed-only Only show files that are in the trash. –drive-upload-cutoff SizeSuffix Cutoff for switching to chunked upload (default 8M) –drive-use-created-date Use file created date instead of modified date., –drive-use-trash Send files to the trash instead of deleting permanently. (default true) –drive-v2-download-min-size SizeSuffix If Object’s are greater, use drive v2 API to download. (default off) –dropbox-chunk-size SizeSuffix Upload chunk size. (< 150M). (default 48M) –dropbox-client-id string Dropbox App Client Id –dropbox-client-secret string Dropbox App Client Secret –dropbox-impersonate string Impersonate this user when using a business account. –fichier-api-key string Your API Key, get it from https://1fichier.com/console/params.pl –fichier-shared-folder string If you want to download a shared folder, add this parameter –ftp-concurrency int Maximum number of FTP simultaneous connections, 0 for unlimited –ftp-disable-epsv Disable using EPSV even if server advertises support –ftp-host string FTP host to connect to –ftp-no-check-certificate Do not verify the TLS certificate of the server –ftp-pass string FTP password –ftp-port string FTP port, leave blank to use default (21) –ftp-tls Use FTP over TLS (Implicit) –ftp-user string FTP username, leave blank for current username, $USER –gcs-bucket-acl string Access Control
<pre><code>
1Fichier
-----------------------------------------
This is a backend for the [1ficher](https://1fichier.com) cloud
storage service. Note that a Premium subscription is required to use
the API.
Paths are specified as `remote:path`
Paths may be as deep as required, eg `remote:directory/subdirectory`.
The initial setup for 1Fichier involves getting the API key from the website which you
need to do in your browser.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value [snip] XX / 1Fichier ”fichier" [snip] Storage> fichier ** See help for fichier backend at: https://rclone.org/fichier/ **</p>
<p>Your API Key, get it from https://1fichier.com/console/params.pl Enter a string value. Press Enter for the default (""). api_key> example_key</p>
<p>Edit advanced config? (y/n) y) Yes n) No y/n> Remote config ——————– [remote] type = fichier api_key = example_key ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
Once configured you can then use `rclone` like this,
List directories in top level of your 1Fichier account
rclone lsd remote:
List all the files in your 1Fichier account
rclone ls remote:
To copy a local directory to a 1Fichier directory called backup
rclone copy /home/source remote:backup
### Modified time and hashes ###
1Fichier does not support modification times. It supports the Whirlpool hash algorithm.
### Duplicated files ###
1Fichier can have two files with exactly the same name and path (unlike a
normal file system).
Duplicated files cause problems with the syncing and you will see
messages in the log about duplicates.
#### Restricted filename characters
In addition to the [default restricted characters set](/overview/#restricted-characters)
the following characters are also replaced:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| \ | 0x5C | \ |
| < | 0x3C | < |
| > | 0x3E | > |
| " | 0x22 | " |
| $ | 0x24 | $ |
| ` | 0x60 | ` |
| ' | 0x27 | ' |
File names can also not start or end with the following characters.
These only get replaced if they are first or last character in the
name:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/fichier/fichier.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to fichier (1Fichier).
#### --fichier-api-key
Your API Key, get it from https://1fichier.com/console/params.pl
- Config: api_key
- Env Var: RCLONE_FICHIER_API_KEY
- Type: string
- Default: ""
### Advanced Options
Here are the advanced options specific to fichier (1Fichier).
#### --fichier-shared-folder
If you want to download a shared folder, add this parameter
- Config: shared_folder
- Env Var: RCLONE_FICHIER_SHARED_FOLDER
- Type: string
- Default: ""
<!--- autogenerated options stop -->
Alias
-----------------------------------------
The `alias` remote provides a new name for another remote.
Paths may be as deep as required or a local path,
eg `remote:directory/subdirectory` or `/directory/subdirectory`.
During the initial setup with `rclone config` you will specify the target
remote. The target remote can either be a local path or another remote.
Subfolders can be used in target remote. Assume a alias remote named `backup`
with the target `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop`
is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
There will be no special handling of paths containing `..` segments.
Invoking `rclone mkdir backup:../desktop` is exactly the same as invoking
`rclone mkdir mydrive:private/backup/../desktop`.
The empty path is not allowed as a remote. To alias the current directory
use `.` instead.
Here is an example of how to make a alias called `remote` for local folder.
First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Alias for an existing remote “alias” [snip] Storage> alias Remote or path to alias. Can be “myremote:path/to/dir”, “myremote:bucket”, “myremote:” or “/local/path”. remote> /mnt/storage/backup Remote config ——————– [remote] remote = /mnt/storage/backup ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y Current remotes:</p>
<p>Name Type ==== ==== remote alias</p>
<olstart="5"type="a">
<li>Edit existing remote</li>
<li>New remote</li>
<li>Delete remote</li>
<li>Rename remote</li>
<li>Copy remote</li>
<li>Set configuration password</li>
<li>Quit config e/n/d/r/c/s/q> q</li>
</ol>
<pre><code>
Once configured you can then use `rclone` like this,
List directories in top level in `/mnt/storage/backup`
rclone lsd remote:
List all the files in `/mnt/storage/backup`
rclone ls remote:
Copy another local directory to the alias directory called source
rclone copy /home/source remote:source
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/alias/alias.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to alias (Alias for an existing remote).
#### --alias-remote
Remote or path to alias.
Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
- Config: remote
- Env Var: RCLONE_ALIAS_REMOTE
- Type: string
- Default: ""
<!--- autogenerated options stop -->
Amazon Drive
-----------------------------------------
Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage
service run by Amazon for consumers.
## Status
**Important:** rclone supports Amazon Drive only if you have your own
set of API keys. Unfortunately the [Amazon Drive developer
program](https://developer.amazon.com/amazon-drive) is now closed to
new entries so if you don't already have your own set of keys you will
not be able to use rclone with Amazon Drive.
For the history on why rclone no longer has a set of Amazon Drive API
keys see [the forum](https://forum.rclone.org/t/rclone-has-been-banned-from-amazon-drive/2314).
If you happen to know anyone who works at Amazon then please ask them
to re-instate rclone into the Amazon Drive developer program - thanks!
## Setup
The initial setup for Amazon Drive involves getting a token from
Amazon which you need to do in your browser. `rclone config` walks
you through it.
The configuration process for Amazon Drive may involve using an [oauth
proxy](https://github.com/ncw/oauthproxy). This is used to keep the
Amazon credentials out of the source code. The proxy runs in Google's
very secure App Engine environment and doesn't store any credentials
which pass through it.
Since rclone doesn't currently have its own Amazon Drive credentials
so you will either need to have your own `client_id` and
`client_secret` with Amazon Drive, or use a a third party ouath proxy
in which case you will need to enter `client_id`, `client_secret`,
`auth_url` and `token_url`.
Note also if you are not using Amazon's `auth_url` and `token_url`,
(ie you filled in something for those) then if setting up on a remote
machine you can only use the [copying the config method of
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Amazon Drive “amazon cloud drive” [snip] Storage> amazon cloud drive Amazon Application Client Id - required. client_id> your client ID goes here Amazon Application Client Secret - required. client_secret> your client secret goes here Auth server URL - leave blank to use Amazon’s. auth_url> Optional auth URL Token server url - leave blank to use Amazon’s. token_url> Optional token URL Remote config Make sure your Redirect URL is set to “http://127.0.0.1:53682/” in your custom config. Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine y) Yes n) No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code ——————– [remote] client_id = your client ID goes here client_secret = your client secret goes here auth_url = Optional auth URL token_url = Optional token URL token = {“access_token”:“xxxxxxxxxxxxxxxxxxxxxxx”,“token_type”:“bearer”,“refresh_token”:“xxxxxxxxxxxxxxxxxx”,“expiry”:“2015-09-06T16:07:39.658438471+01:00”} ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the
token as returned from Amazon. This only runs from the moment it
opens your browser to the moment you get back the verification
code. This is on `http://127.0.0.1:53682/` and this it may require
you to unblock it temporarily if you are running a host firewall.
Once configured you can then use `rclone` like this,
List directories in top level of your Amazon Drive
rclone lsd remote:
List all the files in your Amazon Drive
rclone ls remote:
To copy a local directory to an Amazon Drive directory called backup
rclone copy /home/source remote:backup
### Modified time and MD5SUMs ###
Amazon Drive doesn't allow modification times to be changed via
the API so these won't be accurate or used for syncing.
It does store MD5SUMs so for a more accurate sync, you can use the
`--checksum` flag.
#### Restricted filename characters
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| NUL | 0x00 | ␀ |
| / | 0x2F | / |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
### Deleting files ###
Any files you delete with rclone will end up in the trash. Amazon
don't provide an API to permanently delete files, nor to empty the
trash, so you will have to do that with one of Amazon's apps or via
the Amazon Drive website. As of November 17, 2016, files are
automatically deleted by Amazon from the trash after 30 days.
### Using with non `.com` Amazon accounts ###
Let's say you usually use `amazon.co.uk`. When you authenticate with
rclone it will take you to an `amazon.com` page to log in. Your
`amazon.co.uk` email and password should work here just fine.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/amazonclouddrive/amazonclouddrive.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to amazon cloud drive (Amazon Drive).
#### --acd-client-id
Amazon Application Client ID.
- Config: client_id
- Env Var: RCLONE_ACD_CLIENT_ID
- Type: string
- Default: ""
#### --acd-client-secret
Amazon Application Client Secret.
- Config: client_secret
- Env Var: RCLONE_ACD_CLIENT_SECRET
- Type: string
- Default: ""
### Advanced Options
Here are the advanced options specific to amazon cloud drive (Amazon Drive).
#### --acd-auth-url
Auth server URL.
Leave blank to use Amazon's.
- Config: auth_url
- Env Var: RCLONE_ACD_AUTH_URL
- Type: string
- Default: ""
#### --acd-token-url
Token server url.
leave blank to use Amazon's.
- Config: token_url
- Env Var: RCLONE_ACD_TOKEN_URL
- Type: string
- Default: ""
#### --acd-checkpoint
Checkpoint for internal polling (debug).
- Config: checkpoint
- Env Var: RCLONE_ACD_CHECKPOINT
- Type: string
- Default: ""
#### --acd-upload-wait-per-gb
Additional time per GB to wait after a failed complete upload to see if it appears.
Sometimes Amazon Drive gives an error when a file has been fully
uploaded but the file appears anyway after a little while. This
happens sometimes for files over 1GB in size and nearly every time for
files bigger than 10GB. This parameter controls the time rclone waits
for the file to appear.
The default value for this parameter is 3 minutes per GB, so by
default it will wait 3 minutes for every GB uploaded to see if the
file appears.
You can disable this feature by setting it to 0. This may cause
conflict errors as rclone retries the failed upload but the file will
most likely appear correctly eventually.
These values were determined empirically by observing lots of uploads
of big files for a range of file sizes.
Upload with the "-v" flag to see more info about what rclone is doing
in this situation.
- Config: upload_wait_per_gb
- Env Var: RCLONE_ACD_UPLOAD_WAIT_PER_GB
- Type: Duration
- Default: 3m0s
#### --acd-templink-threshold
Files >= this size will be downloaded via their tempLink.
Files this size or more will be downloaded via their "tempLink". This
is to work around a problem with Amazon Drive which blocks downloads
of files bigger than about 10GB. The default for this is 9GB which
shouldn't need to be changed.
To download files above this threshold, rclone requests a "tempLink"
which downloads the file through a temporary URL directly from the
underlying S3 storage.
- Config: templink_threshold
- Env Var: RCLONE_ACD_TEMPLINK_THRESHOLD
- Type: SizeSuffix
- Default: 9G
<!--- autogenerated options stop -->
### Limitations ###
Note that Amazon Drive is case insensitive so you can't have a
file called "Hello.doc" and one called "hello.doc".
Amazon Drive has rate limiting so you may notice errors in the
sync (429 errors). rclone will automatically retry the sync up to 3
times by default (see `--retries` flag) which should hopefully work
around this problem.
Amazon Drive has an internal limit of file sizes that can be uploaded
to the service. This limit is not officially published, but all files
larger than this will fail.
At the time of writing (Jan 2016) is in the area of 50GB per file.
This means that larger files are likely to fail.
Unfortunately there is no way for rclone to see that this failure is
because of file size, so it will retry the operation, as any other
failure. To avoid this problem, use `--max-size 50000M` option to limit
the maximum size of uploaded files. Note that `--max-size` does not split
files into segments, it only ignores files over this size.
The S3 backend can be used with a number of different providers:
* AWS S3
* Alibaba Cloud (Aliyun) Object Storage System (OSS)
* Ceph
* DigitalOcean Spaces
* Dreamhost
* IBM COS S3
* Minio
* Wasabi
Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
command.) You may put subdirectories in too, eg `remote:bucket/path/to/dir`.
Once you have made a remote (see the provider specific section above)
you can use it like this:
See all buckets
rclone lsd remote:
Make a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync `/home/local/directory` to the remote bucket, deleting any excess
files in the bucket.
rclone sync /home/local/directory remote:bucket
## AWS S3 {#amazon-s3}
Here is an example of making an s3 configuration. First run
rclone config
This will guide you through an interactive setup process.
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Amazon S3 Compliant Storage Providers (AWS, Ceph, Dreamhost, IBM COS, Minio) “s3” [snip] Storage> s3 Choose your S3 provider. Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 “AWS” 2 / Ceph Object Storage “Ceph” 3 / Digital Ocean Spaces “DigitalOcean” 4 / Dreamhost DreamObjects “Dreamhost” 5 / IBM COS S3 “IBMCOS” 6 / Minio Object Storage “Minio” 7 / Wasabi Object Storage “Wasabi” 8 / Any other S3 compatible provider “Other” provider> 1 Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own value 1 / Enter AWS credentials in the next step “false” 2 / Get AWS credentials from the environment (env vars or IAM) “true” env_auth> 1 AWS Access Key ID - leave blank for anonymous access or runtime credentials. access_key_id> XXX AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials. secret_access_key> YYY Region to connect to. Choose a number from below, or type in your own value / The default endpoint - a good choice if you are unsure. 1 | US Region, Northern Virginia or Pacific Northwest. | Leave location constraint empty. “us-east-1” / US East (Ohio) Region 2 | Needs location constraint us-east-2. “us-east-2” / US West (Oregon) Region 3 | Needs location constraint us-west-2. “us-west-2” / US West (Northern California) Region 4 | Needs location constraint us-west-1. “us-west-1” / Canada (Central) Region 5 | Needs location constraint ca-central-1. “ca-central-1” / EU (Ireland) Region 6 | Needs location constraint EU or eu-west-1. “eu-west-1” / EU (London) Region 7 | Needs location constraint eu-west-2. “eu-west-2” / EU (Frankfurt) Region 8 | Needs location constraint eu-central-1. “eu-central-1” / Asia Pacific (Singapore) Region 9 | Needs location constraint ap-southeast-1. “ap-southeast-1” / Asia Pacific (Sydney) Region 10 | Needs location constraint ap-southeast-2. “ap-southeast-2” / Asia Pacific (Tokyo) Region 11 | Needs location constraint ap-northeast-1. “ap-northeast-1” / Asia Pacific (Seoul) 12 | Needs location constraint ap-northeast-2. “ap-northeast-2” / Asia Pacific (Mumbai) 13 | Needs location constraint ap-south-1. “ap-south-1” / South America (Sao Paulo) Region 14 | Needs location constraint sa-east-1. “sa-east-1” region> 1 Endpoint for S3 API. Leave blank if using AWS to use the default endpoint for the region. endpoint> Location constraint - must be set to match the Region. Used when creating buckets only. Choose a number from below, or type in your own value 1 / Empty for US Region, Northern Virginia or Pacific Northwest. "" 2 / US East (Ohio) Region. “us-east-2” 3 / US West (Oregon) Region. “us-west-2” 4 / US West (Northern California) Region. “us-west-1” 5 / Canada (Central) Region. “ca-central-1” 6 / EU (Ireland) Region. “eu-west-1” 7 / EU (London) Region. “eu-west-2” 8 / EU Region. “EU” 9 / Asia Pacific (Singapore) Region. “ap-southeast-1” 10 / Asia Pacific (Sydney) Region. “ap-southeast-2” 11 / Asia Pacific (Tokyo) Region. “ap-northeast-1” 12 / Asia Pacific (Seoul) “ap-northeast-2” 13 / Asia Pacific (Mumbai) “ap-south-1” 14 / South America (Sao Paulo) Region. “sa-east-1” location_constraint> 1 Canned ACL used when creating buckets and/or storing objects in S3. For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). “private” 2 / Owner gets FULL_
<pre><code>
### --fast-list ###
This remote supports `--fast-list` which allows you to use fewer
transactions in exchange for more memory. See the [rclone
docs](/docs/#fast-list) for more details.
### --update and --use-server-modtime ###
As noted below, the modified time is stored on metadata on the object. It is
used by default for all operations that require checking the time a file was
last updated. It allows rclone to treat the remote more like a true filesystem,
but it is inefficient because it requires an extra API call to retrieve the
metadata.
For many operations, the time the object was last uploaded to the remote is
sufficient to determine if it is "dirty". By using `--update` along with
`--use-server-modtime`, you can avoid the extra API call and simply upload
files whose local modtime is newer than the time it was last uploaded.
### Modified time ###
The modified time is stored as metadata on the object as
`X-Amz-Meta-Mtime` as floating point since the epoch accurate to 1 ns.
If the modification time needs to be updated rclone will attempt to perform a server
side copy to update the modification if the object can be copied in a single part.
In the case the object is larger than 5Gb or is in Glacier or Glacier Deep Archive
storage the object will be uploaded rather than copied.
#### Restricted filename characters
S3 allows any valid UTF-8 string as a key.
Invalid UTF-8 bytes will be [replaced](/overview/#invalid-utf8), as
they can't be used in XML.
The following characters are replaced since these are problematic when
dealing with the REST API:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| NUL | 0x00 | ␀ |
| / | 0x2F | / |
The encoding will also encode these file names as they don't seem to
work with the SDK properly:
| File name | Replacement |
| --------- |:-----------:|
| . | . |
| .. | .. |
### Multipart uploads ###
rclone supports multipart uploads with S3 which means that it can
upload files bigger than 5GB.
Note that files uploaded *both* with multipart upload *and* through
crypt remotes do not have MD5 sums.
rclone switches from single part uploads to multipart uploads at the
point specified by `--s3-upload-cutoff`. This can be a maximum of 5GB
and a minimum of 0 (ie always upload multipart files).
The chunk sizes used in the multipart upload are specified by
`--s3-chunk-size` and the number of chunks uploaded concurrently is
specified by `--s3-upload-concurrency`.
Multipart uploads will use `--transfers` * `--s3-upload-concurrency` *
`--s3-chunk-size` extra memory. Single part uploads to not use extra
memory.
Single part transfers can be faster than multipart transfers or slower
depending on your latency from S3 - the more latency, the more likely
single part transfers will be faster.
Increasing `--s3-upload-concurrency` will increase throughput (8 would
be a sensible value) and increasing `--s3-chunk-size` also increases
throughput (16M would be sensible). Increasing either of these will
use more memory. The default values are high enough to gain most of
the possible performance without using too much memory.
### Buckets and Regions ###
With Amazon S3 you can list buckets (`rclone lsd`) using any region,
but you can only access the content of a bucket from the region it was
created in. If you attempt to access a bucket from the wrong region,
you will get an error, `incorrect region, the bucket is not in 'XXX'
region`.
### Authentication ###
There are a number of ways to supply `rclone` with a set of AWS
credentials, with and without using the environment.
The different authentication methods are tried in this order:
- Directly in the rclone configuration file (`env_auth = false` in the config file):
- `access_key_id` and `secret_access_key` are required.
- `session_token` can be optionally set when using AWS STS.
- Runtime configuration (`env_auth = true` in the config file):
- Export the following environment variables before running `rclone`:
- Access Key ID: `AWS_ACCESS_KEY_ID` or `AWS_ACCESS_KEY`
- Secret Access Key: `AWS_SECRET_ACCESS_KEY` or `AWS_SECRET_KEY`
- Session Token: `AWS_SESSION_TOKEN` (optional)
- Or, use a [named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html):
- Profile files are standard files used by AWS CLI tools
- By default it will use the profile in your home directory (eg `~/.aws/credentials` on unix based systems) file and the "default" profile, to change set these environment variables:
- `AWS_SHARED_CREDENTIALS_FILE` to control which file.
- `AWS_PROFILE` to control which profile to use.
- Or, run `rclone` in an ECS task with an IAM role (AWS only).
- Or, run `rclone` on an EC2 instance with an IAM role (AWS only).
If none of these option actually end up providing `rclone` with AWS
credentials then S3 interaction will be non-authenticated (see below).
### S3 Permissions ###
When using the `sync` subcommand of `rclone` the following minimum
permissions are required to be available on the bucket being written to:
* `ListBucket`
* `DeleteObject`
* `GetObject`
* `PutObject`
* `PutObjectACL`
When using the `lsd` subcommand, the `ListAllMyBuckets` permission is required.
1. This is a policy that can be used when creating bucket. It assumes
that `USER_NAME` has been created.
2. The Resource entry must include both resource ARNs, as one implies
the bucket and the other implies the bucket's objects.
For reference, [here's an Ansible script](https://gist.github.com/ebridges/ebfc9042dd7c756cd101cfa807b7ae2b)
that will generate one or more buckets that will work with `rclone sync`.
### Key Management System (KMS) ###
If you are using server side encryption with KMS then you will find
you can't transfer small objects. As a work-around you can use the
`--ignore-checksum` flag.
A proper fix is being worked on in [issue #1824](https://github.com/rclone/rclone/issues/1824).
### Glacier and Glacier Deep Archive ###
You can upload objects using the glacier storage class or transition them to glacier using a [lifecycle policy](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html).
The bucket can still be synced or copied into normally, but if rclone
tries to access data from the glacier storage class you will see an error like below.
2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
In this case you need to [restore](http://docs.aws.amazon.com/AmazonS3/latest/user-guide/restore-archived-objects.html)
the object(s) in question before using rclone.
Note that rclone only speaks the S3 API it does not speak the Glacier
Vault API, so rclone cannot directly access Glacier Vaults.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/s3/s3.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to s3 (Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)).
#### --s3-provider
Choose your S3 provider.
- Config: provider
- Env Var: RCLONE_S3_PROVIDER
- Type: string
- Default: ""
- Examples:
- "AWS"
- Amazon Web Services (AWS) S3
- "Alibaba"
- Alibaba Cloud Object Storage System (OSS) formerly Aliyun
- "Ceph"
- Ceph Object Storage
- "DigitalOcean"
- Digital Ocean Spaces
- "Dreamhost"
- Dreamhost DreamObjects
- "IBMCOS"
- IBM COS S3
- "Minio"
- Minio Object Storage
- "Netease"
- Netease Object Storage (NOS)
- "Wasabi"
- Wasabi Object Storage
- "Other"
- Any other S3 compatible provider
#### --s3-env-auth
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
- Config: env_auth
- Env Var: RCLONE_S3_ENV_AUTH
- Type: bool
- Default: false
- Examples:
- "false"
- Enter AWS credentials in the next step
- "true"
- Get AWS credentials from the environment (env vars or IAM)
#### --s3-access-key-id
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
- Config: access_key_id
- Env Var: RCLONE_S3_ACCESS_KEY_ID
- Type: string
- Default: ""
#### --s3-secret-access-key
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
- Config: secret_access_key
- Env Var: RCLONE_S3_SECRET_ACCESS_KEY
- Type: string
- Default: ""
#### --s3-region
Region to connect to.
