Jul 20, 2021
Rclone is a command line program to manage files on cloud storage. It is a feature rich alternative to cloud vendors' web storage interfaces. Over 40 cloud storage products support rclone including S3 object stores, business & consumer file storage services, as well as standard transfer protocols.
Rclone has powerful cloud equivalents to the unix commands rsync, cp, mv, mount, ls, ncdu, tree, rm, and cat. Rclone's familiar syntax includes shell pipeline support, and --dry-run
protection. It is used at the command line, in scripts or via its API.
Users call rclone "The Swiss army knife of cloud storage", and "Technology indistinguishable from magic".
Rclone really looks after your data. It preserves timestamps and verifies checksums at all times. Transfers over limited bandwidth; intermittent connections, or subject to quota can be restarted, from the last good file transferred. You can check the integrity of your files. Where possible, rclone employs server-side transfers to minimise local bandwidth use and transfers from one provider to another without using local disk.
Virtual backends wrap local and cloud file systems to apply encryption, compression chunking and joining.
Rclone mounts any local, cloud or virtual filesystem as a disk on Windows, macOS, linux and FreeBSD, and also serves these over SFTP, HTTP, WebDAV, FTP and DLNA.
Rclone is mature, open source software originally inspired by rsync and written in Go. The friendly support community are familiar with varied use cases. Official Ubuntu, Debian, Fedora, Brew and Chocolatey repos. include rclone. For the latest version downloading from rclone.org is recommended.
Rclone is widely used on Linux, Windows and Mac. Third party developers create innovative backup, restore, GUI and business process solutions using the rclone command line or API.
Rclone does the heavy lifting of communicating with cloud storage.
Rclone helps you:
(There are many others, built on standard protocols such as WebDAV or S3, that work out of the box.)
Links
Rclone is a Go program and comes as a single binary file.
rclone
or rclone.exe
binary from the archiverclone config
to setup. See rclone config docs for more details.See below for some expanded Linux / macOS instructions.
See the Usage section of the docs for how to use rclone, or run rclone -h
.
Already installed rclone can be easily updated to the latest version using the rclone selfupdate command.
To install rclone on Linux/macOS/BSD systems, run:
curl https://rclone.org/install.sh | sudo bash
For beta installation, run:
curl https://rclone.org/install.sh | sudo bash -s beta
Note that this script checks the version of rclone installed first and won't re-download if not needed.
Fetch and unpack
curl -O https://downloads.rclone.org/rclone-current-linux-amd64.zip
unzip rclone-current-linux-amd64.zip
cd rclone-*-linux-amd64
Copy binary file
sudo cp rclone /usr/bin/
sudo chown root:root /usr/bin/rclone
sudo chmod 755 /usr/bin/rclone
Install manpage
sudo mkdir -p /usr/local/share/man/man1
sudo cp rclone.1 /usr/local/share/man/man1/
sudo mandb
Run rclone config
to setup. See rclone config docs for more details.
rclone config
brew install rclone
To avoid problems with macOS gatekeeper enforcing the binary to be signed and notarized it is enough to download with curl
.
Download the latest version of rclone.
cd && curl -O https://downloads.rclone.org/rclone-current-osx-amd64.zip
Unzip the download and cd to the extracted folder.
unzip -a rclone-current-osx-amd64.zip && cd rclone-*-osx-amd64
Move rclone to your $PATH. You will be prompted for your password.
sudo mkdir -p /usr/local/bin
sudo mv rclone /usr/local/bin/
(the mkdir
command is safe to run, even if the directory already exists).
Remove the leftover files.
cd .. && rm -rf rclone-*-osx-amd64 rclone-current-osx-amd64.zip
Run rclone config
to setup. See rclone config docs for more details.
rclone config
When downloading a binary with a web browser, the browser will set the macOS gatekeeper quarantine attribute. Starting from Catalina, when attempting to run rclone
, a pop-up will appear saying:
“rclone” cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.
The simplest fix is to run
xattr -d com.apple.quarantine rclone
The rclone maintains a docker image for rclone. These images are autobuilt by docker hub from the rclone source based on a minimal Alpine linux image.
The :latest
tag will always point to the latest stable release. You can use the :beta
tag to get the latest build from master. You can also use version tags, e.g. :1.49.1
, :1.49
or :1
.
$ docker pull rclone/rclone:latest
latest: Pulling from rclone/rclone
Digest: sha256:0e0ced72671989bb837fea8e88578b3fc48371aa45d209663683e24cfdaa0e11
...
$ docker run --rm rclone/rclone:latest version
rclone v1.49.1
- os/arch: linux/amd64
- go version: go1.12.9
There are a few command line options to consider when starting an rclone Docker container from the rclone image.
You need to mount the host rclone config dir at /config/rclone
into the Docker container. Due to the fact that rclone updates tokens inside its config file, and that the update process involves a file rename, you need to mount the whole host rclone config dir, not just the single host rclone config file.
You need to mount a host data dir at /data
into the Docker container.
By default, the rclone binary inside a Docker container runs with UID=0 (root). As a result, all files created in a run will have UID=0. If your config and data files reside on the host with a non-root UID:GID, you need to pass these on the container start command line.
--rc-addr
to :5572
in order to connect to it from outside the container. An explanation about why this is necessary is present here.
host
should probably set it to listen to localhost only, with 127.0.0.1:5572
as the value for --rc-addr
It is possible to use rclone mount
inside a userspace Docker container, and expose the resulting fuse mount to the host. The exact docker run
options to do that might vary slightly between hosts. See, e.g. the discussion in this thread.
You also need to mount the host /etc/passwd
and /etc/group
for fuse to work inside the container.