- Config: region
- Env Var: RCLONE_S3_REGION
- Type: string
- Default: ""
- Examples:
- "us-east-1"
- The default endpoint - a good choice if you are unsure.
- US Region, Northern Virginia or Pacific Northwest.
- Leave location constraint empty.
- "us-east-2"
- US East (Ohio) Region
- Needs location constraint us-east-2.
- "us-west-2"
- US West (Oregon) Region
- Needs location constraint us-west-2.
- "us-west-1"
- US West (Northern California) Region
- Needs location constraint us-west-1.
- "ca-central-1"
- Canada (Central) Region
- Needs location constraint ca-central-1.
- "eu-west-1"
- EU (Ireland) Region
- Needs location constraint EU or eu-west-1.
- "eu-west-2"
- EU (London) Region
- Needs location constraint eu-west-2.
- "eu-north-1"
- EU (Stockholm) Region
- Needs location constraint eu-north-1.
- "eu-central-1"
- EU (Frankfurt) Region
- Needs location constraint eu-central-1.
- "ap-southeast-1"
- Asia Pacific (Singapore) Region
- Needs location constraint ap-southeast-1.
- "ap-southeast-2"
- Asia Pacific (Sydney) Region
- Needs location constraint ap-southeast-2.
- "ap-northeast-1"
- Asia Pacific (Tokyo) Region
- Needs location constraint ap-northeast-1.
- "ap-northeast-2"
- Asia Pacific (Seoul)
- Needs location constraint ap-northeast-2.
- "ap-south-1"
- Asia Pacific (Mumbai)
- Needs location constraint ap-south-1.
- "sa-east-1"
- South America (Sao Paulo) Region
- Needs location constraint sa-east-1.
#### --s3-region
Region to connect to.
Leave blank if you are using an S3 clone and you don't have a region.
- Config: region
- Env Var: RCLONE_S3_REGION
- Type: string
- Default: ""
- Examples:
- ""
- Use this if unsure. Will use v4 signatures and an empty region.
- "other-v2-signature"
- Use this only if v4 signatures don't work, eg pre Jewel/v10 CEPH.
#### --s3-endpoint
Endpoint for S3 API.
Leave blank if using AWS to use the default endpoint for the region.
- If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
- "bucket-owner-full-control"
- Both the object owner and the bucket owner get FULL_CONTROL over the object.
- If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
- "private"
- Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
- "public-read"
- Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
- "public-read-write"
- Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
- "authenticated-read"
- Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
#### --s3-server-side-encryption
The server-side encryption algorithm used when storing this object in S3.
- Config: server_side_encryption
- Env Var: RCLONE_S3_SERVER_SIDE_ENCRYPTION
- Type: string
- Default: ""
- Examples:
- ""
- None
- "AES256"
- AES256
- "aws:kms"
- aws:kms
#### --s3-sse-kms-key-id
If using KMS ID you must provide the ARN of Key.
- Config: sse_kms_key_id
- Env Var: RCLONE_S3_SSE_KMS_KEY_ID
- Type: string
- Default: ""
- Examples:
- ""
- None
- "arn:aws:kms:us-east-1:*"
- arn:aws:kms:*
#### --s3-storage-class
The storage class to use when storing new objects in S3.
The storage class to use when storing new objects in OSS.
- Config: storage_class
- Env Var: RCLONE_S3_STORAGE_CLASS
- Type: string
- Default: ""
- Examples:
- ""
- Default
- "STANDARD"
- Standard storage class
- "GLACIER"
- Archive storage mode.
- "STANDARD_IA"
- Infrequent access storage mode.
### Advanced Options
Here are the advanced options specific to s3 (Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc)).
#### --s3-bucket-acl
Canned ACL used when creating buckets.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when only when creating buckets. If it
isn't set then "acl" is used instead.
- Config: bucket_acl
- Env Var: RCLONE_S3_BUCKET_ACL
- Type: string
- Default: ""
- Examples:
- "private"
- Owner gets FULL_CONTROL. No one else has access rights (default).
- "public-read"
- Owner gets FULL_CONTROL. The AllUsers group gets READ access.
- "public-read-write"
- Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
- Granting this on a bucket is generally not recommended.
- "authenticated-read"
- Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
#### --s3-upload-cutoff
Cutoff for switching to chunked upload
Any files larger than this will be uploaded in chunks of chunk_size.
The minimum is 0 and the maximum is 5GB.
- Config: upload_cutoff
- Env Var: RCLONE_S3_UPLOAD_CUTOFF
- Type: SizeSuffix
- Default: 200M
#### --s3-chunk-size
Chunk size to use for uploading.
When uploading files larger than upload_cutoff they will be uploaded
as multipart uploads using this chunk size.
Note that "--s3-upload-concurrency" chunks of this size are buffered
in memory per transfer.
If you are transferring large files over high speed links and you have
enough memory, then increasing this will speed up the transfers.
- Config: chunk_size
- Env Var: RCLONE_S3_CHUNK_SIZE
- Type: SizeSuffix
- Default: 5M
#### --s3-disable-checksum
Don't store MD5 checksum with object metadata
- Config: disable_checksum
- Env Var: RCLONE_S3_DISABLE_CHECKSUM
- Type: bool
- Default: false
#### --s3-session-token
An AWS session token
- Config: session_token
- Env Var: RCLONE_S3_SESSION_TOKEN
- Type: string
- Default: ""
#### --s3-upload-concurrency
Concurrency for multipart uploads.
This is the number of chunks of the same file that are uploaded
concurrently.
If you are uploading small numbers of large file over high speed link
and these uploads do not fully utilize your bandwidth, then increasing
this may help to speed up the transfers.
- Config: upload_concurrency
- Env Var: RCLONE_S3_UPLOAD_CONCURRENCY
- Type: int
- Default: 4
#### --s3-force-path-style
If true use path style access if false use virtual hosted style.
If this is true (the default) then rclone will use path style access,
if false then rclone will use virtual path style. See [the AWS S3
[Spaces](https://www.digitalocean.com/products/object-storage/) is an [S3-interoperable](https://developers.digitalocean.com/documentation/spaces/) object storage service from cloud provider DigitalOcean.
To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "[Applications & API](https://cloud.digitalocean.com/settings/api/tokens)" page of the DigitalOcean control panel. They will be needed when promted by `rclone config` for your `access_key_id` and `secret_access_key`.
When prompted for a `region` or `location_constraint`, press enter to use the default value. The region must be included in the `endpoint` setting (e.g. `nyc3.digitaloceanspaces.com`). The default values can be used for other settings.
Going through the whole process of creating a new remote by running `rclone config`, each prompt should be answered as shown below:
Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)
To configure access to IBM COS S3, follow the steps below:
1. Run rclone config and select n for a new remote.</code></pre>
<pre><code>2018/02/14 14:13:11 NOTICE: Config file "C:\\Users\\a\\.config\\rclone\\rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n</code></pre>
<pre><code>
2. Enter the name for the configuration</code></pre>
<pre><code>name><YOUR NAME></code></pre>
<pre><code>
3. Select "s3" storage.</code></pre>
<p>Choose a number from below, or type in your own value 1 / Alias for an existing remote “alias” 2 / Amazon Drive “amazon cloud drive” 3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, Minio, IBM COS) “s3” 4 / Backblaze B2 “b2” [snip] 23 / http Connection “http” Storage> 3</p>
<pre><code>
4. Select IBM COS as the S3 Storage Provider.</code></pre>
<p>Choose the S3 provider. Choose a number from below, or type in your own value 1 / Choose this option to configure Storage to AWS S3 “AWS” 2 / Choose this option to configure Storage to Ceph Systems “Ceph” 3 / Choose this option to configure Storage to Dreamhost “Dreamhost” 4 / Choose this option to the configure Storage to IBM COS S3 “IBMCOS” 5 / Choose this option to the configure Storage to Minio “Minio” Provider>4</p>
<pre><code>
5. Enter the Access Key and Secret.</code></pre>
<pre><code>AWS Access Key ID - leave blank for anonymous access or runtime credentials.
access_key_id><>
AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
secret_access_key><></code></pre>
<pre><code>
6. Specify the endpoint for IBM COS. For Public IBM COS, choose from the option below. For On Premise IBM COS, enter an enpoint address.</code></pre>
<pre><code>Endpoint for IBM COS S3 API.
Specify if using an IBM COS On Premise.
Choose a number from below, or type in your own value
<p>[snip] 34 / Toronto Single Site Private Endpoint “s3.tor01.objectstorage.service.networklayer.com” endpoint>1</p>
<pre><code>
7. Specify a IBM COS Location Constraint. The location constraint must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter</code></pre>
<pre><code> 1 / US Cross Region Standard
\ "us-standard"
2 / US Cross Region Vault
\ "us-vault"
3 / US Cross Region Cold
\ "us-cold"
4 / US Cross Region Flex
\ "us-flex"
5 / US East Region Standard
\ "us-east-standard"
6 / US East Region Vault
\ "us-east-vault"
7 / US East Region Cold
\ "us-east-cold"
8 / US East Region Flex
\ "us-east-flex"
9 / US South Region Standard
\ "us-south-standard"
10 / US South Region Vault
\ "us-south-vault"</code></pre>
<p>[snip] 32 / Toronto Flex “tor01-flex” location_constraint>1</p>
<pre><code>
9. Specify a canned ACL. IBM Cloud (Strorage) supports "public-read" and "private". IBM Cloud(Infra) supports all the canned ACLs. On-Premise COS supports all the canned ACLs.</code></pre>
<p>Canned ACL used when creating buckets and/or storing objects in S3. For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS “private” 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS “public-read” 3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS “public-read-write” 4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS “authenticated-read” acl> 1</p>
<pre><code>
12. Review the displayed configuration and accept to save the "remote" then quit. The config file should look like this</code></pre>
So once set up, for example to copy files into a bucket
</code></pre>
<p>rclone copy /path/to/files minio:bucket</p>
<pre><code>
### Scaleway {#scaleway}
[Scaleway](https://www.scaleway.com/object-storage/) The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos.
Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.
Scaleway provides an S3 interface which can be configured for use with rclone like this:
[Wasabi](https://wasabi.com) is a cloud-based object storage service for a
broad range of applications and use cases. Wasabi is designed for
individuals and organizations that require a high-performance,
reliable, and secure data storage infrastructure at minimal cost.
Wasabi provides an S3 interface which can be configured for use with
rclone like this.
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password n/s> n name> wasabi Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Amazon S3 (also Dreamhost, Ceph, Minio) “s3” [snip] Storage> s3 Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Choose a number from below, or type in your own value 1 / Enter AWS credentials in the next step “false” 2 / Get AWS credentials from the environment (env vars or IAM) “true” env_auth> 1 AWS Access Key ID - leave blank for anonymous access or runtime credentials. access_key_id> YOURACCESSKEY AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials. secret_access_key> YOURSECRETACCESSKEY Region to connect to. Choose a number from below, or type in your own value / The default endpoint - a good choice if you are unsure. 1 | US Region, Northern Virginia or Pacific Northwest. | Leave location constraint empty. “us-east-1” [snip] region> us-east-1 Endpoint for S3 API. Leave blank if using AWS to use the default endpoint for the region. Specify if using an S3 clone such as Ceph. endpoint> s3.wasabisys.com Location constraint - must be set to match the Region. Used when creating buckets only. Choose a number from below, or type in your own value 1 / Empty for US Region, Northern Virginia or Pacific Northwest. "" [snip] location_constraint> Canned ACL used when creating buckets and/or storing objects in S3. For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). “private” [snip] acl> The server-side encryption algorithm used when storing this object in S3. Choose a number from below, or type in your own value 1 / None "" 2 / AES256 “AES256” server_side_encryption> The storage class to use when storing objects in S3. Choose a number from below, or type in your own value 1 / Default "" 2 / Standard storage class “STANDARD” 3 / Reduced redundancy storage class “REDUCED_REDUNDANCY” 4 / Standard Infrequent Access storage class “STANDARD_IA” storage_class> Remote config ——————– [wasabi] env_auth = false access_key_id = YOURACCESSKEY secret_access_key = YOURSECRETACCESSKEY region = us-east-1 endpoint = s3.wasabisys.com location_constraint = acl = server_side_encryption = storage_class = ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
This will leave the config file looking like this.
Here is an example of making an [Alibaba Cloud (Aliyun) OSS](https://www.alibabacloud.com/product/oss/)
configuration. First run:
rclone config
This will guide you through an interactive setup process.
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> oss Type of storage to configure. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value [snip] 4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, etc) ”s3" [snip] Storage> s3 Choose your S3 provider. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value 1 / Amazon Web Services (AWS) S3 ”AWS" 2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun “Alibaba” 3 / Ceph Object Storage “Ceph” [snip] provider> Alibaba Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank. Enter a boolean value (true or false). Press Enter for the default (“false”). Choose a number from below, or type in your own value 1 / Enter AWS credentials in the next step “false” 2 / Get AWS credentials from the environment (env vars or IAM) “true” env_auth> 1 AWS Access Key ID. Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default ("“). access_key_id> accesskeyid AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials. Enter a string value. Press Enter for the default (”“). secret_access_key> secretaccesskey Endpoint for OSS API. Enter a string value. Press Enter for the default (”“). Choose a number from below, or type in your own value 1 / East China 1 (Hangzhou) ”oss-cn-hangzhou.aliyuncs.com" 2 / East China 2 (Shanghai) “oss-cn-shanghai.aliyuncs.com” 3 / North China 1 (Qingdao) “oss-cn-qingdao.aliyuncs.com” [snip] endpoint> 1 Canned ACL used when creating buckets and storing or copying objects.</p>
<p>Note that this ACL is applied when server side copying objects as S3 doesn’t copy the ACL from the source but rather writes a fresh one. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value 1 / Owner gets FULL_CONTROL. No one else has access rights (default). ”private" 2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. “public-read” / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. [snip] acl> 1 The storage class to use when storing new objects in OSS. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value 1 / Default ”" 2 / Standard storage class “STANDARD” 3 / Archive storage mode. “GLACIER” 4 / Infrequent access storage mode. “STANDARD_IA” storage_class> 1 Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config ——————– [oss] type = s3 provider = Alibaba env_auth = false access_key_id = accesskeyid secret_access_key = secretaccesskey endpoint = oss-cn-hangzhou.aliyuncs.com acl = private storage_class = Standard ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
### Netease NOS ###
For Netease NOS configure as per the configurator `rclone config`
setting the provider `Netease`. This will automatically set
`force_path_style = false` which is necessary for it to run properly.
Backblaze B2
----------------------------------------
B2 is [Backblaze's cloud storage system](https://www.backblaze.com/b2/).
Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
command.) You may put subdirectories in too, eg `remote:bucket/path/to/dir`.
Here is an example of making a b2 configuration. First run
rclone config
This will guide you through an interactive setup process. To authenticate
you will either need your Account ID (a short hex number) and Master
Application Key (a long hex number) OR an Application Key, which is the
recommended method. See below for further details on generating and using
an Application Key.
</code></pre>
<p>No remotes found - make a new one n) New remote q) Quit config n/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Backblaze B2 “b2” [snip] Storage> b2 Account ID or Application Key ID account> 123456789abc Application Key key> 0123456789abcdef0123456789abcdef0123456789 Endpoint for the service - leave blank normally. endpoint> Remote config ——————– [remote] account = 123456789abc key = 0123456789abcdef0123456789abcdef0123456789 endpoint = ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
This remote is called `remote` and can now be used like this
See all buckets
rclone lsd remote:
Create a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync `/home/local/directory` to the remote bucket, deleting any
excess files in the bucket.
rclone sync /home/local/directory remote:bucket
### Application Keys ###
B2 supports multiple [Application Keys for different access permission
to B2 Buckets](https://www.backblaze.com/b2/docs/application_keys.html).
You can use these with rclone too; you will need to use rclone version 1.43
or later.
Follow Backblaze's docs to create an Application Key with the required
permission and add the `applicationKeyId` as the `account` and the
`Application Key` itself as the `key`.
Note that you must put the _applicationKeyId_ as the `account` – you
can't use the master Account ID. If you try then B2 will return 401
errors.
### --fast-list ###
This remote supports `--fast-list` which allows you to use fewer
transactions in exchange for more memory. See the [rclone
docs](/docs/#fast-list) for more details.
### Modified time ###
The modified time is stored as metadata on the object as
`X-Bz-Info-src_last_modified_millis` as milliseconds since 1970-01-01
in the Backblaze standard. Other tools should be able to use this as
a modified time.
Modified times are used in syncing and are fully supported. Note that
if a modification time needs to be updated on an object then it will
create a new version of the object.
#### Restricted filename characters
In addition to the [default restricted characters set](/overview/#restricted-characters)
the following characters are also replaced:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| \ | 0x5C | \ |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
### SHA1 checksums ###
The SHA1 checksums of the files are checked on upload and download and
will be used in the syncing process.
Large files (bigger than the limit in `--b2-upload-cutoff`) which are
uploaded in chunks will store their SHA1 on the object as
`X-Bz-Info-large_file_sha1` as recommended by Backblaze.
For a large file to be uploaded with an SHA1 checksum, the source
needs to support SHA1 checksums. The local disk supports SHA1
checksums so large file transfers from local disk will have an SHA1.
See [the overview](/overview/#features) for exactly which remotes
support SHA1.
Sources which don't support SHA1, in particular `crypt` will upload
large files without SHA1 checksums. This may be fixed in the future
(see [#1767](https://github.com/rclone/rclone/issues/1767)).
Files sizes below `--b2-upload-cutoff` will always have an SHA1
regardless of the source.
### Transfers ###
Backblaze recommends that you do lots of transfers simultaneously for
maximum speed. In tests from my SSD equipped laptop the optimum
setting is about `--transfers 32` though higher numbers may be used
for a slight speed improvement. The optimum number for you may vary
depending on your hardware, how big the files are, how much you want
to load your computer, etc. The default of `--transfers 4` is
definitely too low for Backblaze B2 though.
Note that uploading big files (bigger than 200 MB by default) will use
a 96 MB RAM buffer by default. There can be at most `--transfers` of
these in use at any moment, so this sets the upper limit on the memory
used.
### Versions ###
When rclone uploads a new version of a file it creates a [new version
of it](https://www.backblaze.com/b2/docs/file_versions.html).
Likewise when you delete a file, the old version will be marked hidden
and still be available. Conversely, you may opt in to a "hard delete"
of files with the `--b2-hard-delete` flag which would permanently remove
the file instead of hiding it.
Old versions of files, where available, are visible using the
`--b2-versions` flag.
**NB** Note that `--b2-versions` does not work with crypt at the
moment [#1627](https://github.com/rclone/rclone/issues/1627). Using
[--backup-dir](/docs/#backup-dir-dir) with rclone is the recommended
way of working around this.
If you wish to remove all the old versions then you can use the
`rclone cleanup remote:bucket` command which will delete all the old
versions of files, leaving the current ones intact. You can also
supply a path and only old versions under that path will be deleted,
eg `rclone cleanup remote:bucket/path/to/stuff`.
Note that `cleanup` will remove partially uploaded files from the bucket
if they are more than a day old.
When you `purge` a bucket, the current and the old versions will be
deleted then the bucket will be deleted.
However `delete` will cause the current versions of the files to
become hidden old versions.
Here is a session showing the listing and retrieval of an old
version followed by a `cleanup` of the old versions.
Show current version and all the versions with `--b2-versions` flag.
These will be set in the "X-Bz-Test-Mode" header which is documented
in the [b2 integrations checklist](https://www.backblaze.com/b2/docs/integration_checklist.html).
- Config: test_mode
- Env Var: RCLONE_B2_TEST_MODE
- Type: string
- Default: ""
#### --b2-versions
Include old versions in directory listings.
Note that when using this no file write operations are permitted,
so you can't upload files or delete them.
- Config: versions
- Env Var: RCLONE_B2_VERSIONS
- Type: bool
- Default: false
#### --b2-upload-cutoff
Cutoff for switching to chunked upload.
Files above this size will be uploaded in chunks of "--b2-chunk-size".
This value should be set no larger than 4.657GiB (== 5GB).
- Config: upload_cutoff
- Env Var: RCLONE_B2_UPLOAD_CUTOFF
- Type: SizeSuffix
- Default: 200M
#### --b2-chunk-size
Upload chunk size. Must fit in memory.
When uploading large files, chunk the file into this size. Note that
these chunks are buffered in memory and there might a maximum of
"--transfers" chunks in progress at once. 5,000,000 Bytes is the
minimum size.
- Config: chunk_size
- Env Var: RCLONE_B2_CHUNK_SIZE
- Type: SizeSuffix
- Default: 96M
#### --b2-disable-checksum
Disable checksums for large (> upload cutoff) files
- Config: disable_checksum
- Env Var: RCLONE_B2_DISABLE_CHECKSUM
- Type: bool
- Default: false
#### --b2-download-url
Custom endpoint for downloads.
This is usually set to a Cloudflare CDN URL as Backblaze offers
free egress for data downloaded through the Cloudflare network.
This is probably only useful for a public bucket.
Leave blank if you want to use the endpoint provided by Backblaze.
- Config: download_url
- Env Var: RCLONE_B2_DOWNLOAD_URL
- Type: string
- Default: ""
#### --b2-download-auth-duration
Time before the authorization token will expire in s or suffix ms|s|m|h|d.
The duration before the download authorization token will expire.
The minimum value is 1 second. The maximum value is one week.
- Config: download_auth_duration
- Env Var: RCLONE_B2_DOWNLOAD_AUTH_DURATION
- Type: Duration
- Default: 1w
<!--- autogenerated options stop -->
Box
-----------------------------------------
Paths are specified as `remote:path`
Paths may be as deep as required, eg `remote:directory/subdirectory`.
The initial setup for Box involves getting a token from Box which you
can do either in your browser, or with a config.json downloaded from Box
to use JWT authentication. `rclone config` walks you through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Box “box” [snip] Storage> box Box App Client Id - leave blank normally. client_id> Box App Client Secret - leave blank normally. client_secret> Box App config.json location Leave blank normally. Enter a string value. Press Enter for the default ("“). config_json> ‘enterprise’ or ‘user’ depending on the type of token being requested. Enter a string value. Press Enter for the default (”user“). box_sub_type> Remote config Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine y) Yes n) No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code ——————– [remote] client_id = client_secret = token = {”access_token“:”XXX“,”token_type“:”bearer“,”refresh_token“:”XXX“,”expiry“:”XXX"} ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the
token as returned from Box. This only runs from the moment it opens
your browser to the moment you get back the verification code. This
is on `http://127.0.0.1:53682/` and this it may require you to unblock
it temporarily if you are running a host firewall.
Once configured you can then use `rclone` like this,
List directories in top level of your Box
rclone lsd remote:
List all the files in your Box
rclone ls remote:
To copy a local directory to an Box directory called backup
rclone copy /home/source remote:backup
### Using rclone with an Enterprise account with SSO ###
If you have an "Enterprise" account type with Box with single sign on
(SSO), you need to create a password to use Box with rclone. This can
be done at your Enterprise Box account by going to Settings, "Account"
Tab, and then set the password in the "Authentication" field.
Once you have done this, you can setup your Enterprise Box account
using the same procedure detailed above in the, using the password you
have just set.
### Invalid refresh token ###
According to the [box docs](https://developer.box.com/v2.0/docs/oauth-20#section-6-using-the-access-and-refresh-tokens):
> Each refresh_token is valid for one use in 60 days.
This means that if you
* Don't use the box remote for 60 days
* Copy the config file with a box refresh token in and use it in two places
* Get an error on a token refresh
then rclone will return an error which includes the text `Invalid
refresh token`.
To fix this you will need to use oauth2 again to update the refresh
token. You can use the methods in [the remote setup
docs](https://rclone.org/remote_setup/), bearing in mind that if you use the copy the
config file method, you should not use that remote on the computer you
did the authentication on.
Here is how to do it.
</code></pre>
<p>$ rclone config Current remotes:</p>
<p>Name Type ==== ==== remote box</p>
<olstart="5"type="a">
<li>Edit existing remote</li>
<li>New remote</li>
<li>Delete remote</li>
<li>Rename remote</li>
<li>Copy remote</li>
<li>Set configuration password</li>
<li>Quit config e/n/d/r/c/s/q> e Choose a number from below, or type in an existing value 1 > remote remote> remote ——————– [remote] type = box token = {“access_token”:“XXX”,“token_type”:“bearer”,“refresh_token”:“XXX”,“expiry”:“2017-07-08T23:40:08.059167677+01:00”} ——————– Edit remote Value “client_id” = "" Edit? (y/n)></li>
<li>Yes</li>
<li>No y/n> n Value “client_secret” = "" Edit? (y/n)></li>
<li>Yes</li>
<li>No y/n> n Remote config Already have a token - refresh?</li>
<li>No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code ——————– [remote] type = box token = {“access_token”:“YYY”,“token_type”:“bearer”,“refresh_token”:“YYY”,“expiry”:“2017-07-23T12:22:29.259137901+01:00”} ——————–</li>
<li>Yes this is OK</li>
<li>Edit this remote</li>
<li>Delete this remote y/e/d> y</li>
</ol>
<pre><code>
### Modified time and hashes ###
Box allows modification times to be set on objects accurate to 1
second. These will be used to detect whether objects need syncing or
not.
Box supports SHA1 type hashes, so you can use the `--checksum`
flag.
#### Restricted filename characters
In addition to the [default restricted characters set](/overview/#restricted-characters)
the following characters are also replaced:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| \ | 0x5C | \ |
File names can also not end with the following characters.
These only get replaced if they are last character in the name:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
### Transfers ###
For files above 50MB rclone will use a chunked transfer. Rclone will
upload up to `--transfers` chunks at the same time (shared among all
the multipart uploads). Chunks are buffered in memory and are
normally 8MB so increasing `--transfers` will increase memory use.
### Deleting files ###
Depending on the enterprise settings for your user, the item will
either be actually deleted from Box or moved to the trash.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/box/box.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to box (Box).
#### --box-client-id
Box App Client Id.
Leave blank normally.
- Config: client_id
- Env Var: RCLONE_BOX_CLIENT_ID
- Type: string
- Default: ""
#### --box-client-secret
Box App Client Secret
Leave blank normally.
- Config: client_secret
- Env Var: RCLONE_BOX_CLIENT_SECRET
- Type: string
- Default: ""
#### --box-box-config-file
Box App config.json location
Leave blank normally.
- Config: box_config_file
- Env Var: RCLONE_BOX_BOX_CONFIG_FILE
- Type: string
- Default: ""
#### --box-box-sub-type
- Config: box_sub_type
- Env Var: RCLONE_BOX_BOX_SUB_TYPE
- Type: string
- Default: "user"
- Examples:
- "user"
- Rclone should act on behalf of a user
- "enterprise"
- Rclone should act on behalf of a service account
### Advanced Options
Here are the advanced options specific to box (Box).
#### --box-upload-cutoff
Cutoff for switching to multipart upload (>= 50MB).
- Config: upload_cutoff
- Env Var: RCLONE_BOX_UPLOAD_CUTOFF
- Type: SizeSuffix
- Default: 50M
#### --box-commit-retries
Max number of times to try committing a multipart file.
- Config: commit_retries
- Env Var: RCLONE_BOX_COMMIT_RETRIES
- Type: int
- Default: 100
<!--- autogenerated options stop -->
### Limitations ###
Note that Box is case insensitive so you can't have a file called
"Hello.doc" and one called "hello.doc".
Box file names can't have the `\` character in. rclone maps this to
and from an identical looking unicode equivalent `\`.
Box only supports filenames up to 255 characters in length.
Cache (BETA)
-----------------------------------------
The `cache` remote wraps another existing remote and stores file structure
and its data for long running tasks like `rclone mount`.
To get started you just need to have an existing remote which can be configured
with `cache`.
Here is an example of how to make a remote called `test-cache`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q> n name> test-cache Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Cache a remote “cache” [snip] Storage> cache Remote to cache. Normally should contain a ‘:’ and a path, eg “myremote:path/to/dir”, “myremote:bucket” or maybe “myremote:” (not recommended). remote> local:/test Optional: The URL of the Plex server plex_url> http://127.0.0.1:32400 Optional: The username of the Plex user plex_username> dummyusername Optional: The password of the Plex user y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n> y Enter the password: password: Confirm the password: password: The size of a chunk. Lower value good for slow connections but can affect seamless reading. Default: 5M Choose a number from below, or type in your own value 1 / 1MB “1m” 2 / 5 MB “5M” 3 / 10 MB “10M” chunk_size> 2 How much time should object info (file size, file hashes etc) be stored in cache. Use a very high value if you don’t plan on changing the source FS from outside the cache. Accepted units are: “s”, “m”, “h”. Default: 5m Choose a number from below, or type in your own value 1 / 1 hour “1h” 2 / 24 hours “24h” 3 / 24 hours “48h” info_age> 2 The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted. Default: 10G Choose a number from below, or type in your own value 1 / 500 MB “500M” 2 / 1 GB “1G” 3 / 10 GB “10G” chunk_total_size> 3 Remote config ——————– [test-cache] remote = local:/test plex_url = http://127.0.0.1:32400 plex_username = dummyusername plex_password = *** ENCRYPTED *** chunk_size = 5M info_age = 48h chunk_total_size = 10G</p>
<pre><code>
You can then use it like this,
List directories in top level of your drive
rclone lsd test-cache:
List all the files in your drive
rclone ls test-cache:
To start a cached mount
rclone mount --allow-other test-cache: /var/tmp/test-cache
### Write Features ###
### Offline uploading ###
In an effort to make writing through cache more reliable, the backend
now supports this feature which can be activated by specifying a
`cache-tmp-upload-path`.
A files goes through these states when using this feature:
1. An upload is started (usually by copying a file on the cache remote)
2. When the copy to the temporary location is complete the file is part
of the cached remote and looks and behaves like any other file (reading included)
3. After `cache-tmp-wait-time` passes and the file is next in line, `rclone move`
is used to move the file to the cloud provider
4. Reading the file still works during the upload but most modifications on it will be prohibited
5. Once the move is complete the file is unlocked for modifications as it
becomes as any other regular file
6. If the file is being read through `cache` when it's actually
deleted from the temporary path then `cache` will simply swap the source
to the cloud provider without interrupting the reading (small blip can happen though)
Files are uploaded in sequence and only one file is uploaded at a time.
Uploads will be stored in a queue and be processed based on the order they were added.
The queue and the temporary storage is persistent across restarts but
can be cleared on startup with the `--cache-db-purge` flag.
### Write Support ###
Writes are supported through `cache`.
One caveat is that a mounted cache remote does not add any retry or fallback
mechanism to the upload operation. This will depend on the implementation
of the wrapped remote. Consider using `Offline uploading` for reliable writes.
One special case is covered with `cache-writes` which will cache the file
data at the same time as the upload when it is enabled making it available
from the cache store immediately once the upload is finished.
### Read Features ###
#### Multiple connections ####
To counter the high latency between a local PC where rclone is running
and cloud providers, the cache remote can split multiple requests to the
cloud provider for smaller file chunks and combines them together locally
where they can be available almost immediately before the reader usually
needs them.
This is similar to buffering when media files are played online. Rclone
will stay around the current marker but always try its best to stay ahead
and prepare the data before.
#### Plex Integration ####
There is a direct integration with Plex which allows cache to detect during reading
if the file is in playback or not. This helps cache to adapt how it queries
the cloud provider depending on what is needed for.
Scans will have a minimum amount of workers (1) while in a confirmed playback cache
will deploy the configured number of workers.
This integration opens the doorway to additional performance improvements
which will be explored in the near future.
**Note:** If Plex options are not configured, `cache` will function with its
configured options without adapting any of its settings.
How to enable? Run `rclone config` and add all the Plex options (endpoint, username
and password) in your remote and it will be automatically enabled.
Affected settings:
- `cache-workers`: _Configured value_ during confirmed playback or _1_ all the other times
##### Certificate Validation #####
When the Plex server is configured to only accept secure connections, it is
possible to use `.plex.direct` URL's to ensure certificate validation succeeds.
These URL's are used by Plex internally to connect to the Plex server securely.
Clear all the cached data for this remote on start.
- Config: db_purge
- Env Var: RCLONE_CACHE_DB_PURGE
- Type: bool
- Default: false
#### --cache-chunk-clean-interval
How often should the cache perform cleanups of the chunk storage.
The default value should be ok for most people. If you find that the
cache goes over "cache-chunk-total-size" too often then try to lower
this value to force it to perform cleanups more often.
- Config: chunk_clean_interval
- Env Var: RCLONE_CACHE_CHUNK_CLEAN_INTERVAL
- Type: Duration
- Default: 1m0s
#### --cache-read-retries
How many times to retry a read from a cache storage.
Since reading from a cache stream is independent from downloading file
data, readers can get to a point where there's no more data in the
cache. Most of the times this can indicate a connectivity issue if
cache isn't able to provide file data anymore.
For really slow connections, increase this to a point where the stream is
able to provide data but your experience will be very stuttering.
- Config: read_retries
- Env Var: RCLONE_CACHE_READ_RETRIES
- Type: int
- Default: 10
#### --cache-workers
How many workers should run in parallel to download chunks.
Higher values will mean more parallel processing (better CPU needed)
and more concurrent requests on the cloud provider. This impacts
several aspects like the cloud provider API limits, more stress on the
hardware that rclone runs on but it also means that streams will be
more fluid and data will be available much more faster to readers.
**Note**: If the optional Plex integration is enabled then this
setting will adapt to the type of reading performed and the value
specified here will be used as a maximum number of workers to use.
- Config: workers
- Env Var: RCLONE_CACHE_WORKERS
- Type: int
- Default: 4
#### --cache-chunk-no-memory
Disable the in-memory cache for storing chunks during streaming.
By default, cache will keep file data during streaming in RAM as well
to provide it to readers as fast as possible.
This transient data is evicted as soon as it is read and the number of
chunks stored doesn't exceed the number of workers. However, depending
on other settings like "cache-chunk-size" and "cache-workers" this footprint
can increase if there are parallel streams too (multiple files being read
at the same time).
If the hardware permits it, use this feature to provide an overall better
performance during streaming but it can also be disabled if RAM is not
available on the local machine.
- Config: chunk_no_memory
- Env Var: RCLONE_CACHE_CHUNK_NO_MEMORY
- Type: bool
- Default: false
#### --cache-rps
Limits the number of requests per second to the source FS (-1 to disable)
This setting places a hard limit on the number of requests per second
that cache will be doing to the cloud provider remote and try to
respect that value by setting waits between reads.
If you find that you're getting banned or limited on the cloud
provider through cache and know that a smaller number of requests per
second will allow you to work with it then you can use this setting
for that.
A good balance of all the other settings should make this setting
useless but it is available to set for more special cases.
**NOTE**: This will limit the number of requests during streams but
other API calls to the cloud provider like directory listings will
still pass.
- Config: rps
- Env Var: RCLONE_CACHE_RPS
- Type: int
- Default: -1
#### --cache-writes
Cache file data on writes through the FS
If you need to read files immediately after you upload them through
cache you can enable this flag to have their data stored in the
cache store at the same time during upload.
- Config: writes
- Env Var: RCLONE_CACHE_WRITES
- Type: bool
- Default: false
#### --cache-tmp-upload-path
Directory to keep temporary files until they are uploaded.
This is the path where cache will use as a temporary storage for new
files that need to be uploaded to the cloud provider.
Specifying a value will enable this feature. Without it, it is
completely disabled and files will be uploaded directly to the cloud
provider
- Config: tmp_upload_path
- Env Var: RCLONE_CACHE_TMP_UPLOAD_PATH
- Type: string
- Default: ""
#### --cache-tmp-wait-time
How long should files be stored in local cache before being uploaded
This is the duration that a file must wait in the temporary location
_cache-tmp-upload-path_ before it is selected for upload.
Note that only one file is uploaded at a time and it can take longer
to start the upload if a queue formed for this purpose.
- Config: tmp_wait_time
- Env Var: RCLONE_CACHE_TMP_WAIT_TIME
- Type: Duration
- Default: 15s
#### --cache-db-wait-time
How long to wait for the DB to be available - 0 is unlimited
Only one process can have the DB open at any one time, so rclone waits
for this duration for the DB to become available before it gives an
error.
If you set it to 0 then it will wait forever.
- Config: db_wait_time
- Env Var: RCLONE_CACHE_DB_WAIT_TIME
- Type: Duration
- Default: 1s
<!--- autogenerated options stop -->
Chunker (BETA)
----------------------------------------
The `chunker` overlay transparently splits large files into smaller chunks
during upload to wrapped remote and transparently assembles them back
when the file is downloaded. This allows to effectively overcome size limits
imposed by storage providers.
To use it, first set up the underlying remote following the configuration
instructions for that remote. You can also use a local pathname instead of
a remote.
First check your chosen remote is working - we'll call it `remote:path` here.
Note that anything inside `remote:path` will be chunked and anything outside
won't. This means that if you are using a bucket based remote (eg S3, B2, swift)
then you should probably put the bucket in the remote `s3:bucket`.
Now configure `chunker` using `rclone config`. We will call this one `overlay`
to separate it from the `remote` itself.
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> overlay Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Transparently chunk/split large files “chunker” [snip] Storage> chunker Remote to chunk/unchunk. Normally should contain a ‘:’ and a path, eg “myremote:path/to/dir”, “myremote:bucket” or maybe “myremote:” (not recommended). Enter a string value. Press Enter for the default ("“). remote> remote:path Files larger than chunk size will be split in chunks. Enter a size with suffix k,M,G,T. Press Enter for the default (”2G“). chunk_size> 100M Choose how chunker handles hash sums. All modes but”none" require metadata. Enter a string value. Press Enter for the default (“md5”). Choose a number from below, or type in your own value 1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise “none” 2 / MD5 for composite files “md5” 3 / SHA1 for composite files “sha1” 4 / MD5 for all files “md5all” 5 / SHA1 for all files “sha1all” 6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported “md5quick” 7 / Similar to “md5quick” but prefers SHA1 over MD5 “sha1quick” hash_type> md5 Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config ——————– [overlay] type = chunker remote = remote:bucket chunk_size = 100M hash_type = md5 ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
### Specifying the remote
In normal use, make sure the remote has a `:` in. If you specify the remote
without a `:` then rclone will use a local directory of that name.
So if you use a remote of `/path/to/secret/files` then rclone will
chunk stuff in that directory. If you use a remote of `name` then rclone
will put files in a directory called `name` in the current directory.
### Chunking
When rclone starts a file upload, chunker checks the file size. If it
doesn't exceed the configured chunk size, chunker will just pass the file
to the wrapped remote. If a file is large, chunker will transparently cut
data in pieces with temporary names and stream them one by one, on the fly.
Each data chunk will contain the specified number of bytes, except for the
last one which may have less data. If file size is unknown in advance
(this is called a streaming upload), chunker will internally create
a temporary copy, record its size and repeat the above process.
When upload completes, temporary chunk files are finally renamed.
This scheme guarantees that operations can be run in parallel and look
from outside as atomic.
A similar method with hidden temporary chunks is used for other operations
(copy/move/rename etc). If an operation fails, hidden chunks are normally
destroyed, and the target composite file stays intact.
When a composite file download is requested, chunker transparently
assembles it by concatenating data chunks in order. As the split is trivial
one could even manually concatenate data chunks together to obtain the
original content.
When the `list` rclone command scans a directory on wrapped remote,
the potential chunk files are accounted for, grouped and assembled into
composite directory entries. Any temporary chunks are hidden.
List and other commands can sometimes come across composite files with
missing or invalid chunks, eg. shadowed by like-named directory or
another file. This usually means that wrapped file system has been directly
tampered with or damaged. If chunker detects a missing chunk it will
by default print warning, skip the whole incomplete group of chunks but
proceed with current command.
You can set the `--chunker-fail-hard` flag to have commands abort with
error message in such cases.
#### Chunk names
The default chunk name format is `*.rclone-chunk.###`, hence by default
chunk names are `BIG_FILE_NAME.rclone-chunk.001`,
`BIG_FILE_NAME.rclone-chunk.002` etc. You can configure a different name
format using the `--chunker-name-format` option. The format uses asterisk
`*` as a placeholder for the base file name and one or more consecutive
hash characters `#` as a placeholder for sequential chunk number.
There must be one and only one asterisk. The number of consecutive hash
characters defines the minimum length of a string representing a chunk number.
If decimal chunk number has less digits than the number of hashes, it is
left-padded by zeros. If the decimal string is longer, it is left intact.
By default numbering starts from 1 but there is another option that allows
user to start from 0, eg. for compatibility with legacy software.
For example, if name format is `big_*-##.part` and original file name is
`data.txt` and numbering starts from 0, then the first chunk will be named
`big_data.txt-00.part`, the 99th chunk will be `big_data.txt-98.part`
and the 302nd chunk will become `big_data.txt-301.part`.
Note that `list` assembles composite directory entries only when chunk names
match the configured format and treats non-conforming file names as normal
non-chunked files.
### Metadata
Besides data chunks chunker will by default create metadata object for
a composite file. The object is named after the original file.
Chunker allows user to disable metadata completely (the `none` format).
Note that metadata is normally not created for files smaller than the
configured chunk size. This may change in future rclone releases.
#### Simple JSON metadata format
This is the default format. It supports hash sums and chunk validation
for composite files. Meta objects carry the following fields:
- `ver` - version of format, currently `1`
- `size` - total size of composite file
- `nchunks` - number of data chunks in file
- `md5` - MD5 hashsum of composite file (if present)
- `sha1` - SHA1 hashsum (if present)
There is no field for composite file name as it's simply equal to the name
of meta object on the wrapped remote. Please refer to respective sections
for details on hashsums and modified time handling.
#### No metadata
You can disable meta objects by setting the meta format option to `none`.
In this mode chunker will scan directory for all files that follow
configured chunk name format, group them by detecting chunks with the same
base name and show group names as virtual composite files.
This method is more prone to missing chunk errors (especially missing
last chunk) than format with metadata enabled.
### Hashsums
Chunker supports hashsums only when a compatible metadata is present.
Hence, if you choose metadata format of `none`, chunker will report hashsum
as `UNSUPPORTED`.
Please note that by default metadata is stored only for composite files.
If a file is smaller than configured chunk size, chunker will transparently
redirect hash requests to wrapped remote, so support depends on that.
You will see the empty string as a hashsum of requested type for small
files if the wrapped remote doesn't support it.
Many storage backends support MD5 and SHA1 hash types, so does chunker.
With chunker you can choose one or another but not both.
MD5 is set by default as the most supported type.
Since chunker keeps hashes for composite files and falls back to the
wrapped remote hash for non-chunked ones, we advise you to choose the same
hash type as supported by wrapped remote so that your file listings
look coherent.
If your storage backend does not support MD5 or SHA1 but you need consistent
file hashing, configure chunker with `md5all` or `sha1all`. These two modes
guarantee given hash for all files. If wrapped remote doesn't support it,
chunker will then add metadata to all files, even small. However, this can
double the amount of small files in storage and incur additional service charges.
Normally, when a file is copied to chunker controlled remote, chunker
will ask the file source for compatible file hash and revert to on-the-fly
calculation if none is found. This involves some CPU overhead but provides
a guarantee that given hashsum is available. Also, chunker will reject
a server-side copy or move operation if source and destination hashsum
types are different resulting in the extra network bandwidth, too.
In some rare cases this may be undesired, so chunker provides two optional
choices: `sha1quick` and `md5quick`. If the source does not support primary
hash type and the quick mode is enabled, chunker will try to fall back to
the secondary type. This will save CPU and bandwidth but can result in empty
hashsums at destination. Beware of consequences: the `sync` command will
revert (sometimes silently) to time/size comparison if compatible hashsums
between source and target are not found.
### Modified time
Chunker stores modification times using the wrapped remote so support
depends on that. For a small non-chunked file the chunker overlay simply
manipulates modification time of the wrapped remote file.
For a composite file with metadata chunker will get and set
modification time of the metadata object on the wrapped remote.
If file is chunked but metadata format is `none` then chunker will
use modification time of the first data chunk.
### Migrations
The idiomatic way to migrate to a different chunk size, hash type or
chunk naming scheme is to:
- Collect all your chunked files under a directory and have your
chunker remote point to it.
- Create another directory (most probably on the same cloud storage)
and configure a new remote with desired metadata format,
hash type, chunk naming etc.
- Now run `rclone sync oldchunks: newchunks:` and all your data
will be transparently converted in transfer.
This may take some time, yet chunker will try server-side
copy if possible.
- After checking data integrity you may remove configuration section
of the old remote.
If rclone gets killed during a long operation on a big composite file,
hidden temporary chunks may stay in the directory. They will not be
shown by the `list` command but will eat up your account quota.
Please note that the `deletefile` command deletes only active
chunks of a file. As a workaround, you can use remote of the wrapped
file system to see them.
An easy way to get rid of hidden garbage is to copy littered directory
somewhere using the chunker remote and purge the original directory.
The `copy` command will copy only active chunks while the `purge` will
remove everything including garbage.
### Caveats and Limitations
Chunker requires wrapped remote to support server side `move` (or `copy` +
`delete`) operations, otherwise it will explicitly refuse to start.
This is because it internally renames temporary chunk files to their final
names when an operation completes successfully.
Note that a move implemented using the copy-and-delete method may incur
double charging with some cloud storage providers.
Chunker will not automatically rename existing chunks when you run
`rclone config` on a live remote and change the chunk name format.
Beware that in result of this some files which have been treated as chunks
before the change can pop up in directory listings as normal files
and vice versa. The same warning holds for the chunk size.
If you desperately need to change critical chunking setings, you should
run data migration as described above.
If wrapped remote is case insensitive, the chunker overlay will inherit
that property (so you can't have a file called "Hello.doc" and "hello.doc"
in the same directory).
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/chunker/chunker.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to chunker (Transparently chunk/split large files).
#### --chunker-remote
Remote to chunk/unchunk.
Normally should contain a ':' and a path, eg "myremote:path/to/dir",
"myremote:bucket" or maybe "myremote:" (not recommended).
- Config: remote
- Env Var: RCLONE_CHUNKER_REMOTE
- Type: string
- Default: ""
#### --chunker-chunk-size
Files larger than chunk size will be split in chunks.
- Config: chunk_size
- Env Var: RCLONE_CHUNKER_CHUNK_SIZE
- Type: SizeSuffix
- Default: 2G
#### --chunker-hash-type
Choose how chunker handles hash sums. All modes but "none" require metadata.
- Config: hash_type
- Env Var: RCLONE_CHUNKER_HASH_TYPE
- Type: string
- Default: "md5"
- Examples:
- "none"
- Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
- "md5"
- MD5 for composite files
- "sha1"
- SHA1 for composite files
- "md5all"
- MD5 for all files
- "sha1all"
- SHA1 for all files
- "md5quick"
- Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
- "sha1quick"
- Similar to "md5quick" but prefers SHA1 over MD5
### Advanced Options
Here are the advanced options specific to chunker (Transparently chunk/split large files).
#### --chunker-name-format
String format of chunk file names.
The two placeholders are: base file name (*) and chunk number (#...).
There must be one and only one asterisk and one or more consecutive hash characters.
If chunk number has less digits than the number of hashes, it is left-padded by zeros.
If there are more digits in the number, they are left as is.
Possible chunk files are ignored if their name does not match given format.
- Config: name_format
- Env Var: RCLONE_CHUNKER_NAME_FORMAT
- Type: string
- Default: "*.rclone_chunk.###"
#### --chunker-start-from
Minimum valid chunk number. Usually 0 or 1.
By default chunk numbers start from 1.
- Config: start_from
- Env Var: RCLONE_CHUNKER_START_FROM
- Type: int
- Default: 1
#### --chunker-meta-format
Format of the metadata object or "none". By default "simplejson".
Metadata is a small JSON file named after the composite file.
- Config: meta_format
- Env Var: RCLONE_CHUNKER_META_FORMAT
- Type: string
- Default: "simplejson"
- Examples:
- "none"
- Do not use metadata files at all. Requires hash type "none".
- "simplejson"
- Simple JSON supports hash sums and chunk validation.
- It has the following fields: ver, size, nchunks, md5, sha1.
#### --chunker-fail-hard
Choose how chunker should handle files with missing or invalid chunks.
- Config: fail_hard
- Env Var: RCLONE_CHUNKER_FAIL_HARD
- Type: bool
- Default: false
- Examples:
- "true"
- Report errors and abort current command.
- "false"
- Warn user, skip incomplete file and proceed.
<!--- autogenerated options stop -->
## Citrix ShareFile
[Citrix ShareFile](https://sharefile.com) is a secure file sharing and transfer service aimed as business.
The initial setup for Citrix ShareFile involves getting a token from
Citrix ShareFile which you can in your browser. `rclone config` walks you
through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value XX / Citrix Sharefile ”sharefile" Storage> sharefile ** See help for sharefile backend at: https://rclone.org/sharefile/ **</p>
<p>ID of the root folder</p>
<p>Leave blank to access “Personal Folders”. You can use one of the standard values here or any folder ID (long hex number ID). Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value 1 / Access the Personal Folders. (Default) ”" 2 / Access the Favorites folder. “favorites” 3 / Access all the shared folders. “allshared” 4 / Access all the individual connectors. “connectors” 5 / Access the home, favorites, and shared folders as well as the connectors. “top” root_folder_id> Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine y) Yes n) No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX Log in and authorize rclone for access Waiting for code… Got code ——————– [remote] type = sharefile endpoint = https://XXX.sharefile.com token = {“access_token”:“XXX”,“token_type”:“bearer”,“refresh_token”:“XXX”,“expiry”:“2019-09-30T19:41:45.878561877+01:00”} ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
See the [remote setup docs](https://rclone.org/remote_setup/) for how to set it up on a
machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the
token as returned from Citrix ShareFile. This only runs from the moment it opens
your browser to the moment you get back the verification code. This
is on `http://127.0.0.1:53682/` and this it may require you to unblock
it temporarily if you are running a host firewall.
Once configured you can then use `rclone` like this,
List directories in top level of your ShareFile
rclone lsd remote:
List all the files in your ShareFile
rclone ls remote:
To copy a local directory to an ShareFile directory called backup
rclone copy /home/source remote:backup
Paths may be as deep as required, eg `remote:directory/subdirectory`.
### Modified time and hashes ###
ShareFile allows modification times to be set on objects accurate to 1
second. These will be used to detect whether objects need syncing or
not.
ShareFile supports MD5 type hashes, so you can use the `--checksum`
flag.
### Transfers ###
For files above 128MB rclone will use a chunked transfer. Rclone will
upload up to `--transfers` chunks at the same time (shared among all
the multipart uploads). Chunks are buffered in memory and are
normally 64MB so increasing `--transfers` will increase memory use.
### Limitations ###
Note that ShareFile is case insensitive so you can't have a file called
"Hello.doc" and one called "hello.doc".
ShareFile only supports filenames up to 256 characters in length.
#### Restricted filename characters
In addition to the [default restricted characters set](/overview/#restricted-characters)
the following characters are also replaced:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| \\ | 0x5C | \ |
| * | 0x2A | * |
| < | 0x3C | < |
| > | 0x3E | > |
| ? | 0x3F | ? |
| : | 0x3A | : |
| \| | 0x7C | | |
| " | 0x22 | " |
File names can also not start or end with the following characters.
These only get replaced if they are first or last character in the
name:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| SP | 0x20 | ␠ |
| . | 0x2E | . |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/sharefile/sharefile.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to sharefile (Citrix Sharefile).
#### --sharefile-root-folder-id
ID of the root folder
Leave blank to access "Personal Folders". You can use one of the
standard values here or any folder ID (long hex number ID).
- Config: root_folder_id
- Env Var: RCLONE_SHAREFILE_ROOT_FOLDER_ID
- Type: string
- Default: ""
- Examples:
- ""
- Access the Personal Folders. (Default)
- "favorites"
- Access the Favorites folder.
- "allshared"
- Access all the shared folders.
- "connectors"
- Access all the individual connectors.
- "top"
- Access the home, favorites, and shared folders as well as the connectors.
### Advanced Options
Here are the advanced options specific to sharefile (Citrix Sharefile).
#### --sharefile-upload-cutoff
Cutoff for switching to multipart upload.
- Config: upload_cutoff
- Env Var: RCLONE_SHAREFILE_UPLOAD_CUTOFF
- Type: SizeSuffix
- Default: 128M
#### --sharefile-chunk-size
Upload chunk size. Must a power of 2 >= 256k.
Making this larger will improve performance, but note that each chunk
is buffered in memory one per transfer.
Reducing this will reduce memory usage but decrease performance.
- Config: chunk_size
- Env Var: RCLONE_SHAREFILE_CHUNK_SIZE
- Type: SizeSuffix
- Default: 64M
#### --sharefile-endpoint
Endpoint for API calls.
This is usually auto discovered as part of the oauth process, but can
be set manually to something like: https://XXX.sharefile.com
- Config: endpoint
- Env Var: RCLONE_SHAREFILE_ENDPOINT
- Type: string
- Default: ""
<!--- autogenerated options stop -->
Crypt
----------------------------------------
The `crypt` remote encrypts and decrypts another remote.
To use it first set up the underlying remote following the config
instructions for that remote. You can also use a local pathname
instead of a remote which will encrypt and decrypt from that directory
which might be useful for encrypting onto a USB stick for example.
First check your chosen remote is working - we'll call it
`remote:path` in these docs. Note that anything inside `remote:path`
will be encrypted and anything outside won't. This means that if you
are using a bucket based remote (eg S3, B2, swift) then you should
probably put the bucket in the remote `s3:bucket`. If you just use
`s3:` then rclone will make encrypted bucket names too (if using file
name encryption) which may or may not be what you want.
Now configure `crypt` using `rclone config`. We will call this one
`secret` to differentiate it from the `remote`.
</code></pre>
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n<br/>
name> secret Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Encrypt/Decrypt a remote “crypt” [snip] Storage> crypt Remote to encrypt/decrypt. Normally should contain a ‘:’ and a path, eg “myremote:path/to/dir”, “myremote:bucket” or maybe “myremote:” (not recommended). remote> remote:path How to encrypt the filenames. Choose a number from below, or type in your own value 1 / Don’t encrypt the file names. Adds a “.bin” extension only. “off” 2 / Encrypt the filenames see the docs for the details. “standard” 3 / Very simple filename obfuscation. “obfuscate” filename_encryption> 2 Option to either encrypt directory names or leave them intact. Choose a number from below, or type in your own value 1 / Encrypt directory names. “true” 2 / Don’t encrypt directory names, leave them intact. “false” filename_encryption> 1 Password or pass phrase for encryption. y) Yes type in my own password g) Generate random password y/g> y Enter the password: password: Confirm the password: password: Password or pass phrase for salt. Optional but recommended. Should be different to the previous password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank y/g/n> g Password strength in bits. 64 is just about memorable 128 is secure 1024 is the maximum Bits> 128 Your password is: JAsJvRcgR-_veXNfy_sGmQ Use this password? y) Yes n) No y/n> y Remote config ——————– [secret] remote = remote:path filename_encryption = standard password = *** ENCRYPTED <strong><em> password2 = </em></strong> ENCRYPTED *** ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
**Important** The password is stored in the config file is lightly
obscured so it isn't immediately obvious what it is. It is in no way
secure unless you use config file encryption.
A long passphrase is recommended, or you can use a random one. Note
that if you reconfigure rclone with the same passwords/passphrases
elsewhere it will be compatible - all the secrets used are derived
from those two passwords/passphrases.
Note that rclone does not encrypt
* file length - this can be calcuated within 16 bytes
* modification time - used for syncing
## Specifying the remote ##
In normal use, make sure the remote has a `:` in. If you specify the
remote without a `:` then rclone will use a local directory of that
name. So if you use a remote of `/path/to/secret/files` then rclone
will encrypt stuff to that directory. If you use a remote of `name`
then rclone will put files in a directory called `name` in the current
directory.
If you specify the remote as `remote:path/to/dir` then rclone will
store encrypted files in `path/to/dir` on the remote. If you are using
file name encryption, then when you save files to
`secret:subdir/subfile` this will store them in the unencrypted path
`path/to/dir` but the `subdir/subpath` bit will be encrypted.
Note that unless you want encrypted bucket names (which are difficult
to manage because you won't know what directory they represent in web
interfaces etc), you should probably specify a bucket, eg
`remote:secretbucket` when using bucket based remotes such as S3,
Swift, Hubic, B2, GCS.
## Example ##
To test I made a little directory of files using "standard" file name
Crypt stores modification times using the underlying remote so support
depends on that.
Hashes are not stored for crypt. However the data integrity is
protected by an extremely strong crypto authenticator.
Note that you should use the `rclone cryptcheck` command to check the
integrity of a crypted remote instead of `rclone check` which can't
check the checksums properly.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/crypt/crypt.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to crypt (Encrypt/Decrypt a remote).
#### --crypt-remote
Remote to encrypt/decrypt.
Normally should contain a ':' and a path, eg "myremote:path/to/dir",
"myremote:bucket" or maybe "myremote:" (not recommended).
- Config: remote
- Env Var: RCLONE_CRYPT_REMOTE
- Type: string
- Default: ""
#### --crypt-filename-encryption
How to encrypt the filenames.
- Config: filename_encryption
- Env Var: RCLONE_CRYPT_FILENAME_ENCRYPTION
- Type: string
- Default: "standard"
- Examples:
- "off"
- Don't encrypt the file names. Adds a ".bin" extension only.
- "standard"
- Encrypt the filenames see the docs for the details.
- "obfuscate"
- Very simple filename obfuscation.
#### --crypt-directory-name-encryption
Option to either encrypt directory names or leave them intact.
- Config: directory_name_encryption
- Env Var: RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
- Type: bool
- Default: true
- Examples:
- "true"
- Encrypt directory names.
- "false"
- Don't encrypt directory names, leave them intact.
#### --crypt-password
Password or pass phrase for encryption.
- Config: password
- Env Var: RCLONE_CRYPT_PASSWORD
- Type: string
- Default: ""
#### --crypt-password2
Password or pass phrase for salt. Optional but recommended.
Should be different to the previous password.
- Config: password2
- Env Var: RCLONE_CRYPT_PASSWORD2
- Type: string
- Default: ""
### Advanced Options
Here are the advanced options specific to crypt (Encrypt/Decrypt a remote).
#### --crypt-show-mapping
For all files listed show how the names encrypt.
If this flag is set then for each file that the remote is asked to
list, it will log (at level INFO) a line stating the decrypted file
name and the encrypted file name.
This is so you can work out which encrypted names are which decrypted
names just in case you need to do something with the encrypted file
names, or for debugging purposes.
- Config: show_mapping
- Env Var: RCLONE_CRYPT_SHOW_MAPPING
- Type: bool
- Default: false
<!--- autogenerated options stop -->
## Backing up a crypted remote ##
If you wish to backup a crypted remote, it it recommended that you use
`rclone sync` on the encrypted files, and make sure the passwords are
the same in the new encrypted remote.
This will have the following advantages
* `rclone sync` will check the checksums while copying
* you can use `rclone check` between the encrypted remotes
* you don't decrypt and encrypt unnecessarily
For example, let's say you have your original remote at `remote:` with
the encrypted version at `eremote:` with path `remote:crypt`. You
would then set up the new remote `remote2:` and then the encrypted
version `eremote2:` with path `remote2:crypt` using the same passwords
as `eremote:`.
To sync the two remotes you would do
rclone sync remote:crypt remote2:crypt
And to check the integrity you would do
rclone check remote:crypt remote2:crypt
## File formats ##
### File encryption ###
Files are encrypted 1:1 source file to destination object. The file
has a header and is divided into chunks.
#### Header ####
* 8 bytes magic string `RCLONE\x00\x00`
* 24 bytes Nonce (IV)
The initial nonce is generated from the operating systems crypto
strong random number generator. The nonce is incremented for each
chunk read making sure each nonce is unique for each block written.
The chance of a nonce being re-used is minuscule. If you wrote an
exabyte of data (10¹⁸ bytes) you would have a probability of
approximately 2×10⁻³² of re-using a nonce.
#### Chunk ####
Each chunk will contain 64kB of data, except for the last one which
may have less data. The data chunk is in standard NACL secretbox
format. Secretbox uses XSalsa20 and Poly1305 to encrypt and
authenticate messages.
Each chunk contains:
* 16 Bytes of Poly1305 authenticator
* 1 - 65536 bytes XSalsa20 encrypted data
64k chunk size was chosen as the best performing chunk size (the
authenticator takes too much time below this and the performance drops
off due to cache effects above this). Note that these chunks are
buffered in memory so they can't be too big.
This uses a 32 byte (256 bit key) key derived from the user password.
#### Examples ####
1 byte file will encrypt to
* 32 bytes header
* 17 bytes data chunk
49 bytes total
1MB (1048576 bytes) file will encrypt to
* 32 bytes header
* 16 chunks of 65568 bytes
1049120 bytes total (a 0.05% overhead). This is the overhead for big
files.
### Name encryption ###
File names are encrypted segment by segment - the path is broken up
into `/` separated strings and these are encrypted individually.
File segments are padded using using PKCS#7 to a multiple of 16 bytes
before encryption.
They are then encrypted with EME using AES with 256 bit key. EME
(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003
paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
This makes for deterministic encryption which is what we want - the
same filename must encrypt to the same thing otherwise we can't find
it on the cloud storage system.
This means that
* filenames with the same name will encrypt the same
* filenames which start the same won't have a common prefix
This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of
which are derived from the user password.
After encryption they are written out using a modified version of
standard `base32` encoding as described in RFC4648. The standard
encoding is modified in two ways:
* it becomes lower case (no-one likes upper case filenames!)
* we strip the padding character `=`
`base32` is used rather than the more efficient `base64` so rclone can be
used on case insensitive remotes (eg Windows, Amazon Drive).
### Key derivation ###
Rclone uses `scrypt` with parameters `N=16384, r=8, p=1` with an
optional user supplied salt (password2) to derive the 32+32+16 = 80
bytes of key material required. If the user doesn't supply a salt
then rclone uses an internal one.
`scrypt` makes it impractical to mount a dictionary attack on rclone
encrypted data. For full protection against this you should always use
a salt.
Dropbox
---------------------------------
Paths are specified as `remote:path`
Dropbox paths may be as deep as required, eg
`remote:directory/subdirectory`.
The initial setup for dropbox involves getting a token from Dropbox
which you need to do in your browser. `rclone config` walks you
through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<olstart="14"type="a">
<li>New remote</li>
<li>Delete remote</li>
<li>Quit config e/n/d/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Dropbox “dropbox” [snip] Storage> dropbox Dropbox App Key - leave blank normally. app_key> Dropbox App Secret - leave blank normally. app_secret> Remote config Please visit: https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX ——————– [remote] app_key = app_secret = token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX ——————–</li>
<li>Yes this is OK</li>
<li>Edit this remote</li>
<li>Delete this remote y/e/d> y</li>
</ol>
<pre><code>
You can then use it like this,
List directories in top level of your dropbox
rclone lsd remote:
List all the files in your dropbox
rclone ls remote:
To copy a local directory to a dropbox directory called backup
rclone copy /home/source remote:backup
### Dropbox for business ###
Rclone supports Dropbox for business and Team Folders.
When using Dropbox for business `remote:` and `remote:path/to/file`
will refer to your personal folder.
If you wish to see Team Folders you must use a leading `/` in the
path, so `rclone lsd remote:/` will refer to the root and show you all
Team Folders and your User Folder.
You can then use team folders like this `remote:/TeamFolder` and
`remote:/TeamFolder/path/to/file`.
A leading `/` for a Dropbox personal account will do nothing, but it
will take an extra HTTP transaction so it should be avoided.
### Modified time and Hashes ###
Dropbox supports modified times, but the only way to set a
modification time is to re-upload the file.
This means that if you uploaded your data with an older version of
rclone which didn't support the v2 API and modified times, rclone will
decide to upload all your old data to fix the modification times. If
you don't want this to happen use `--size-only` or `--checksum` flag
to stop it.
Dropbox supports [its own hash
type](https://www.dropbox.com/developers/reference/content-hash) which
is checked for all transfers.
#### Restricted filename characters
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| NUL | 0x00 | ␀ |
| / | 0x2F | / |
| DEL | 0x7F | ␡ |
| \ | 0x5C | \ |
File names can also not end with the following characters.
These only get replaced if they are last character in the name:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/dropbox/dropbox.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to dropbox (Dropbox).
#### --dropbox-client-id
Dropbox App Client Id
Leave blank normally.
- Config: client_id
- Env Var: RCLONE_DROPBOX_CLIENT_ID
- Type: string
- Default: ""
#### --dropbox-client-secret
Dropbox App Client Secret
Leave blank normally.
- Config: client_secret
- Env Var: RCLONE_DROPBOX_CLIENT_SECRET
- Type: string
- Default: ""
### Advanced Options
Here are the advanced options specific to dropbox (Dropbox).
#### --dropbox-chunk-size
Upload chunk size. (< 150M).
Any files larger than this will be uploaded in chunks of this size.
Note that chunks are buffered in memory (one at a time) so rclone can
deal with retries. Setting this larger will increase the speed
slightly (at most 10% for 128MB in tests) at the cost of using more
memory. It can be set smaller if you are tight on memory.
- Config: chunk_size
- Env Var: RCLONE_DROPBOX_CHUNK_SIZE
- Type: SizeSuffix
- Default: 48M
#### --dropbox-impersonate
Impersonate this user when using a business account.
- Config: impersonate
- Env Var: RCLONE_DROPBOX_IMPERSONATE
- Type: string
- Default: ""
<!--- autogenerated options stop -->
### Limitations ###
Note that Dropbox is case insensitive so you can't have a file called
"Hello.doc" and one called "hello.doc".
There are some file names such as `thumbs.db` which Dropbox can't
store. There is a full list of them in the ["Ignored Files" section
of this document](https://www.dropbox.com/en/help/145). Rclone will
issue an error message `File name disallowed - not uploading` if it
attempts to upload one of those file names, but the sync won't fail.
If you have more than 10,000 files in a directory then `rclone purge
dropbox:dir` will return the error `Failed to purge: There are too
many files involved in this operation`. As a work-around do an
`rclone delete dropbox:dir` followed by an `rclone rmdir dropbox:dir`.
FTP
------------------------------
FTP is the File Transfer Protocol. FTP support is provided using the
Here is an example of making an FTP configuration. First run
rclone config
This will guide you through an interactive setup process. An FTP remote only
needs a host together with and a username and a password. With anonymous FTP
server, you will need to use `anonymous` as username and your email address as
the password.
</code></pre>
<p>No remotes found - make a new one n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q> n name> remote Type of storage to configure. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value [snip] XX / FTP Connection ”ftp" [snip] Storage> ftp ** See help for ftp backend at: https://rclone.org/ftp/ **</p>
<p>FTP host to connect to Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value 1 / Connect to ftp.example.com ”ftp.example.com" host> ftp.example.com FTP username, leave blank for current username, ncw Enter a string value. Press Enter for the default ("“). user> FTP port, leave blank to use default (21) Enter a string value. Press Enter for the default (”“). port> FTP password y) Yes type in my own password g) Generate random password y/g> y Enter the password: password: Confirm the password: password: Use FTP over TLS (Implicit) Enter a boolean value (true or false). Press Enter for the default (”false"). tls> Remote config ——————– [remote] type = ftp host = ftp.example.com pass = *** ENCRYPTED *** ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
This remote is called `remote` and can now be used like this
See all directories in the home directory
rclone lsd remote:
Make a new directory
rclone mkdir remote:path/to/directory
List the contents of a directory
rclone ls remote:path/to/directory
Sync `/home/local/directory` to the remote directory, deleting any
FTP does not support modified times. Any times you see on the server
will be time of upload.
### Checksums ###
FTP does not support any checksums.
#### Restricted filename characters
In addition to the [default restricted characters set](/overview/#restricted-characters)
the following characters are also replaced:
File names can also not end with the following characters.
These only get replaced if they are last character in the name:
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| SP | 0x20 | ␠ |
Note that not all FTP servers can have all characters in file names, for example:
| FTP Server| Forbidden characters |
| --------- |:--------------------:|
| proftpd | `*` |
| pureftpd | `\ [ ]` |
### Implicit TLS ###
FTP supports implicit FTP over TLS servers (FTPS). This has to be enabled
in the config for the remote. The default FTPS port is `990` so the
port will likely have to be explictly set in the config for the remote.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/ftp/ftp.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to ftp (FTP Connection).
#### --ftp-host
FTP host to connect to
- Config: host
- Env Var: RCLONE_FTP_HOST
- Type: string
- Default: ""
- Examples:
- "ftp.example.com"
- Connect to ftp.example.com
#### --ftp-user
FTP username, leave blank for current username, $USER
- Config: user
- Env Var: RCLONE_FTP_USER
- Type: string
- Default: ""
#### --ftp-port
FTP port, leave blank to use default (21)
- Config: port
- Env Var: RCLONE_FTP_PORT
- Type: string
- Default: ""
#### --ftp-pass
FTP password
- Config: pass
- Env Var: RCLONE_FTP_PASS
- Type: string
- Default: ""
#### --ftp-tls
Use FTP over TLS (Implicit)
- Config: tls
- Env Var: RCLONE_FTP_TLS
- Type: bool
- Default: false
### Advanced Options
Here are the advanced options specific to ftp (FTP Connection).
#### --ftp-concurrency
Maximum number of FTP simultaneous connections, 0 for unlimited
- Config: concurrency
- Env Var: RCLONE_FTP_CONCURRENCY
- Type: int
- Default: 0
#### --ftp-no-check-certificate
Do not verify the TLS certificate of the server
- Config: no_check_certificate
- Env Var: RCLONE_FTP_NO_CHECK_CERTIFICATE
- Type: bool
- Default: false
#### --ftp-disable-epsv
Disable using EPSV even if server advertises support
- Config: disable_epsv
- Env Var: RCLONE_FTP_DISABLE_EPSV
- Type: bool
- Default: false
<!--- autogenerated options stop -->
### Limitations ###
Note that since FTP isn't HTTP based the following flags don't work
with it: `--dump-headers`, `--dump-bodies`, `--dump-auth`
Note that `--timeout` isn't supported (but `--contimeout` is).
Note that `--bind` isn't supported.
FTP could support server side move but doesn't yet.
Note that the ftp backend does not support the `ftp_proxy` environment
variable yet.
Note that while implicit FTP over TLS is supported,
explicit FTP over TLS is not.
Google Cloud Storage
-------------------------------------------------
Paths are specified as `remote:bucket` (or `remote:` for the `lsd`
command.) You may put subdirectories in too, eg `remote:bucket/path/to/dir`.
The initial setup for google cloud storage involves getting a token from Google Cloud Storage
which you need to do in your browser. `rclone config` walks you
through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<olstart="14"type="a">
<li>New remote</li>
<li>Delete remote</li>
<li>Quit config e/n/d/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Google Cloud Storage (this is not Google Drive) “google cloud storage” [snip] Storage> google cloud storage Google Application Client Id - leave blank normally. client_id> Google Application Client Secret - leave blank normally. client_secret> Project number optional - needed only for list/create/delete buckets - see your developer console. project_number> 12345678 Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login. service_account_file> Access Control List for new objects. Choose a number from below, or type in your own value 1 / Object owner gets OWNER access, and all Authenticated Users get READER access. “authenticatedRead” 2 / Object owner gets OWNER access, and project team owners get OWNER access. “bucketOwnerFullControl” 3 / Object owner gets OWNER access, and project team owners get READER access. “bucketOwnerRead” 4 / Object owner gets OWNER access [default if left blank]. “private” 5 / Object owner gets OWNER access, and project team members get access according to their roles. “projectPrivate” 6 / Object owner gets OWNER access, and all Users get READER access. “publicRead” object_acl> 4 Access Control List for new buckets. Choose a number from below, or type in your own value 1 / Project team owners get OWNER access, and all Authenticated Users get READER access. “authenticatedRead” 2 / Project team owners get OWNER access [default if left blank]. “private” 3 / Project team members get access according to their roles. “projectPrivate” 4 / Project team owners get OWNER access, and all Users get READER access. “publicRead” 5 / Project team owners get OWNER access, and all Users get WRITER access. “publicReadWrite” bucket_acl> 2 Location for the newly created buckets. Choose a number from below, or type in your own value 1 / Empty for default location (US). "" 2 / Multi-regional location for Asia. “asia” 3 / Multi-regional location for Europe. “eu” 4 / Multi-regional location for United States. “us” 5 / Taiwan. “asia-east1” 6 / Tokyo. “asia-northeast1” 7 / Singapore. “asia-southeast1” 8 / Sydney. “australia-southeast1” 9 / Belgium. “europe-west1” 10 / London. “europe-west2” 11 / Iowa. “us-central1” 12 / South Carolina. “us-east1” 13 / Northern Virginia. “us-east4” 14 / Oregon. “us-west1” location> 12 The storage class to use when storing objects in Google Cloud Storage. Choose a number from below, or type in your own value 1 / Default "" 2 / Multi-regional storage class “MULTI_REGIONAL” 3 / Regional storage class “REGIONAL” 4 / Nearline storage class “NEARLINE” 5 / Coldline storage class “COLDLINE” 6 / Durable reduced availability storage class “DURABLE_REDUCED_AVAILABILITY” storage_class> 5 Remote config Use auto config?</li>
<li>No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code ——————– [remote] type = google cloud storage client_id = client_secret = token = {“AccessToken”:“xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,“RefreshToken”:“x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx”,“Expiry”:“2014-07-17T20:49:14.929208288+01:00”,“Extra”:null} project_number = 12345678 object_acl = private bucket_acl = private ——————–</li>
<li>Yes this is OK</li>
<li>Edit this remote</li>
<li>Delete this remote y/e/d> y</li>
</ol>
<pre><code>
Note that rclone runs a webserver on your local machine to collect the
token as returned from Google if you use auto config mode. This only
runs from the moment it opens your browser to the moment you get back
the verification code. This is on `http://127.0.0.1:53682/` and this
it may require you to unblock it temporarily if you are running a host
firewall, or use manual mode.
This remote is called `remote` and can now be used like this
See all the buckets in your project
rclone lsd remote:
Make a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync `/home/local/directory` to the remote bucket, deleting any excess
files in the bucket.
rclone sync /home/local/directory remote:bucket
### Service Account support ###
You can set up rclone with Google Cloud Storage in an unattended mode,
i.e. not tied to a specific end-user Google account. This is useful
when you want to synchronise files onto machines that don't have
actively logged-in users, for example build machines.
To get credentials for Google Cloud Platform
[IAM Service Accounts](https://cloud.google.com/iam/docs/service-accounts),
this is useful both when you already have configured authentication
for your developer account, or in production when running on a google
compute host. Note that if running in docker, you may need to run
additional commands on your google compute machine -
[see this page](https://cloud.google.com/container-registry/docs/advanced-authentication#gcloud_as_a_docker_credential_helper).
Note that in the case application default credentials are used, there
is no need to explicitly configure a project number.
### --fast-list ###
This remote supports `--fast-list` which allows you to use fewer
transactions in exchange for more memory. See the [rclone
docs](/docs/#fast-list) for more details.
### Modified time ###
Google google cloud storage stores md5sums natively and rclone stores
modification times as metadata on the object, under the "mtime" key in
RFC3339 format accurate to 1ns.
#### Restricted filename characters
| Character | Value | Replacement |
| --------- |:-----:|:-----------:|
| NUL | 0x00 | ␀ |
| LF | 0x0A | ␊ |
| CR | 0x0D | ␍ |
| / | 0x2F | / |
Invalid UTF-8 bytes will also be [replaced](/overview/#invalid-utf8),
as they can't be used in JSON strings.
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/googlecloudstorage/googlecloudstorage.go then run make backenddocs -->
### Standard Options
Here are the standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
#### --gcs-client-id
Google Application Client Id
Leave blank normally.
- Config: client_id
- Env Var: RCLONE_GCS_CLIENT_ID
- Type: string
- Default: ""
#### --gcs-client-secret
Google Application Client Secret
Leave blank normally.
- Config: client_secret
- Env Var: RCLONE_GCS_CLIENT_SECRET
- Type: string
- Default: ""
#### --gcs-project-number
Project number.
Optional - needed only for list/create/delete buckets - see your developer console.
- Config: project_number
- Env Var: RCLONE_GCS_PROJECT_NUMBER
- Type: string
- Default: ""
#### --gcs-service-account-file
Service Account Credentials JSON file path
Leave blank normally.
Needed only if you want use SA instead of interactive login.
- Config: service_account_file
- Env Var: RCLONE_GCS_SERVICE_ACCOUNT_FILE
- Type: string
- Default: ""
#### --gcs-service-account-credentials
Service Account Credentials JSON blob
Leave blank normally.
Needed only if you want use SA instead of interactive login.
- Config: service_account_credentials
- Env Var: RCLONE_GCS_SERVICE_ACCOUNT_CREDENTIALS
- Type: string
- Default: ""
#### --gcs-object-acl
Access Control List for new objects.
- Config: object_acl
- Env Var: RCLONE_GCS_OBJECT_ACL
- Type: string
- Default: ""
- Examples:
- "authenticatedRead"
- Object owner gets OWNER access, and all Authenticated Users get READER access.
- "bucketOwnerFullControl"
- Object owner gets OWNER access, and project team owners get OWNER access.
- "bucketOwnerRead"
- Object owner gets OWNER access, and project team owners get READER access.
- "private"
- Object owner gets OWNER access [default if left blank].
- "projectPrivate"
- Object owner gets OWNER access, and project team members get access according to their roles.
- "publicRead"
- Object owner gets OWNER access, and all Users get READER access.
#### --gcs-bucket-acl
Access Control List for new buckets.
- Config: bucket_acl
- Env Var: RCLONE_GCS_BUCKET_ACL
- Type: string
- Default: ""
- Examples:
- "authenticatedRead"
- Project team owners get OWNER access, and all Authenticated Users get READER access.
- "private"
- Project team owners get OWNER access [default if left blank].
- "projectPrivate"
- Project team members get access according to their roles.
- "publicRead"
- Project team owners get OWNER access, and all Users get READER access.
- "publicReadWrite"
- Project team owners get OWNER access, and all Users get WRITER access.
#### --gcs-bucket-policy-only
Access checks should use bucket-level IAM policies.
If you want to upload objects to a bucket with Bucket Policy Only set
The storage class to use when storing objects in Google Cloud Storage.
- Config: storage_class
- Env Var: RCLONE_GCS_STORAGE_CLASS
- Type: string
- Default: ""
- Examples:
- ""
- Default
- "MULTI_REGIONAL"
- Multi-regional storage class
- "REGIONAL"
- Regional storage class
- "NEARLINE"
- Nearline storage class
- "COLDLINE"
- Coldline storage class
- "DURABLE_REDUCED_AVAILABILITY"
- Durable reduced availability storage class
<!--- autogenerated options stop -->
Google Drive
-----------------------------------------
Paths are specified as `drive:path`
Drive paths may be as deep as required, eg `drive:directory/subdirectory`.
The initial setup for drive involves getting a token from Google drive
which you need to do in your browser. `rclone config` walks you
through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
</code></pre>
<p>No remotes found - make a new one n) New remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config n/r/c/s/q> n name> remote Type of storage to configure. Choose a number from below, or type in your own value [snip] XX / Google Drive “drive” [snip] Storage> drive Google Application Client Id - leave blank normally. client_id> Google Application Client Secret - leave blank normally. client_secret> Scope that rclone should use when requesting access from drive. Choose a number from below, or type in your own value 1 / Full access all files, excluding Application Data Folder. “drive” 2 / Read-only access to file metadata and file contents. “drive.readonly” / Access to files created by rclone only. 3 | These are visible in the drive website. | File authorization is revoked when the user deauthorizes the app. “drive.file” / Allows read and write access to the Application Data folder. 4 | This is not visible in the drive website. “drive.appfolder” / Allows read-only access to file metadata but 5 | does not allow any access to read or download file content. “drive.metadata.readonly” scope> 1 ID of the root folder - leave blank normally. Fill in to access “Computers” folders. (see docs). root_folder_id> Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login. service_account_file> Remote config Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine or Y didn’t work y) Yes n) No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code Configure this as a team drive? y) Yes n) No y/n> n ——————– [remote] client_id = client_secret = scope = drive root_folder_id = service_account_file = token = {“access_token”:“XXX”,“token_type”:“Bearer”,“refresh_token”:“XXX”,“expiry”:“2014-03-16T13:57:58.955387075Z”} ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
Note that rclone runs a webserver on your local machine to collect the
token as returned from Google if you use auto config mode. This only
runs from the moment it opens your browser to the moment you get back
the verification code. This is on `http://127.0.0.1:53682/` and this
it may require you to unblock it temporarily if you are running a host
firewall, or use manual mode.
You can then use it like this,
List directories in top level of your drive
rclone lsd remote:
List all the files in your drive
rclone ls remote:
To copy a local directory to a drive directory called backup
rclone copy /home/source remote:backup
### Scopes ###
Rclone allows you to select which scope you would like for rclone to
use. This changes what type of token is granted to rclone. [The
- You must have a project - create one if you don't.
- Then go to "IAM & admin" ->"Service Accounts".
- Use the "Create Credentials" button. Fill in "Service account name"
with something that identifies your client. "Role" can be empty.
- Tick "Furnish a new private key" - select "Key type JSON".
- Tick "Enable G Suite Domain-wide Delegation". This option makes
"impersonation" possible, as documented here:
[Delegating domain-wide authority to the service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority)
- These credentials are what rclone will use for authentication.
If you ever need to remove access, press the "Delete service
account key" button.
##### 2. Allowing API access to example.com Google Drive #####
- Go to example.com's admin console
- Go into "Security" (or use the search bar)
- Select "Show more" and then "Advanced settings"
- Select "Manage API client access" in the "Authentication" section
- In the "Client Name" field enter the service account's
"Client ID" - this can be found in the Developer Console under
"IAM & Admin" ->"Service Accounts", then "View Client ID" for
the newly created service account.
It is a ~21 character numerical string.
- In the next field, "One or More API Scopes", enter
`https://www.googleapis.com/auth/drive`
to grant access to Google Drive specifically.
##### 3. Configure rclone, assuming a new install #####
</code></pre>
<p>rclone config</p>
<p>n/s/q> n # New name>gdrive # Gdrive is an example name Storage> # Select the number shown for Google Drive client_id> # Can be left blank client_secret> # Can be left blank scope> # Select your scope, 1 for example root_folder_id> # Can be left blank service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes! y/n> # Auto config, y</p>
- `--drive-impersonate foo@example.com` - this is what does
the magic, pretending to be user foo.
- `lsf` - list files in a parsing friendly way
- `gdrive:backup` - use the remote called gdrive, work in
the folder named backup.
### Team drives ###
If you want to configure the remote to point to a Google Team Drive
then answer `y` to the question `Configure this as a team drive?`.
This will fetch the list of Team Drives from google and allow you to
configure which one you want to use. You can also type in a team
drive ID if you prefer.
For example:
</code></pre>
<p>Configure this as a team drive? y) Yes n) No y/n> y Fetching team drive list… Choose a number from below, or type in your own value 1 / Rclone Test “xxxxxxxxxxxxxxxxxxxx” 2 / Rclone Test 2 “yyyyyyyyyyyyyyyyyyyy” 3 / Rclone Test 3 “zzzzzzzzzzzzzzzzzzzz” Enter a Team Drive ID> 1 ——————– [remote] client_id = client_secret = token = {“AccessToken”:“xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”,“RefreshToken”:“1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx”,“Expiry”:“2014-03-16T13:57:58.955387075Z”,“Extra”:null} team_drive = xxxxxxxxxxxxxxxxxxxx ——————– y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y</p>
<pre><code>
### --fast-list ###
This remote supports `--fast-list` which allows you to use fewer
transactions in exchange for more memory. See the [rclone
docs](/docs/#fast-list) for more details.
It does this by combining multiple `list` calls into a single API request.
This works by combining many `'%s' in parents` filters into one expression.
To list the contents of directories a, b and c, the following requests will be send by the regular `List` function:</code></pre>
<p>trashed=false and ‘a’ in parents trashed=false and ‘b’ in parents trashed=false and ‘c’ in parents</p>
<pre><code>These can now be combined into a single request:</code></pre>
<p>trashed=false and (‘a’ in parents or ‘b’ in parents or ‘c’ in parents)</p>
<pre><code>
The implementation of `ListR` will put up to 50 `parents` filters into one request.
It will use the `--checkers` value to specify the number of requests to run in parallel.
In tests, these batch requests were up to 20x faster than the regular method.
Running the following command against different sized folders gives:</code></pre>
There is currently an unsolved issue with the google drive backend and
HTTP/2. HTTP/2 is therefore disabled by default for the drive backend
but can be re-enabled here. When the issue is solved this flag will
be removed.
See: https://github.com/rclone/rclone/issues/3631
- Config: disable_http2
- Env Var: RCLONE_DRIVE_DISABLE_HTTP2
- Type: bool
- Default: true
<!--- autogenerated options stop -->
### Limitations ###
Drive has quite a lot of rate limiting. This causes rclone to be
limited to transferring about 2 files per second only. Individual
files may be transferred much faster at 100s of MBytes/s but lots of
small files can take a long time.
Server side copies are also subject to a separate rate limit. If you
see User rate limit exceeded errors, wait at least 24 hours and retry.
You can disable server side copies with `--disable copy` to download
and upload the files if you prefer.
#### Limitations of Google Docs ####
Google docs will appear as size -1 in `rclone ls` and as size 0 in
anything which uses the VFS layer, eg `rclone mount`, `rclone serve`.
This is because rclone can't find out the size of the Google docs
without downloading them.
Google docs will transfer correctly with `rclone sync`, `rclone copy`
etc as rclone knows to ignore the size when doing the transfer.
However an unfortunate consequence of this is that you may not be able
to download Google docs using `rclone mount`. If it doesn't work you
will get a 0 sized file. If you try again the doc may gain its
correct size and be downloadable. Whther it will work on not depends
on the application accessing the mount and the OS you are running -
experiment to find out if it does work for you!
### Duplicated files ###
Sometimes, for no reason I've been able to track down, drive will
duplicate a file that rclone uploads. Drive unlike all the other
remotes can have duplicated files.
Duplicated files cause problems with the syncing and you will see
messages in the log about duplicates.
Use `rclone dedupe` to fix duplicated files.
Note that this isn't just a problem with rclone, even Google Photos on
Android duplicates files on drive sometimes.
### Rclone appears to be re-copying files it shouldn't ###
The most likely cause of this is the duplicated file issue above - run
`rclone dedupe` and check your logs for duplicate object or directory
messages.
This can also be caused by a delay/caching on google drive's end when
comparing directory listings. Specifically with team drives used in
combination with --fast-list. Files that were uploaded recently may
not appear on the directory list sent to rclone when using --fast-list.
Waiting a moderate period of time between attempts (estimated to be
approximately 1 hour) and/or not using --fast-list both seem to be
effective in preventing the problem.
### Making your own client_id ###
When you use rclone with Google drive in its default configuration you
are using rclone's client_id. This is shared between all the rclone
users. There is a global rate limit on the number of queries per
second that each client_id can do set by Google. rclone already has a
high quota and I will continue to make sure it is high enough by
contacting Google.
It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
Here is how to create your own Google Drive client ID for rclone:
1. Log into the [Google API
Console](https://console.developers.google.com/) with your Google
account. It doesn't matter what Google account you use. (It need not
be the same account as the Google Drive you want to access)
2. Select a project or create a new project.
3. Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the
"Google Drive API".
4. Click "Credentials" in the left-side panel (not "Create
credentials", which opens the wizard), then "Create credentials", then
"OAuth client ID". It will prompt you to set the OAuth consent screen
product name, if you haven't set one already.
5. Choose an application type of "other", and click "Create". (the
default name is fine)
6. It will show you a client ID and client secret. Use these values
in rclone config to add a new remote or edit an existing remote.
(Thanks to @balazer on github for these instructions.)
Google Photos
-------------------------------------------------
The rclone backend for [Google Photos](https://www.google.com/photos/about/) is
a specialized backend for transferring photos and videos to and from
Google Photos.
**NB** The Google Photos API which rclone uses has quite a few
limitations, so please read the [limitations section](#limitations)
carefully to make sure it is suitable for your use.
## Configuring Google Photos
The initial setup for google cloud storage involves getting a token from Google Photos
which you need to do in your browser. `rclone config` walks you
through it.
Here is an example of how to make a remote called `remote`. First run:
rclone config
This will guide you through an interactive setup process:
<p>No remotes found - make a new one n) New remote s) Set configuration password q) Quit config n/s/q> n name> remote Type of storage to configure. Enter a string value. Press Enter for the default ("“). Choose a number from below, or type in your own value [snip] XX / Google Photos ”google photos" [snip] Storage> google photos ** See help for google photos backend at: https://rclone.org/googlephotos/ **</p>
<p>Google Application Client Id Leave blank normally. Enter a string value. Press Enter for the default ("“). client_id> Google Application Client Secret Leave blank normally. Enter a string value. Press Enter for the default (”"). client_secret> Set to make the Google Photos backend read only.</p>
<p>If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access. Enter a boolean value (true or false). Press Enter for the default (“false”). read_only> Edit advanced config? (y/n) y) Yes n) No y/n> n Remote config Use auto config? * Say Y if not sure * Say N if you are working on a remote or headless machine y) Yes n) No y/n> y If your browser doesn’t open automatically go to the following link: http://127.0.0.1:53682/auth Log in and authorize rclone for access Waiting for code… Got code</p>
<p>*** IMPORTANT: All media items uploaded to Google Photos with rclone *** are stored in full resolution at original quality. These uploads *** will count towards storage in your Google Account.</p>
<thstyle="text-align: left;">[remote] type = google photos token = {“access_token”:“XXX”,“token_type”:“Bearer”,“refresh_token”:“XXX”,“expiry”:“2019-06-28T17:38:04.644930156+01:00”}</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<tdstyle="text-align: left;">y) Yes this is OK e) Edit this remote d) Delete this remote y/e/d> y ```</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;">Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">This remote is called <code>remote</code> and can now be used like this</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;">See all the albums in your photos</td>
<tdstyle="text-align: left;">As Google Photos is not a general purpose cloud storage system the backend is laid out to help you navigate it.</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;">The directories under <code>media</code> show different ways of categorizing the media. Each file will appear multiple times. So if you want to make a backup of your google photos you might choose to backup <code>remote:media/by-month</code>. (<strong>NB</strong><code>remote:media/by-day</code> is rather slow at the moment so avoid for syncing.)</td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">Note that all your photos and videos will appear somewhere under <code>media</code>, but they may not appear under <code>album</code> unless you’ve put them into albums.</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;"><code>/ - upload - file1.jpg - file2.jpg - ... - media - all - file1.jpg - file2.jpg - ... - by-year - 2000 - file1.jpg - ... - 2001 - file2.jpg - ... - ... - by-month - 2000 - 2000-01 - file1.jpg - ... - 2000-02 - file2.jpg - ... - ... - by-day - 2000 - 2000-01-01 - file1.jpg - ... - 2000-01-02 - file2.jpg - ... - ... - album - album name - album name/sub - shared-album - album name - album name/sub</code></td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">There are two writable parts of the tree, the <code>upload</code> directory and sub directories of the the <code>album</code> directory.</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;">The <code>upload</code> directory is for uploading files you don’t want to put into albums. This will be empty to start with and will contain the files you’ve uploaded for one rclone session only, becoming empty again when you restart rclone. The use case for this would be if you have a load of files you just want to once off dump into Google Photos. For repeated syncing, uploading to <code>album</code> will work better.</td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">Directories within the <code>album</code> directory are also writeable and you may create new directories (albums) under <code>album</code>. If you copy files with a directory hierarchy in there then rclone will create albums with the <code>/</code> character in them. For example if you do</td>
<tdstyle="text-align: left;">This means that you can use the <code>album</code> path pretty much like a normal filesystem and it is a good target for repeated syncing.</td>
<tdstyle="text-align: left;">The <code>shared-album</code> directory shows albums shared with you or by you. This is similar to the Sharing tab in the Google Photos web interface.</td>
<tdstyle="text-align: left;">Only images and videos can be uploaded. If you attempt to upload non videos or images or formats that Google Photos doesn’t understand, rclone will upload the file, then Google Photos will give an error when it is put turned into a media item.</td>
<tdstyle="text-align: left;">Note that all media items uploaded to Google Photos through the API are stored in full resolution at “original quality” and <strong>will</strong> count towards your storage quota in your Google Account. The API does <strong>not</strong> offer a way to upload in “high quality” mode..</td>
<tdstyle="text-align: left;">When Images are downloaded this strips EXIF location (according to the docs and my tests). This is a limitation of the Google Photos API and is covered by <ahref="https://issuetracker.google.com/issues/112096115">bug #112096115</a>.</td>
<tdstyle="text-align: left;"><strong>The current google API does not allow photos to be downloaded at original resolution. This is very important if you are, for example, relying on “Google Photos” as a backup of your photos. You will not be able to use rclone to redownload original images. You could use ‘google takeout’ to recover the original photos as a last resort</strong></td>
<tdstyle="text-align: left;">When videos are downloaded they are downloaded in a really compressed version of the video compared to downloading it via the Google Photos web interface. This is covered by <ahref="https://issuetracker.google.com/issues/113672044">bug #113672044</a>.</td>
<tdstyle="text-align: left;">If a file name is duplicated in a directory then rclone will add the file ID into its name. So two files called <code>file.jpg</code> would then appear as <code>file {123456}.jpg</code> and <code>file {ABCDEF}.jpg</code> (the actual IDs are a lot longer alas!).</td>
<tdstyle="text-align: left;">If you upload the same image (with the same binary data) twice then Google Photos will deduplicate it. However it will retain the filename from the first upload which may confuse rclone. For example if you uploaded an image to <code>upload</code> then uploaded the same image to <code>album/my_album</code> the filename of the image in <code>album/my_album</code> will be what it was uploaded with initially, not what you uploaded it with to <code>album</code>. In practise this shouldn’t cause too many problems.</td>
<tdstyle="text-align: left;">The date shown of media in Google Photos is the creation date as determined by the EXIF information, or the upload date if that is not known.</td>
<tdstyle="text-align: left;">This is not changeable by rclone and is not the modification date of the media on local disk. This means that rclone cannot use the dates from Google Photos for syncing purposes.</td>
<tdstyle="text-align: left;">The Google Photos API does not return the size of media. This means that when syncing to Google Photos, rclone can only do a file existence check.</td>
<tdstyle="text-align: left;">It is possible to read the size of the media, but this needs an extra HTTP HEAD request per media item so is <strong>very slow</strong> and uses up a lot of transactions. This can be enabled with the <code>--gphotos-read-size</code> option or the <code>read_size = true</code> config parameter.</td>
<tdstyle="text-align: left;">If you want to use the backend with <code>rclone mount</code> you may need to enable this flag (depending on your OS and application using the photos) otherwise you may not be able to read media off the mount. You’ll need to experiment to see if it works for you without the flag.</td>
<tdstyle="text-align: left;">Rclone can only upload files to albums it created. This is a <ahref="https://developers.google.com/photos/library/guides/manage-albums">limitation of the Google Photos API</a>.</td>
<tdstyle="text-align: left;">Rclone can remove files from albums it created, but note that the Google Photos API does not allow media to be deleted permanently so this media will still remain. See <ahref="https://issuetracker.google.com/issues/109759781">bug #109759781</a>.</td>
<tdstyle="text-align: left;">The Google Photos API does not support deleting albums - see <ahref="https://issuetracker.google.com/issues/135714733">bug #135714733</a>.</td>
<tdstyle="text-align: left;"><!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/googlephotos/googlephotos.go then run make backenddocs --> ### Standard Options</td>
</tr>
<trclass="even">
<tdstyle="text-align: left;">Here are the standard options specific to google photos (Google Photos).</td>
<tdstyle="text-align: left;">Set to make the Google Photos backend read only.</td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access.</td>
<tdstyle="text-align: left;">Set to read the size of media items.</td>
</tr>
<trclass="odd">
<tdstyle="text-align: left;">Normally rclone does not read the size of media items since this takes another transaction. This isn’t necessary for syncing. However rclone mount needs to know the size of files in advance of reading them, so setting this flag when using rclone mount is recommended if you want to read the media.</td>
<p>The HTTP remote is a read only remote for reading files of a webserver. The webserver should provide file listings which rclone will read and turn into a remote. This has been tested with common webservers such as Apache/Nginx/Caddy and will likely work with file listings from most web servers. (If it doesn’t then please file an issue, or send a pull request!)</p>
<p>Set this if the site doesn’t end directories with /</p>
<p>Use this if your target website does not use / on the end of directories.</p>
<p>A / on the end of a path is how rclone normally tells the difference between files and directories. If this flag is set, then rclone will treat all files with Content-Type: text/html as directories and read URLs from them rather than downloading them.</p>
<p>Note that this may cause rclone to confuse genuine HTML files with directories.</p>
<p>Don’t use HEAD requests to find file sizes in dir listing</p>
<p>If your site is being very slow to load then you can try this option. Normally rclone does a HEAD request for each potential file in a directory listing to:</p>
<ul>
<li>find its size</li>
<li>check it really exists</li>
<li>check to see if it is a directory</li>
</ul>
<p>If you set this option, rclone will not do the HEAD request. This will mean</p>
<ul>
<li>directory listings are much quicker</li>
<li>rclone won’t have the times or sizes of any files</li>
<li><p>some files that don’t exist may be in the listing</p></li>
<p>Paths are specified as <code>remote:container</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, eg <code>remote:container/path/to/dir</code>.</p>
<p>The initial setup for Hubic involves getting a token from Hubic which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Hubic. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
<p>If you want the directory to be visible in the official <em>Hubic browser</em>, you need to copy your files to the <code>default</code> directory</p>
<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <ahref="/docs/#fast-list">rclone docs</a> for more details.</p>
<p>The Swift API doesn’t return a correct MD5SUM for segmented files (Dynamic or Static Large Objects) so rclone won’t check or use the MD5SUM for these.</p>
Rclone has it's own Jottacloud API KEY which works fine as long as one only uses rclone on a single machine. When you want to use rclone with this account on more than one machine it's recommended to create a machine specific API key. These keys can NOT be shared between machines.
<h3id="devices-and-mountpoints">Devices and Mountpoints</h3>
<p>The official Jottacloud client registers a device for each computer you install it on and then creates a mountpoint for each folder you select for Backup. The web interface uses a special device called Jotta for the Archive, Sync and Shared mountpoints. In most cases you’ll want to use the Jotta/Archive device/mounpoint however if you want to access files uploaded by the official rclone provides the option to select other devices and mountpoints during config.</p>
<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <ahref="/docs/#fast-list">rclone docs</a> for more details.</p>
<p>Note that the implementation in Jottacloud always uses only a single API request to get the entire list, so for large folders this could lead to long wait time before the first results are shown.</p>
<p>Jottacloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
<p>Jottacloud supports MD5 type hashes, so you can use the <code>--checksum</code> flag.</p>
<p>Note that Jottacloud requires the MD5 hash before upload so if the source does not have an MD5 checksum then the file will be cached temporarily on disk (wherever the <code>TMPDIR</code> environment variable points to) before it is uploaded. Small files will be cached in memory - see the <code>--jottacloud-md5-memory-limit</code> flag.</p>
<p>By default rclone will send all files to the trash when deleting files. Due to a lack of API documentation emptying the trash is currently only possible via the Jottacloud website. If deleting permanently is required then use the <code>--jottacloud-hard-delete</code> flag, or set the equivalent environment variable.</p>
<p>Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it. Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.</p>
<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (unless it is unlimited) and the current usage.</p>
<p>Jottacloud requires each ‘device’ to be registered. Rclone brings such a registration to easily access your account but if you want to use Jottacloud together with rclone on multiple machines you NEED to create a seperate deviceID/deviceSecrect on each machine. You will asked during setting up the remote. Please be aware that this also means that copying the rclone config from one machine to another does NOT work with Jottacloud accounts. You have to create it on each machine.</p>
<p>Remove existing public link to file/folder with link command rather than creating. Default is false, meaning link command will create or retrieve public link.</p>
<p>Note that Jottacloud is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<p>There are quite a few characters that can’t be in Jottacloud file names. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a ? in it will be mapped to ? instead.</p>
<p>Jottacloud only supports filenames up to 255 characters in length.</p>
<h3id="troubleshooting">Troubleshooting</h3>
<p>Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove operations to previously deleted paths to fail. Emptying the trash should help in such cases.</p>
<p>Paths are specified as <code>remote:path</code></p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>The initial setup for Koofr involves creating an application password for rclone. You can do that by opening the Koofr <ahref="https://app.koofr.net/app/admin/preferences/password">web application</a>, giving the password a nice name like <code>rclone</code> and clicking on generate.</p>
<p>Here is an example of how to make a remote called <code>koofr</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> koofr
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
** See help for koofr backend at: https://rclone.org/koofr/ **
Your Koofr user name
Enter a string value. Press Enter for the default ("").
user> USER@NAME
Your Koofr password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password)
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[koofr]
type = koofr
baseurl = https://app.koofr.net
user = USER@NAME
password = *** ENCRYPTED ***
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y</code></pre>
<p>You can choose to edit advanced config in order to enter your own service URL if you use an on-premise or white label Koofr instance, or choose an alternative mount instead of your primary storage.</p>
<p>Once configured you can then use <code>rclone</code> like this,</p>
<p>List directories in top level of your Koofr</p>
<pre><code>rclone lsd koofr:</code></pre>
<p>List all the files in your Koofr</p>
<pre><code>rclone ls koofr:</code></pre>
<p>To copy a local directory to an Koofr directory called backup</p>
<p>Here are the advanced options specific to koofr (Koofr).</p>
<h4id="koofr-endpoint">–koofr-endpoint</h4>
<p>The Koofr API endpoint to use</p>
<ul>
<li>Config: endpoint</li>
<li>Env Var: RCLONE_KOOFR_ENDPOINT</li>
<li>Type: string</li>
<li>Default: “https://app.koofr.net”</li>
</ul>
<h4id="koofr-mountid">–koofr-mountid</h4>
<p>Mount ID of the mount to use. If omitted, the primary mount is used.</p>
<ul>
<li>Config: mountid</li>
<li>Env Var: RCLONE_KOOFR_MOUNTID</li>
<li>Type: string</li>
<li>Default: ""</li>
</ul>
<h4id="koofr-setmtime">–koofr-setmtime</h4>
<p>Does the backend support setting modification time. Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.</p>
<ul>
<li>Config: setmtime</li>
<li>Env Var: RCLONE_KOOFR_SETMTIME</li>
<li>Type: bool</li>
<li>Default: true</li>
</ul>
<!--- autogenerated options stop -->
<h3id="limitations-3">Limitations</h3>
<p>Note that Koofr is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<h2id="mail.ru-cloud">Mail.ru Cloud</h2>
<p><ahref="https://cloud.mail.ru/">Mail.ru Cloud</a> is a cloud storage provided by a Russian internet company <ahref="https://mail.ru">Mail.Ru Group</a>. The official desktop client is <ahref="https://disk-o.cloud/">Disk-O:</a>, available only on Windows. (Please note that official sites are in Russian)</p>
<li>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code></li>
<li>Files have a <code>last modified time</code> property, directories don’t</li>
<li>Deleted files are by default moved to the trash</li>
<li>Files and directories can be shared via public links</li>
<li>Partial uploads or streaming are not supported, file size must be known before upload</li>
<li>Maximum file size is limited to 2G for a free acount, unlimited for paid accounts</li>
<li>Storage keeps hash for all files and performs transparent deduplication, the hash algorithm is a modified SHA1</li>
<li>If a particular file is already present in storage, one can quickly submit file hash instead of long file upload (this optimization is supported by rclone)</li>
</ul>
<h3id="configuration">Configuration</h3>
<p>Here is an example of making a mailru configuration. First create a Mail.ru Cloud account and choose a tariff, then run</p>
<pre><code>rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Mail.ru Cloud
\ "mailru"
[snip]
Storage> mailru
User name (usually email)
Enter a string value. Press Enter for the default ("").
user> username@mail.ru
Password
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Skip full upload if there is another file with same data hash.
This feature is called "speedup" or "put by hash". It is especially efficient
in case of generally available files like popular books, video or audio clips
[snip]
Enter a boolean value (true or false). Press Enter for the default ("true").
Choose a number from below, or type in your own value
1 / Enable
\ "true"
2 / Disable
\ "false"
speedup_enable> 1
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[remote]
type = mailru
user = username@mail.ru
pass = *** ENCRYPTED ***
speedup_enable = true
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y</code></pre>
<p>Configuration of this backend does not require a local web browser. You can use the configured backend as shown below:</p>
<p>Files support a modification time attribute with up to 1 second precision. Directories do not have a modification time, which is shown as “Jan 1 1970”.</p>
<h3id="hash-checksums">Hash checksums</h3>
<p>Hash sums use a custom Mail.ru algorithm based on SHA1. If file size is less than or equal to the SHA1 block size (20 bytes), its hash is simply its data right-padded with zero bytes. Hash sum of a larger file is computed as a SHA1 sum of the file data bytes concatenated with a decimal representation of the data length.</p>
<h3id="emptying-trash">Emptying Trash</h3>
<p>Removing a file or directory actually moves it to the trash, which is not visible to rclone but can be seen in a web browser. The trashed file still occupies part of total quota. If you wish to empty your trash and free some quota, you can use the <code>rclone cleanup remote:</code> command, which will permanently delete all your trashed files. This command does not take any path arguments.</p>
<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (quota) and the current usage.</p>
<p>In addition to the <ahref="/overview/#restricted-characters">default restricted characters set</a> the following characters are also replaced:</p>
<table>
<thead>
<trclass="header">
<th>Character</th>
<thstyle="text-align: center;">Value</th>
<thstyle="text-align: center;">Replacement</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<td>"</td>
<tdstyle="text-align: center;">0x22</td>
<tdstyle="text-align: center;">"</td>
</tr>
<trclass="even">
<td>*</td>
<tdstyle="text-align: center;">0x2A</td>
<tdstyle="text-align: center;">*</td>
</tr>
<trclass="odd">
<td>:</td>
<tdstyle="text-align: center;">0x3A</td>
<tdstyle="text-align: center;">:</td>
</tr>
<trclass="even">
<td><</td>
<tdstyle="text-align: center;">0x3C</td>
<tdstyle="text-align: center;"><</td>
</tr>
<trclass="odd">
<td>></td>
<tdstyle="text-align: center;">0x3E</td>
<tdstyle="text-align: center;">></td>
</tr>
<trclass="even">
<td>?</td>
<tdstyle="text-align: center;">0x3F</td>
<tdstyle="text-align: center;">?</td>
</tr>
<trclass="odd">
<td>\</td>
<tdstyle="text-align: center;">0x5C</td>
<tdstyle="text-align: center;">\</td>
</tr>
<trclass="even">
<td>|</td>
<tdstyle="text-align: center;">0x7C</td>
<tdstyle="text-align: center;">|</td>
</tr>
</tbody>
</table>
<p>Invalid UTF-8 bytes will also be <ahref="/overview/#invalid-utf8">replaced</a>, as they can’t be used in JSON strings.</p>
<h3id="limitations-4">Limitations</h3>
<p>File size limits depend on your account. A single file size is limited by 2G for a free account and unlimited for paid tariffs. Please refer to the Mail.ru site for the total uploaded size limits.</p>
<p>Note that Mailru is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/mailru/mailru.go then run make backenddocs -->
<h3id="standard-options-3">Standard Options</h3>
<p>Here are the standard options specific to mailru (Mail.ru Cloud).</p>
<p>Skip full upload if there is another file with same data hash. This feature is called “speedup” or “put by hash”. It is especially efficient in case of generally available files like popular books, video or audio clips, because files are searched by hash in all accounts of all mailru users. Please note that rclone may need local memory and disk space to calculate content hash in advance and decide whether full upload is required. Also, if rclone does not know file size in advance (e.g. in case of streaming or partial uploads), it will not even try this optimization.</p>
<ul>
<li>Config: speedup_enable</li>
<li>Env Var: RCLONE_MAILRU_SPEEDUP_ENABLE</li>
<li>Type: bool</li>
<li>Default: true</li>
<li>Examples:
<ul>
<li>“true”
<ul>
<li>Enable</li>
</ul></li>
<li>“false”
<ul>
<li>Disable</li>
</ul></li>
</ul></li>
</ul>
<h3id="advanced-options-4">Advanced Options</h3>
<p>Here are the advanced options specific to mailru (Mail.ru Cloud).</p>
<p>Comma separated list of file name patterns eligible for speedup (put by hash). Patterns are case insensitive and can contain ’*’ or ‘?’ meta characters.</p>
<p>Comma separated list of internal maintenance flags. This option must not be used by an ordinary user. It is intended only to facilitate remote troubleshooting of backend issues. Strict meaning of flags is not documented and not guaranteed to persist between releases. Quirks will be removed when the backend grows stable. Supported quirks: atomicmkdir binlist gzip insecure retry400</p>
<p><ahref="https://mega.nz/">Mega</a> is a cloud storage and file hosting service known for its security feature where all files are encrypted locally before they are uploaded. This prevents anyone (including employees of Mega) from accessing the files without knowledge of the key used for encryption.</p>
<p>This is an rclone backend for Mega which supports the file transfer features of Mega using the same client side encryption.</p>
<p>Paths are specified as <code>remote:path</code></p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
<p><strong>NOTE:</strong> The encryption keys need to have been already generated after a regular login via the browser, otherwise attempting to use the credentials in <code>rclone</code> will fail.</p>
<p>Mega remotes seem to get blocked (reject logins) under “heavy use”. We haven’t worked out the exact blocking rules but it seems to be related to fast paced, sucessive rclone commands.</p>
<p>For example, executing this command 90 times in a row <code>rclone link remote:file</code> will cause the remote to become “blocked”. This is not an abnormal situation, for example if you wish to get the public links of a directory with hundred of files… After more or less a week, the remote will remote accept rclone logins normally again.</p>
<p>You can mitigate this issue by mounting the remote it with <code>rclone mount</code>. This will log-in when mounting and a log-out when unmounting only. You can also run <code>rclone rcd</code> and then use <code>rclone rc</code> to run the commands over the API to avoid logging in each time.</p>
<p>Rclone does not currently close mega sessions (you can see them in the web interface), however closing the sessions does not solve the issue.</p>
<p>If you space rclone commands by 3 seconds it will avoid blocking the remote. We haven’t identified the exact blocking rules, so perhaps one could execute the command 80 times without waiting and avoid blocking by waiting 3 seconds, then continuing…</p>
<p>Note that this has been observed by trial and error and might not be set in stone.</p>
<p>Other tools seem not to produce this blocking effect, as they use a different working approach (state-based, using sessionIDs instead of log-in) which isn’t compatible with the current stateless rclone approach.</p>
<p>Note that once blocked, the use of other tools (such as megacmd) is not a sure workaround: following megacmd login times have been observed in sucession for blocked remote: 7 minutes, 20 min, 30min, 30 min, 30min. Web access looks unaffected though.</p>
<p>Investigation is continuing in relation to workarounds based on timeouts, pacers, retrials and tpslimits - if you discover something relevant, please post on the forum.</p>
<p>So, if rclone was working nicely and suddenly you are unable to log-in and you are sure the user and the password are correct, likely you have got the remote blocked for a while.</p>
<p>Delete files permanently rather than putting them into the trash.</p>
<p>Normally the mega backend will put all deletions into the trash rather than permanently deleting them. If you specify this then rclone will permanently delete objects instead.</p>
<p>This backend uses the <ahref="https://github.com/t3rm1n4l/go-mega">go-mega go library</a> which is an opensource go library implementing the Mega API. There doesn’t appear to be any documentation for the mega protocol beyond the <ahref="https://github.com/meganz/sdk">mega C++ SDK</a> source code so there are likely quite a few errors still remaining in this library.</p>
<p>Paths are specified as <code>remote:container</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, eg <code>remote:container/path/to/dir</code>.</p>
<p>Here is an example of making a Microsoft Azure Blob Storage configuration. For a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <ahref="/docs/#fast-list">rclone docs</a> for more details.</p>
<p>The modified time is stored as metadata on the object with the <code>mtime</code> key. It is stored using RFC3339 Format time with nanosecond precision. The metadata is supplied during directory listings so there is no overhead to using it.</p>
<p>MD5 hashes are stored with blobs. However blobs that were uploaded in chunks only have an MD5 if the source remote was capable of MD5 hashes, eg the local disk.</p>
<h3id="authenticating-with-azure-blob-storage">Authenticating with Azure Blob Storage</h3>
<p>Rclone has 3 ways of authenticating with Azure Blob Storage:</p>
<h4id="account-and-key">Account and Key</h4>
<p>This is the most straight forward and least flexible way. Just fill in the <code>account</code> and <code>key</code> lines and leave the rest blank.</p>
<h4id="sas-url">SAS URL</h4>
<p>This can be an account level SAS URL or container level SAS URL</p>
<p>To use it leave <code>account</code>, <code>key</code> blank and fill in <code>sas_url</code>.</p>
<p>Account level SAS URL or container level SAS URL can be obtained from Azure portal or Azure Storage Explorer. To get a container level SAS URL right click on a container in the Azure Blob explorer in the Azure portal.</p>
<p>If You use container level SAS URL, rclone operations are permitted only on particular container, eg</p>
<pre><code>rclone ls azureblob:container or rclone ls azureblob:</code></pre>
<p>Since container name already exists in SAS URL, you can leave it empty as well.</p>
<p>However these will not work</p>
<pre><code>rclone lsd azureblob:
rclone ls azureblob:othercontainer</code></pre>
<p>This would be useful for temporarily allowing third parties access to a single container or putting credentials into an untrusted environment.</p>
<p>Rclone supports multipart uploads with Azure Blob storage. Files bigger than 256MB will be uploaded using chunked upload by default.</p>
<p>The files will be uploaded in parallel in 4MB chunks (by default). Note that these chunks are buffered in memory and there may be up to <code>--transfers</code> of them being uploaded at once.</p>
<p>Files can’t be split into more than 50,000 chunks so by default, so the largest file that can be uploaded with 4MB chunk size is 195GB. Above this rclone will double the chunk size until it creates less than 50,000 chunks. By default this will mean a maximum file size of 3.2TB can be uploaded. This can be raised to 5TB using <code>--azureblob-chunk-size 100M</code>.</p>
<p>Note that rclone doesn’t commit the block list until the end of the upload which means that there is a limit of 9.5TB of multipart uploads in progress as Azure won’t allow more than that amount of uncommitted blocks.</p>
<p>This sets the number of blobs requested in each listing chunk. Default is the maximum, 5000. “List blobs” requests are permitted 2 minutes per megabyte to complete. If an operation is taking longer than 2 minutes per megabyte on average, it will time out ( <ahref="https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-blob-service-operations#exceptions-to-default-timeout-interval">source</a> ). This can be used to limit the number of blobs items to return, to avoid the time out.</p>
<p>Archived blobs can be restored by setting access tier to hot or cool. Leave blank if you intend to use default access tier, which is set at account level</p>
<p>If there is no “access tier” specified, rclone doesn’t apply any tier. rclone performs “Set Tier” operation on blobs while uploading, if objects are not modified, specifying “access tier” to new one will have no effect. If blobs are in “archive tier” at remote, trying to perform data transfer operations from remote will not be allowed. User should first restore by tiering blob to “Hot” or “Cool”.</p>
<p>You can test rlcone with storage emulator locally, to do this make sure azure storage emulator installed locally and set up a new remote with <code>rclone config</code> follow instructions described in introduction, set <code>use_emulator</code> config as <code>true</code>, you do not need to provide default account name or key if using emulator.</p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>The initial setup for OneDrive involves getting a token from Microsoft which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Microsoft. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
<h3id="getting-your-own-client-id-and-key">Getting your own Client ID and Key</h3>
<p>rclone uses a pair of Client ID and Key shared by all rclone users when performing requests by default. If you are having problems with them (E.g., seeing a lot of throttling), you can get your own Client ID and Key by following the steps below:</p>
<li>Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade, then click <code>New registration</code>.</li>
<li>Enter a name for your app, choose your account type, select <code>Web</code> in <code>Redirect URI</code> Enter <code>http://localhost:53682/</code> and click Register. Copy and keep the <code>Application (client) ID</code> under the app name for later use.</li>
<li>Under <code>manage</code> select <code>Certificates & secrets</code>, click <code>New client secret</code>. Copy and keep that secret for later use.</li>
<li>Under <code>manage</code> select <code>API permissions</code>, click <code>Add a permission</code> and select <code>Microsoft Graph</code> then select <code>delegated permissions</code>.</li>
<li>Search and select the follwing permssions: <code>Files.Read</code>, <code>Files.ReadWrite</code>, <code>Files.Read.All</code>, <code>Files.ReadWrite.All</code>, <code>offline_access</code>, <code>User.Read</code>. Once selected click <code>Add permissions</code> at the bottom.</li>
<p>Now the application is complete. Run <code>rclone config</code> to create or edit a OneDrive remote. Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.</p>
<p>OneDrive personal supports SHA1 type hashes. OneDrive for business and Sharepoint Server support <ahref="https://docs.microsoft.com/en-us/onedrive/developer/code-snippets/quickxorhash">QuickXorHash</a>.</p>
<p>For all types of OneDrive you can use the <code>--checksum</code> flag.</p>
<p>Any files you delete with rclone will end up in the trash. Microsoft doesn’t provide an API to permanently delete files, nor to empty the trash, so you will have to do that with one of Microsoft’s apps or via the OneDrive website.</p>
<p>By default rclone will hide OneNote files in directory listings because operations like “Open” and “Update” won’t work on them. But this behaviour may also prevent you from deleting them. If you want to delete OneNote files or otherwise want them to show up in directory listing, set this option.</p>
<p>Note that OneDrive is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<p>There are quite a few characters that can’t be in OneDrive file names. These can’t occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a <code>?</code> in it will be mapped to <code>?</code> instead.</p>
<p>The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.</p>
<p>OneDrive seems to be OK with at least 50,000 files in a folder, but at 100,000 rclone will get errors listing the directory like <code>couldn’t list files: UnknownError:</code>. See <ahref="https://github.com/rclone/rclone/issues/2707">#2707</a> for more info.</p>
<p>An official document about the limitations for different types of OneDrive can be found <ahref="https://support.office.com/en-us/article/invalid-file-names-and-file-types-in-onedrive-onedrive-for-business-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa">here</a>.</p>
<p>Every change in OneDrive causes the service to create a new version. This counts against a users quota. For example changing the modification time of a file creates a second version, so the file is using twice the space.</p>
<p>The <code>copy</code> is the only rclone command affected by this as we copy the file and then afterwards set the modification time to match the source file.</p>
<p><strong>Note</strong>: Starting October 2018, users will no longer be able to disable versioning by default. This is because Microsoft has brought an <ahref="https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390">update</a> to the mechanism. To change this new default setting, a PowerShell command is required to be run by a SharePoint admin. If you are an admin, you can run these commands in PowerShell to change that setting:</p>
<li><code>Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM</code> (replacing <code>YOURSITE</code>, <code>YOU</code>, <code>YOURSITE.COM</code> with the actual values; this will prompt for your credentials)</li>
<p><em>Below are the steps for normal users to disable versioning. If you don’t see the “No Versioning” option, make sure the above requirements are met.</em></p>
<li>Under Document Version History select the option No versioning. Note: This will disable the creation of new file versions, but will not remove any previous versions. Your documents are safe.</li>
<h4id="unexpected-file-sizehash-differences-on-sharepoint">Unexpected file size/hash differences on Sharepoint</h4>
<p>It is a <ahref="https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631">known</a> issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and hash checks to fail. To use rclone with such affected files on Sharepoint, you may disable these checks with the following command line arguments:</p>
<h4id="replacingdeleting-existing-files-on-sharepoint-gets-item-not-found">Replacing/deleting existing files on Sharepoint gets “item not found”</h4>
<p>It is a <ahref="https://github.com/OneDrive/onedrive-api-docs/issues/1068">known</a> issue that Sharepoint (not OneDrive or OneDrive for Business) may return “item not found” errors when users try to replace or delete uploaded files; this seems to mainly affect Office files (.docx, .xlsx, etc.). As a workaround, you may use the <code>--backup-dir <BACKUP_DIR></code> command line argument so rclone moves the files to be replaced/deleted into a given backup directory (instead of directly replacing/deleting them). For example, to instruct rclone to move the files into the directory <code>rclone-backup-dir</code> on backend <code>mysharepoint</code>, you may use:</p>
Description: Using application 'rclone' is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.</code></pre>
<p>This means that rclone can’t use the OneDrive for Business API with your account. You can’t do much about it, maybe write an email to your admins.</p>
Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '...'.</code></pre>
<p>If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run <code>rclone config</code>, and choose to edit your OneDrive backend. Then, you don’t need to actually make any changes until you reach this question: <code>Already have a token - refresh?</code>. For this question, answer <code>y</code> and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.</p>
<p>OpenDrive allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.</p>
<p>File names can also not begin or end with the following characters. These only get replaced if they are the first or last character in the name:</p>
<table>
<thead>
<trclass="header">
<th>Character</th>
<thstyle="text-align: center;">Value</th>
<thstyle="text-align: center;">Replacement</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<td>SP</td>
<tdstyle="text-align: center;">0x20</td>
<tdstyle="text-align: center;">␠</td>
</tr>
<trclass="even">
<td>HT</td>
<tdstyle="text-align: center;">0x09</td>
<tdstyle="text-align: center;">␉</td>
</tr>
<trclass="odd">
<td>LF</td>
<tdstyle="text-align: center;">0x0A</td>
<tdstyle="text-align: center;">␊</td>
</tr>
<trclass="even">
<td>VT</td>
<tdstyle="text-align: center;">0x0B</td>
<tdstyle="text-align: center;">␋</td>
</tr>
<trclass="odd">
<td>CR</td>
<tdstyle="text-align: center;">0x0D</td>
<tdstyle="text-align: center;">␍</td>
</tr>
</tbody>
</table>
<p>Invalid UTF-8 bytes will also be <ahref="/overview/#invalid-utf8">replaced</a>, as they can’t be used in JSON strings.</p>
<p>Note that OpenDrive is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<p>There are quite a few characters that can’t be in OpenDrive file names. These can’t occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a <code>?</code> in it will be mapped to <code>?</code> instead.</p>
<p>Paths are specified as <code>remote:bucket</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, eg <code>remote:bucket/path/to/dir</code>.</p>
<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <ahref="/docs/#fast-list">rclone docs</a> for more details.</p>
<p>rclone supports multipart uploads with QingStor which means that it can upload files bigger than 5GB. Note that files uploaded with multipart upload don’t have an MD5SUM.</p>
<p>With QingStor you can list buckets (<code>rclone lsd</code>) using any zone, but you can only access the content of a bucket from the zone it was created in. If you attempt to access a bucket from the wrong zone, you will get an error, <code>incorrect zone, the bucket is not in 'XXX' zone</code>.</p>
<p>The control characters 0x00-0x1F and / are replaced as in the <ahref="/overview/#restricted-characters">default restricted characters set</a>. Note that 0x7F is not replaced.</p>
<p>Invalid UTF-8 bytes will also be <ahref="/overview/#invalid-utf8">replaced</a>, as they can’t be used in JSON strings.</p>
<p>This is the number of chunks of the same file that are uploaded concurrently.</p>
<p>NB if you set this to > 1 then the checksums of multpart uploads become corrupted (the uploads themselves are not corrupted though).</p>
<p>If you are uploading small numbers of large file over high speed link and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.</p>
<p>Paths are specified as <code>remote:container</code> (or <code>remote:</code> for the <code>lsd</code> command.) You may put subdirectories in too, eg <code>remote:container/path/to/dir</code>.</p>
<p>Here is an example of making a swift configuration. First run</p>
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="SBG1"
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi</code></pre>
<p>The config file needs to look something like this where <code>$OS_USERNAME</code> represents the value of the <code>OS_USERNAME</code> variable - <code>123abc567xy</code> in the example above.</p>
<pre><code>[remote]
type = swift
user = $OS_USERNAME
key = $OS_PASSWORD
auth = $OS_AUTH_URL
tenant = $OS_TENANT_NAME</code></pre>
<p>Note that you may (or may not) need to set <code>region</code> too - try without first.</p>
<h3id="configuration-from-the-environment">Configuration from the environment</h3>
<p>If you prefer you can configure rclone to use swift using a standard set of OpenStack environment variables.</p>
<p>When you run through the config, make sure you choose <code>true</code> for <code>env_auth</code> and leave everything else blank.</p>
<p>rclone will then set any empty config parameters from the environment using standard OpenStack environment variables. There is <ahref="https://godoc.org/github.com/ncw/swift#Connection.ApplyEnvironment">a list of the variables</a> in the docs for the swift library.</p>
<h3id="using-an-alternate-authentication-method">Using an alternate authentication method</h3>
<p>If your OpenStack installation uses a non-standard authentication method that might not be yet supported by rclone or the underlying swift library, you can authenticate externally (e.g. calling manually the <code>openstack</code> commands to get a token). Then, you just need to pass the two configuration variables <code>auth_token</code> and <code>storage_url</code>. If they are both provided, the other variables are ignored. rclone will not try to authenticate but instead assume it is already authenticated and use these two variables to access the OpenStack installation.</p>
<p>This remote supports <code>--fast-list</code> which allows you to use fewer transactions in exchange for more memory. See the <ahref="/docs/#fast-list">rclone docs</a> for more details.</p>
<p>As noted below, the modified time is stored on metadata on the object. It is used by default for all operations that require checking the time a file was last updated. It allows rclone to treat the remote more like a true filesystem, but it is inefficient because it requires an extra API call to retrieve the metadata.</p>
<p>For many operations, the time the object was last uploaded to the remote is sufficient to determine if it is “dirty”. By using <code>--update</code> along with <code>--use-server-modtime</code>, you can avoid the extra API call and simply upload files whose local modtime is newer than the time it was last uploaded.</p>
<p>The storage policy to use when creating a new container</p>
<p>This applies the specified storage policy when creating a new container. The policy cannot be changed afterwards. The allowed configuration values and their meaning depend on your Swift storage provider.</p>
<p>The Swift API doesn’t return a correct MD5SUM for segmented files (Dynamic or Static Large Objects) so rclone won’t check or use the MD5SUM for these.</p>
<h4id="rclone-gives-failed-to-create-file-system-for-remote-bad-request">Rclone gives Failed to create file system for “remote:”: Bad Request</h4>
<p>Due to an oddity of the underlying swift library, it gives a “Bad Request” error rather than a more sensible error when the authentication fails for Swift.</p>
<p>Paths are specified as <code>remote:path</code></p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>The initial setup for pCloud involves getting a token from pCloud which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
<p>See the <ahref="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from pCloud. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
<p>Once configured you can then use <code>rclone</code> like this,</p>
<p>List directories in top level of your pCloud</p>
<pre><code>rclone lsd remote:</code></pre>
<p>List all the files in your pCloud</p>
<pre><code>rclone ls remote:</code></pre>
<p>To copy a local directory to an pCloud directory called backup</p>
<p>pCloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not. In order to set a Modification time pCloud requires the object be re-uploaded.</p>
<p>pCloud supports MD5 and SHA1 type hashes, so you can use the <code>--checksum</code> flag.</p>
<p>Deleted files will be moved to the trash. Your subscription level will determine how long items stay in the trash. <code>rclone cleanup</code> can be used to empty the trash.</p>
<!--- autogenerated options start - DO NOT EDIT, instead edit fs.RegInfo in backend/pcloud/pcloud.go then run make backenddocs -->
<p>Paths are specified as <code>remote:path</code></p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>The initial setup for <ahref="https://premiumize.me/">premiumize.me</a> involves getting a token from premiumize.me which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / premiumize.me
\ "premiumizeme"
[snip]
Storage> premiumizeme
** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
<p>See the <ahref="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from premiumize.me. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
<p>Once configured you can then use <code>rclone</code> like this,</p>
<p>List directories in top level of your premiumize.me</p>
<pre><code>rclone lsd remote:</code></pre>
<p>List all the files in your premiumize.me</p>
<pre><code>rclone ls remote:</code></pre>
<p>To copy a local directory to an premiumize.me directory called backup</p>
<p>premiumize.me does not support modification times or hashes, therefore syncing will default to <code>--size-only</code> checking. Note that using <code>--update</code> will work.</p>
<p>Note that premiumize.me is case insensitive so you can’t have a file called “Hello.doc” and one called “hello.doc”.</p>
<p>premiumize.me file names can’t have the <code>\</code> or <code>"</code> characters in. rclone maps these to and from an identical looking unicode equivalents <code>\</code> and <code>"</code></p>
<p>premiumize.me only supports filenames up to 255 characters in length.</p>
<h2id="put.io">put.io</h2>
<p>Paths are specified as <code>remote:path</code></p>
<p>put.io paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>The initial setup for put.io involves getting a token from put.io which you need to do in your browser. <code>rclone config</code> walks you through it.</p>
<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> putio
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Put.io
\ "putio"
[snip]
Storage> putio
** See help for putio backend at: https://rclone.org/putio/ **
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.</p>
<p>You can then use it like this,</p>
<p>List directories in top level of your put.io</p>
<p>Paths are specified as <code>remote:path</code>. If the path does not begin with a <code>/</code> it is relative to the home directory of the user. An empty path <code>remote:</code> refers to the user’s home directory.</p>
<p>"Note that some SFTP servers will need the leading / - Synology is a good example of this. rsync.net, on the other hand, requires users to OMIT the leading /.</p>
<p>Key files should be PEM-encoded private key files. For instance <code>/home/$USER/.ssh/id_rsa</code>. Only unencrypted OpenSSH or PEM encrypted files are supported.</p>
<p>You can also specify <code>key_use_agent</code> to force the usage of an ssh-agent. In this case <code>key_file</code> can also be specified to force the usage of a specific key in the ssh-agent.</p>
<p>Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.</p>
<h3id="ssh-agent-on-macos">ssh-agent on macOS</h3>
<p>Note that there seem to be various problems with using an ssh-agent on macOS due to recent changes in the OS. The most effective work-around seems to be to start an ssh-agent in each session, eg</p>
<p>Some SFTP servers disable setting/modifying the file modification time after upload (for example, certain configurations of ProFTPd with mod_sftp). If you are using one of these servers, you can set the option <code>set_modtime = false</code> in your RClone backend configuration to disable this behaviour.</p>
<p>When key-file is also set, the “.pub” file of the specified key-file is read and only the associated key is requested from the ssh-agent. This allows to avoid <code>Too many authentication failures for *username*</code> errors when the ssh-agent contains many keys.</p>
<p>Disable the execution of SSH commands to determine if remote file hashing is available. Leave blank or set to false to enable hashing (recommended), set to true to disable hashing.</p>
<p>SFTP supports checksums if the same login has shell access and <code>md5sum</code> or <code>sha1sum</code> as well as <code>echo</code> are in the remote’s PATH. This remote checksumming (file hashing) is recommended and enabled by default. Disabling the checksumming may be required if you are connecting to SFTP servers which are not under your control, and to which the execution of remote commands is prohibited. Set the configuration option <code>disable_hashcheck</code> to <code>true</code> to disable checksumming.</p>
<p>SFTP also supports <code>about</code> if the same login has shell access and <code>df</code> are in the remote’s PATH. <code>about</code> will return the total space, free space, and used space on the remote for the disk of the specified path on the remote or, if not set, the disk of the root on the remote. <code>about</code> will fail if it does not have shell access or if <code>df</code> is not in the remote’s PATH.</p>
<p>Note that some SFTP servers (eg Synology) the paths are different for SSH and SFTP so the hashes can’t be calculated properly. For them using <code>disable_hashcheck</code> is a good idea.</p>
<p>The only ssh agent supported under Windows is Putty’s pageant.</p>
<p>The Go SSH library disables the use of the aes128-cbc cipher by default, due to security concerns. This can be re-enabled on a per-connection basis by setting the <code>use_insecure_cipher</code> setting in the configuration file to <code>true</code>. Further details on the insecurity of this cipher can be found [in this paper] (http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf).</p>
<p>SFTP isn’t supported under plan9 until <ahref="https://github.com/pkg/sftp/issues/156">this issue</a> is fixed.</p>
<p>Note that since SFTP isn’t HTTP based the following flags don’t work with it: <code>--dump-headers</code>, <code>--dump-bodies</code>, <code>--dump-auth</code></p>
<p>Note that <code>--timeout</code> isn’t supported (but <code>--contimeout</code> is).</p>
<p>The <code>union</code> remote provides a unification similar to UnionFS using other remotes.</p>
<p>Paths may be as deep as required or a local path, eg <code>remote:directory/subdirectory</code> or <code>/directory/subdirectory</code>.</p>
<p>During the initial setup with <code>rclone config</code> you will specify the target remotes as a space separated list. The target remotes can either be a local paths or other remotes.</p>
<p>The order of the remotes is important as it defines which remotes take precedence over others if there are files with the same name in the same logical path. The last remote is the topmost remote and replaces files with the same name from previous remotes.</p>
<p>Only the last remote is used to write to and delete from, all other remotes are read-only.</p>
<p>Subfolders can be used in target remote. Assume a union remote named <code>backup</code> with the remotes <code>mydrive:private/backup mydrive2:/backup</code>. Invoking <code>rclone mkdir backup:desktop</code> is exactly the same as invoking <code>rclone mkdir mydrive2:/backup/desktop</code>.</p>
<p>There will be no special handling of paths containing <code>..</code> segments. Invoking <code>rclone mkdir backup:../desktop</code> is exactly the same as invoking <code>rclone mkdir mydrive2:/backup/../desktop</code>.</p>
<p>Here is an example of how to make a union called <code>remote</code> for local folders. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
<p>List of space separated remotes. Can be ‘remotea:test/dir remoteb:’, ‘“remotea:test/space dir” remoteb:’, etc. The last remote is used to write to.</p>
<p>Paths are specified as <code>remote:path</code></p>
<p>Paths may be as deep as required, eg <code>remote:directory/subdirectory</code>.</p>
<p>To configure the WebDAV remote you will need to have a URL for it, and a username and password. If you know what kind of system you are connecting to then rclone can enable extra features.</p>
<p>Here is an example of how to make a remote called <code>remote</code>. First run:</p>
<pre><code> rclone config</code></pre>
<p>This will guide you through an interactive setup process:</p>
<pre><code>No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
<p>Likewise plain WebDAV does not support hashes, however when used with Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes. Depending on the exact version of Owncloud or Nextcloud hashes may appear on all objects, or only on objects which had a hash uploaded with them.</p>
<p>Click on the settings cog in the bottom right of the page and this will show the WebDAV URL that rclone needs in the config step. It will look something like <code>https://example.com/remote.php/webdav/</code>.</p>
<p>Owncloud supports modified times using the <code>X-OC-Mtime</code> header.</p>
<h3id="nextcloud">Nextcloud</h3>
<p>This is configured in an identical way to Owncloud. Note that Nextcloud does not support streaming of files (<code>rcat</code>) whereas Owncloud does. This <ahref="https://github.com/nextcloud/nextcloud-snap/issues/365">may be fixed</a> in the future.</p>
<p>Rclone can be used with Sharepoint provided by OneDrive for Business or Office365 Education Accounts. This feature is only needed for a few of these Accounts, mostly Office365 Education ones. These accounts are sometimes not verified by the domain owner <ahref="https://github.com/rclone/rclone/issues/1975">github#1975</a></p>
<p>This means that these accounts can’t be added using the official API (other Accounts should work with the “onedrive” option). However, it is possible to access them using webdav.</p>
<p>To use a sharepoint remote with rclone, add it like this: First, you need to get your remote’s URL:</p>
<li>Go <ahref="https://onedrive.live.com/about/en-us/signin/">here</a> to open your OneDrive or to sign in</li>
<li>Now take a look at your address bar, the URL should look like this: <code>https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/_layouts/15/onedrive.aspx</code></li>
<p>You’ll only need this URL upto the email address. After that, you’ll most likely want to add “/Documents”. That subdirectory contains the actual data stored on your OneDrive.</p>
<p>Add the remote to rclone like this: Configure the <code>url</code> as <code>https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/Documents</code> and use your normal account email and password for <code>user</code> and <code>pass</code>. If you have 2FA enabled, you have to generate an app password. Set the <code>vendor</code> to <code>sharepoint</code>.</p>
<h4id="required-flags-for-sharepoint">Required Flags for SharePoint</h4>
<p>As SharePoint does some special things with uploaded documents, you won’t be able to use the documents size or the documents hash to compare if a file has been changed since the upload / which file is newer.</p>
<p>For Rclone calls copying files (especially Office files such as .docx, .xlsx, etc.) from/to SharePoint (like copy, sync, etc.), you should append these flags to ensure Rclone uses the “Last Modified” datetime property to compare your documents:</p>
<p>dCache is a storage system that supports many protocols and authentication/authorisation schemes. For WebDAV clients, it allows users to authenticate with username and password (BASIC), X.509, Kerberos, and various bearer tokens, including <ahref="https://www.dcache.org/manuals/workshop-2017-05-29-Umea/000-Final/anupam_macaroons_v02.pdf">Macaroons</a> and <ahref="https://en.wikipedia.org/wiki/OpenID_Connect">OpenID-Connect</a> access tokens.</p>
<p>Configure as normal using the <code>other</code> type. Don’t enter a username or password, instead enter your Macaroon as the <code>bearer_token</code>.</p>
<p>There is a <ahref="https://github.com/sara-nl/GridScripts/blob/master/get-macaroon">script</a> that obtains a Macaroon from a dCache WebDAV endpoint, and creates an rclone config file.</p>
<p>Macaroons may also be obtained from the dCacheView web-browser/JavaScript client that comes with dCache.</p>
<h3id="openid-connect">OpenID-Connect</h3>
<p>dCache also supports authenticating with OpenID-Connect access tokens. OpenID-Connect is a protocol (based on OAuth 2.0) that allows services to identify users who have authenticated with some central service.</p>
<p>Support for OpenID-Connect in rclone is currently achieved using another software package called <ahref="https://github.com/indigo-dc/oidc-agent">oidc-agent</a>. This is a command-line tool that facilitates obtaining an access token. Once installed and configured, an access token is obtained by running the <code>oidc-token</code> command. The following example shows a (shortened) access token obtained from the <em>XDC</em> OIDC Provider.</p>
<pre><code>paul@celebrimbor:~$ oidc-token XDC
eyJraWQ[...]QFXDt0
paul@celebrimbor:~$</code></pre>
<p><strong>Note</strong> Before the <code>oidc-token</code> command will work, the refresh token must be loaded into the oidc agent. This is done with the <code>oidc-add</code> command (e.g., <code>oidc-add XDC</code>). This is typically done once per login session. Full details on this and how to register oidc-agent with your OIDC Provider are provided in the <ahref="https://indigo-dc.gitbooks.io/oidc-agent/">oidc-agent documentation</a>.</p>
<p>The rclone <code>bearer_token_command</code> configuration option is used to fetch the access token from oidc-agent.</p>
<p>Configure as a normal WebDAV endpoint, using the ‘other’ vendor, leaving the username and password empty. When prompted, choose to edit the advanced config and enter the command to get a bearer token (e.g., <code>oidc-agent XDC</code>).</p>
<p>The following example config shows a WebDAV endpoint that uses oidc-agent to supply an access token from the <em>XDC</em> OIDC Provider.</p>
<p>See the <ahref="https://rclone.org/remote_setup/">remote setup docs</a> for how to set it up on a machine with no Internet browser available.</p>
<p>Note that rclone runs a webserver on your local machine to collect the token as returned from Yandex Disk. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on <code>http://127.0.0.1:53682/</code> and this it may require you to unblock it temporarily if you are running a host firewall.</p>
<p>Once configured you can then use <code>rclone</code> like this,</p>
<p>Modified times are supported and are stored accurate to 1 ns in custom metadata called <code>rclone_modified</code> in RFC3339 with nanoseconds format.</p>
<h3id="md5-checksums">MD5 checksums</h3>
<p>MD5 checksums are natively supported by Yandex Disk.</p>
<h3id="emptying-trash-1">Emptying Trash</h3>
<p>If you wish to empty your trash you can use the <code>rclone cleanup remote:</code> command which will permanently delete all your trashed files. This command does not take any path arguments.</p>
<p>To view your current quota you can use the <code>rclone about remote:</code> command which will display your usage limit (quota) and the current usage.</p>
<p>When uploading very large files (bigger than about 5GB) you will need to increase the <code>--timeout</code> parameter. This is because Yandex pauses (perhaps to calculate the MD5SUM for the entire file) before returning confirmation that the file has been uploaded. The default handling of timeouts in rclone is to assume a 5 minute pause is an error and close the connection - you’ll see <code>net/http: timeout awaiting response headers</code> errors in the logs if this is happening. Setting the timeout to twice the max size of file in GB should be enough, so if you want to upload a 30GB file set a timeout of <code>2 * 30 = 60m</code>, that is <code>--timeout 60m</code>.</p>
<p>Remove existing public link to file/folder with link command rather than creating. Default is false, meaning link command will create or retrieve public link.</p>
<p>Rclone reads and writes the modified time using an accuracy determined by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second on OS X.</p>
<p>There is a bit more uncertainty in the Linux world, but new distributions will have UTF-8 encoded files names. If you are using an old Linux filesystem with non UTF-8 file names (eg latin1) then you can use the <code>convmv</code> tool to convert the filesystem to UTF-8. This tool is available in most distributions’ package managers.</p>
<p>If an invalid (non-UTF8) filename is read, the invalid characters will be replaced with a quoted representation of the invalid bytes. The name <code>gro\xdf</code> will be transferred as <code>gro‛DF</code>. <code>rclone</code> will emit a debug message in this case (use <code>-v</code> to see), eg</p>
<p>On non Windows platforms the following characters are replaced when handling file names.</p>
<table>
<thead>
<trclass="header">
<th>Character</th>
<thstyle="text-align: center;">Value</th>
<thstyle="text-align: center;">Replacement</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<td>NUL</td>
<tdstyle="text-align: center;">0x00</td>
<tdstyle="text-align: center;">␀</td>
</tr>
<trclass="even">
<td>/</td>
<tdstyle="text-align: center;">0x2F</td>
<tdstyle="text-align: center;">/</td>
</tr>
</tbody>
</table>
<p>When running on Windows the following characters are replaced. This list is based on the <ahref="https://docs.microsoft.com/de-de/windows/desktop/FileIO/naming-a-file#naming-conventions">Windows file naming conventions</a>.</p>
<table>
<thead>
<trclass="header">
<th>Character</th>
<thstyle="text-align: center;">Value</th>
<thstyle="text-align: center;">Replacement</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<td>NUL</td>
<tdstyle="text-align: center;">0x00</td>
<tdstyle="text-align: center;">␀</td>
</tr>
<trclass="even">
<td>SOH</td>
<tdstyle="text-align: center;">0x01</td>
<tdstyle="text-align: center;">␁</td>
</tr>
<trclass="odd">
<td>STX</td>
<tdstyle="text-align: center;">0x02</td>
<tdstyle="text-align: center;">␂</td>
</tr>
<trclass="even">
<td>ETX</td>
<tdstyle="text-align: center;">0x03</td>
<tdstyle="text-align: center;">␃</td>
</tr>
<trclass="odd">
<td>EOT</td>
<tdstyle="text-align: center;">0x04</td>
<tdstyle="text-align: center;">␄</td>
</tr>
<trclass="even">
<td>ENQ</td>
<tdstyle="text-align: center;">0x05</td>
<tdstyle="text-align: center;">␅</td>
</tr>
<trclass="odd">
<td>ACK</td>
<tdstyle="text-align: center;">0x06</td>
<tdstyle="text-align: center;">␆</td>
</tr>
<trclass="even">
<td>BEL</td>
<tdstyle="text-align: center;">0x07</td>
<tdstyle="text-align: center;">␇</td>
</tr>
<trclass="odd">
<td>BS</td>
<tdstyle="text-align: center;">0x08</td>
<tdstyle="text-align: center;">␈</td>
</tr>
<trclass="even">
<td>HT</td>
<tdstyle="text-align: center;">0x09</td>
<tdstyle="text-align: center;">␉</td>
</tr>
<trclass="odd">
<td>LF</td>
<tdstyle="text-align: center;">0x0A</td>
<tdstyle="text-align: center;">␊</td>
</tr>
<trclass="even">
<td>VT</td>
<tdstyle="text-align: center;">0x0B</td>
<tdstyle="text-align: center;">␋</td>
</tr>
<trclass="odd">
<td>FF</td>
<tdstyle="text-align: center;">0x0C</td>
<tdstyle="text-align: center;">␌</td>
</tr>
<trclass="even">
<td>CR</td>
<tdstyle="text-align: center;">0x0D</td>
<tdstyle="text-align: center;">␍</td>
</tr>
<trclass="odd">
<td>SO</td>
<tdstyle="text-align: center;">0x0E</td>
<tdstyle="text-align: center;">␎</td>
</tr>
<trclass="even">
<td>SI</td>
<tdstyle="text-align: center;">0x0F</td>
<tdstyle="text-align: center;">␏</td>
</tr>
<trclass="odd">
<td>DLE</td>
<tdstyle="text-align: center;">0x10</td>
<tdstyle="text-align: center;">␐</td>
</tr>
<trclass="even">
<td>DC1</td>
<tdstyle="text-align: center;">0x11</td>
<tdstyle="text-align: center;">␑</td>
</tr>
<trclass="odd">
<td>DC2</td>
<tdstyle="text-align: center;">0x12</td>
<tdstyle="text-align: center;">␒</td>
</tr>
<trclass="even">
<td>DC3</td>
<tdstyle="text-align: center;">0x13</td>
<tdstyle="text-align: center;">␓</td>
</tr>
<trclass="odd">
<td>DC4</td>
<tdstyle="text-align: center;">0x14</td>
<tdstyle="text-align: center;">␔</td>
</tr>
<trclass="even">
<td>NAK</td>
<tdstyle="text-align: center;">0x15</td>
<tdstyle="text-align: center;">␕</td>
</tr>
<trclass="odd">
<td>SYN</td>
<tdstyle="text-align: center;">0x16</td>
<tdstyle="text-align: center;">␖</td>
</tr>
<trclass="even">
<td>ETB</td>
<tdstyle="text-align: center;">0x17</td>
<tdstyle="text-align: center;">␗</td>
</tr>
<trclass="odd">
<td>CAN</td>
<tdstyle="text-align: center;">0x18</td>
<tdstyle="text-align: center;">␘</td>
</tr>
<trclass="even">
<td>EM</td>
<tdstyle="text-align: center;">0x19</td>
<tdstyle="text-align: center;">␙</td>
</tr>
<trclass="odd">
<td>SUB</td>
<tdstyle="text-align: center;">0x1A</td>
<tdstyle="text-align: center;">␚</td>
</tr>
<trclass="even">
<td>ESC</td>
<tdstyle="text-align: center;">0x1B</td>
<tdstyle="text-align: center;">␛</td>
</tr>
<trclass="odd">
<td>FS</td>
<tdstyle="text-align: center;">0x1C</td>
<tdstyle="text-align: center;">␜</td>
</tr>
<trclass="even">
<td>GS</td>
<tdstyle="text-align: center;">0x1D</td>
<tdstyle="text-align: center;">␝</td>
</tr>
<trclass="odd">
<td>RS</td>
<tdstyle="text-align: center;">0x1E</td>
<tdstyle="text-align: center;">␞</td>
</tr>
<trclass="even">
<td>US</td>
<tdstyle="text-align: center;">0x1F</td>
<tdstyle="text-align: center;">␟</td>
</tr>
<trclass="odd">
<td>/</td>
<tdstyle="text-align: center;">0x2F</td>
<tdstyle="text-align: center;">/</td>
</tr>
<trclass="even">
<td>"</td>
<tdstyle="text-align: center;">0x22</td>
<tdstyle="text-align: center;">"</td>
</tr>
<trclass="odd">
<td>*</td>
<tdstyle="text-align: center;">0x2A</td>
<tdstyle="text-align: center;">*</td>
</tr>
<trclass="even">
<td>:</td>
<tdstyle="text-align: center;">0x3A</td>
<tdstyle="text-align: center;">:</td>
</tr>
<trclass="odd">
<td><</td>
<tdstyle="text-align: center;">0x3C</td>
<tdstyle="text-align: center;"><</td>
</tr>
<trclass="even">
<td>></td>
<tdstyle="text-align: center;">0x3E</td>
<tdstyle="text-align: center;">></td>
</tr>
<trclass="odd">
<td>?</td>
<tdstyle="text-align: center;">0x3F</td>
<tdstyle="text-align: center;">?</td>
</tr>
<trclass="even">
<td>\</td>
<tdstyle="text-align: center;">0x5C</td>
<tdstyle="text-align: center;">\</td>
</tr>
<trclass="odd">
<td>|</td>
<tdstyle="text-align: center;">0x7C</td>
<tdstyle="text-align: center;">|</td>
</tr>
</tbody>
</table>
<p>File names on Windows can also not end with the following characters. These only get replaced if they are last character in the name:</p>
<table>
<thead>
<trclass="header">
<th>Character</th>
<thstyle="text-align: center;">Value</th>
<thstyle="text-align: center;">Replacement</th>
</tr>
</thead>
<tbody>
<trclass="odd">
<td>SP</td>
<tdstyle="text-align: center;">0x20</td>
<tdstyle="text-align: center;">␠</td>
</tr>
<trclass="even">
<td>.</td>
<tdstyle="text-align: center;">0x2E</td>
<tdstyle="text-align: center;">.</td>
</tr>
</tbody>
</table>
<p>Invalid UTF-8 bytes will also be <ahref="/overview/#invalid-utf8">replaced</a>, as they can’t be converted to UTF-16.</p>
<h3id="long-paths-on-windows">Long paths on Windows</h3>
<p>Rclone handles long paths automatically, by converting all paths to long <ahref="https://msdn.microsoft.com/en-us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath">UNC paths</a> which allows paths up to 32,767 characters.</p>
<p>This is why you will see that your paths, for instance <code>c:\files</code> is converted to the UNC path <code>\\?\c:\files</code> in the output, and <code>\\server\share</code> is converted to <code>\\?\UNC\server\share</code>.</p>
<p>However, in rare cases this may cause problems with buggy file system drivers like <ahref="https://github.com/rclone/rclone/issues/261">EncFS</a>. To disable UNC conversion globally, add this to your <code>.rclone.conf</code> file:</p>
<p>This will use UNC paths on <code>c:\src</code> but not on <code>z:\dst</code>. Of course this will cause problems if the absolute path length of a file exceeds 258 characters on z, so only use this option if you have to.</p>
<p>If you supply <code>--copy-links</code> or <code>-L</code> then rclone will follow the symlink and copy the pointed to file or directory. Note that this flag is incompatible with <code>-links</code> / <code>-l</code>.</p>
<p>If you supply this flag then rclone will copy symbolic links from the local storage, and store them as text files, with a ‘.rclonelink’ suffix in the remote storage.</p>
<p>Normally rclone will recurse through filesystems as mounted.</p>
<p>However if you set <code>--one-file-system</code> or <code>-x</code> this tells rclone to stay in the filesystem specified by the root and not to recurse into different file systems.</p>
<p>Using <code>rclone --one-file-system copy root remote:</code> will only copy <code>file1</code> and <code>file2</code>. Eg</p>
<pre><code>$ rclone -q --one-file-system ls root
0 file1
0 file2</code></pre>
<pre><code>$ rclone -q ls root
0 disk1/file3
0 disk2/file4
0 file1
0 file2</code></pre>
<p><strong>NB</strong> Rclone (like most unix tools such as <code>du</code>, <code>rsync</code> and <code>tar</code>) treats a bind mount to the same device as being on the same filesystem.</p>
<p>Don’t warn about skipped symlinks. This flag disables warning messages on skipped symlinks or junction points, as you explicitly acknowledge that they should be skipped.</p>
<p>This flag is deprecated now. Rclone no longer normalizes unicode file names, but it compares them with unicode normalization in the sync routine instead.</p>
<p>Don’t check to see if the files change during upload</p>
<p>Normally rclone checks the size and modification time of files as they are being uploaded and aborts with a message which starts “can’t copy - source file is being updated” if the file changes during upload.</p>
<p>However on some file systems this modification time check may fail (eg <ahref="https://github.com/rclone/rclone/issues/2206">Glusterfs #2206</a>) so this check can be disabled with this flag.</p>
<p>Force the filesystem to report itself as case sensitive.</p>
<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
<p>Force the filesystem to report itself as case insensitive</p>
<p>Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.</p>
<li>encodings (Fabian Möller & Nick Craig-Wood)
<ul>
<li>All backends now use file name encoding to ensure any file name can be written to any backend.</li>
<li>See the <ahref="/overview/#restricted-filenames">restricted file name docs</a> for more info and the <ahref="/local/#filenames">local backend docs</a>.</li>
<li>Some file names may look different in rclone if you are using any control characters in names or <ahref="https://en.wikipedia.org/wiki/Halfwidth_and_Fullwidth_Forms_(Unicode_block)">unicode FULLWIDTH symbols</a>.</li>
</ul></li>
<li>build
<ul>
<li>Update to use go1.13 for the build (Nick Craig-Wood)</li>
<li>Drop support for go1.9 (Nick Craig-Wood)</li>
<li>Build rclone with GitHub actions (Nick Craig-Wood)</li>
<li>Convert python scripts to python3 (Nick Craig-Wood)</li>
<li>Swap Azure/go-ansiterm for mattn/go-colorable (Nick Craig-Wood)</li>
<li>Dockerfile fixes (Matei David)</li>
<li>Add <ahref="https://github.com/rclone/rclone/blob/master/CONTRIBUTING.md#writing-a-plugin">plugin support</a> for backends and commands (Richard Patel)</li>
</ul></li>
<li>config
<ul>
<li>Use alternating Red/Green in config to make more obvious (Nick Craig-Wood)</li>
</ul></li>
<li>contrib
<ul>
<li>Add sample DLNA server Docker Compose manifest. (pataquets)</li>
<li>Add sample WebDAV server Docker Compose manifest. (pataquets)</li>
</ul></li>
<li>copyurl
<ul>
<li>Add <code>--auto-filename</code> flag for using file name from URL in destination path (Denis)</li>
<li>Logging revamped to be more inline with rsync - now much quieter * -v only shows transfers * -vv is for full debug * –syslog to log to syslog on capable platforms</li>
<li>Implement –backup-dir and –suffix</li>
<li>Implement –track-renames (initial implementation by Bjørn Erik Pedersen)</li>
<li>use official AWS SDK from github.com/aws/aws-sdk-go</li>
<li><strong>NB</strong> will most likely require you to delete and recreate remote</li>
<li>enable multipart upload which enables files > 5GB</li>
<li>tested with Ceph / RadosGW / S3 emulation</li>
<li>many thanks to Sam Liston and Brian Haymore at the <ahref="https://www.chpc.utah.edu/">Utah Center for High Performance Computing</a> for a Ceph test account</li>
<p>Rclone doesn’t currently preserve the timestamps of directories. This is because rclone only really considers objects when syncing.</p>
<h3id="rclone-struggles-with-millions-of-files-in-a-directory">Rclone struggles with millions of files in a directory</h3>
<p>Currently rclone loads each directory entirely into memory before using it. Since each Rclone object takes 0.5k-1k of memory this can take a very long time and use an extremely large amount of memory.</p>
<p>Millions of files in a directory tend caused by software writing cloud storage (eg S3 buckets).</p>
<h3id="bucket-based-remotes-and-folders">Bucket based remotes and folders</h3>
<p>Bucket based remotes (eg S3/GCS/Swift/B2) do not have a concept of directories. Rclone therefore cannot create directories in them which means that empty directories on a bucket based remote will tend to disappear.</p>
<p>Some software creates empty keys ending in <code>/</code> as directory markers. Rclone doesn’t do this as it potentially creates more objects and costs more. It may do in future (probably with a flag).</p>
<p>Sure! Rclone stores all of its config in a single file. If you want to find this file, run <code>rclone config file</code> which will tell you where it is.</p>
Server B> rclone copy /tmp/whatever remote:Backup</code></pre>
<p>The file names you upload from Server A and Server B should be different in this case, otherwise some file systems (eg Drive) may make duplicates.</p>
<p>Rclone stores each file you transfer as a native object on the remote cloud storage system. This means that you can see the files you upload as expected using alternative access methods (eg using the Google Drive web interface). There is a 1:1 mapping between files on your hard disk and objects created in the cloud storage system.</p>
<p>Cloud storage systems (at least none I’ve come across yet) don’t support partially uploading an object. You can’t take an existing object, and change some bytes in the middle of it.</p>
<p>It would be possible to make a sync system which stored binary diffs instead of whole objects like rclone does, but that would break the 1:1 mapping of files on your hard disk to objects in the remote cloud storage system.</p>
<p>All the cloud storage systems support partial downloads of content, so it would be possible to make partial downloads work. However to make this work efficiently this would require storing a significant amount of metadata, which breaks the desired 1:1 mapping of files to objects.</p>
<h3id="can-rclone-do-bi-directional-sync">Can rclone do bi-directional sync?</h3>
<p>No, not at present. rclone only does uni-directional sync from A -> B. It may do in the future though since it has all the primitives - it just requires writing the algorithm to do it.</p>
<h3id="can-i-use-rclone-with-an-http-proxy">Can I use rclone with an HTTP proxy?</h3>
<p>Yes. rclone will follow the standard environment variables for proxies, similar to cURL and other programs.</p>
<p>In general the variables are called <code>http_proxy</code> (for services reached over <code>http</code>) and <code>https_proxy</code> (for services reached over <code>https</code>). Most public services will be using <code>https</code>, but you may wish to set both.</p>
<p>The content of the variable is <code>protocol://server:port</code>. The protocol value is the one used to talk to the proxy server, itself, and is commonly either <code>http</code> or <code>socks5</code>.</p>
<p>Slightly annoyingly, there is no <em>standard</em> for the name; some applications may use <code>http_proxy</code> but another one <code>HTTP_PROXY</code>. The <code>Go</code> libraries used by <code>rclone</code> will try both variations, but you may wish to set all possibilities. So, on Linux, you may end up with code similar to</p>
<p>The <code>NO_PROXY</code> allows you to disable the proxy for specific hosts. Hosts must be comma separated, and can contain domains or parts. For instance “foo.com” also matches “bar.foo.com”.</p>
<h3id="rclone-gives-x509-failed-to-load-system-roots-and-no-roots-provided-error">Rclone gives x509: failed to load system roots and no roots provided error</h3>
<p>This means that <code>rclone</code> can’t file the SSL root certificates. Likely you are running <code>rclone</code> on a NAS with a cut-down Linux OS, or possibly on Solaris.</p>
<p>The two environment variables <code>SSL_CERT_FILE</code> and <code>SSL_CERT_DIR</code>, mentioned in the <ahref="https://godoc.org/crypto/x509">x509 package</a>, provide an additional way to provide the SSL root certificates.</p>
<h3id="rclone-gives-failed-to-load-config-file-function-not-implemented-error">Rclone gives Failed to load config file: function not implemented error</h3>
<p>Likely this means that you are running rclone on Linux version not supported by the go runtime, ie earlier than version 2.6.23.</p>
<p>See the <ahref="https://golang.org/doc/install">system requirements section in the go install docs</a> for full details.</p>
<p>This is caused by uploading these files from a Windows computer which hasn’t got the Microsoft Office suite installed. The easiest way to fix is to install the Word viewer and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 and later versions’ file formats</p>
<h3id="tcp-lookup-some.domain.com-no-such-host">tcp lookup some.domain.com no such host</h3>
<p>This happens when rclone cannot resolve a domain. Please check that your DNS setup is generally working, e.g.</p>
<pre><code># both should print a long list of possible IP addresses
dig www.googleapis.com # resolve using your default DNS
dig www.googleapis.com @8.8.8.8 # resolve with Google's DNS server</code></pre>
<p>If you are using <code>systemd-resolved</code> (default on Arch Linux), ensure it is at version 233 or higher. Previous releases contain a bug which causes not all domains to be resolved properly.</p>
<p>Additionally with the <code>GODEBUG=netdns=</code> environment variable the Go resolver decision can be influenced. This also allows to resolve certain issues with DNS resolution. See the <ahref="https://golang.org/pkg/net/#hdr-Name_Resolution">name resolution section in the go docs</a>.</p>
<h3id="the-total-size-reported-in-the-stats-for-a-sync-is-wrong-and-keeps-changing">The total size reported in the stats for a sync is wrong and keeps changing</h3>
<p>It is likely you have more than 10,000 files that need to be synced. By default rclone only gets 10,000 files ahead in a sync so as not to use up too much memory. You can change this default with the <ahref="/docs/#max-backlog-n">–max-backlog</a> flag.</p>
<h3id="rclone-is-using-too-much-memory-or-appears-to-have-a-memory-leak">Rclone is using too much memory or appears to have a memory leak</h3>
<p>Rclone is written in Go which uses a garbage collector. The default settings for the garbage collector mean that it runs when the heap size has doubled.</p>
<p>However it is possible to tune the garbage collector to use less memory by <ahref="https://dave.cheney.net/tag/gogc">setting GOGC</a> to a lower value, say <code>export GOGC=20</code>. This will make the garbage collector work harder, reducing memory size at the expense of CPU usage.</p>
<p>The most common cause of rclone using lots of memory is a single directory with thousands or millions of files in. Rclone has to load this entirely into memory as rclone objects. Each rclone object takes 0.5k-1k of memory.</p>
<p>Or if all else fails or you want to ask something private or confidential email <ahref="mailto:nick@craig-wood.com">Nick Craig-Wood</a>. Please don’t email me requests for help - those are better directed to the forum - thanks!</p>