Here are some commands tested on an Ubuntu 18.04.3 host:
# config on host at ~/.config/rclone/rclone.conf
# data on host at ~/data
# make sure the config is ok by listing the remotes
docker run --rm \
--volume ~/.config/rclone:/config/rclone \
--volume ~/data:/data:shared \
--user $(id -u):$(id -g) \
rclone/rclone \
listremotes
# perform mount inside Docker container, expose result to host
mkdir -p ~/data/mount
docker run --rm \
--volume ~/.config/rclone:/config/rclone \
--volume ~/data:/data:shared \
--user $(id -u):$(id -g) \
--volume /etc/passwd:/etc/passwd:ro --volume /etc/group:/etc/group:ro \
--device /dev/fuse --cap-add SYS_ADMIN --security-opt apparmor:unconfined \
rclone/rclone \
mount dropbox:Photos /data/mount &
ls ~/data/mount
kill %1
Make sure you have at least Go go1.13 installed. Download go if necessary. The latest release is recommended. Then
git clone https://github.com/rclone/rclone.git
cd rclone
go build
./rclone version
This will leave you a checked out version of rclone you can modify and send pull requests with. If you use make
instead of go build
then the rclone build will have the correct version information in it.
You can also build the latest stable rclone with:
go get github.com/rclone/rclone
or the latest version (equivalent to the beta) with
go get github.com/rclone/rclone@master
These will build the binary in $(go env GOPATH)/bin
(~/go/bin/rclone
by default) after downloading the source to the go module cache. Note - do not use the -u
flag here. This causes go to try to update the dependencies that rclone uses and sometimes these don't work with the current version of rclone.
This can be done with Stefan Weichinger's ansible role.
Instructions
git clone https://github.com/stefangweichinger/ansible-rclone.git
into your local roles-directory - hosts: rclone-hosts
roles:
- rclone
After installing and configuring rclone, as described above, you are ready to use rclone as an interactive command line utility. If your goal is to perform periodic operations, such as a regular sync, you will probably want to configure your rclone command in your operating system's scheduler. If you need to expose service-like features, such as remote control, GUI, serve or mount, you will often want an rclone command always running in the background, and configuring it to run in a service infrastructure may be a better option. Below are some alternatives on how to achieve this on different operating systems.
NOTE: Before setting up autorun it is highly recommended that you have tested your command manually from a Command Prompt first.
The most relevant alternatives for autostart on Windows are: - Run at user log on using the Startup folder - Run at user log on, at system startup or at schedule using Task Scheduler - Run at system startup using Windows service
Rclone is a console application, so if not starting from an existing Command Prompt, e.g. when starting rclone.exe from a shortcut, it will open a Command Prompt window. When configuring rclone to run from task scheduler and windows service you are able to set it to run hidden in background. From rclone version 1.54 you can also make it run hidden from anywhere by adding option --no-console
(it may still flash briefly when the program starts). Since rclone normally writes information and any error messages to the console, you must redirect this to a file to be able to see it. Rclone has a built-in option --log-file
for that.
Example command to run a sync in background:
c:\rclone\rclone.exe sync c:\files remote:/files --no-console --log-file c:\rclone\logs\sync_files.txt
As mentioned in the mount documentation, mounted drives created as Administrator are not visible to other accounts, not even the account that was elevated as Administrator. By running the mount command as the built-in SYSTEM
user account, it will create drives accessible for everyone on the system. Both scheduled task and Windows service can be used to achieve this.
NOTE: Remember that when rclone runs as the SYSTEM
user, the user profile that it sees will not be yours. This means that if you normally run rclone with configuration file in the default location, to be able to use the same configuration when running as the system user you must explicitely tell rclone where to find it with the --config
option, or else it will look in the system users profile path (C:\Windows\System32\config\systemprofile
). To test your command manually from a Command Prompt, you can run it with the PsExec utility from Microsoft's Sysinternals suite, which takes option -s
to execute commands as the SYSTEM
user.
To quickly execute an rclone command you can simply create a standard Windows Explorer shortcut for the complete rclone command you want to run. If you store this shortcut in the special "Startup" start-menu folder, Windows will automatically run it at login. To open this folder in Windows Explorer, enter path %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
, or C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
if you want the command to start for every user that logs in.
This is the easiest approach to autostarting of rclone, but it offers no functionality to set it to run as different user, or to set conditions or actions on certain events. Setting up a scheduled task as described below will often give you better results.
Task Scheduler is an administrative tool built into Windows, and it can be used to configure rclone to be started automatically in a highly configurable way, e.g. periodically on a schedule, on user log on, or at system startup. It can run be configured to run as the current user, or for a mount command that needs to be available to all users it can run as the SYSTEM
user. For technical information, see https://docs.microsoft.com/windows/win32/taskschd/task-scheduler-start-page.
For running rclone at system startup, you can create a Windows service that executes your rclone command, as an alternative to scheduled task configured to run at startup.
For mount commands, Rclone has a built-in Windows service integration via the third party WinFsp library it uses. Registering as a regular Windows service easy, as you just have to execute the built-in PowerShell command New-Service
(requires administrative privileges).
Example of a PowerShell command that creates a Windows service for mounting some remote:/files
as drive letter X:
, for all users (service will be running as the local system account):
New-Service -Name Rclone -BinaryPathName 'c:\rclone\rclone.exe mount remote:/files X: --config c:\rclone\config\rclone.conf --log-file c:\rclone\logs\mount.txt'
The WinFsp service infrastructure supports incorporating services for file system implementations, such as rclone, into its own launcher service, as kind of "child services". This has the additional advantage that it also implements a network provider that integrates into Windows standard methods for managing network drives. This is currently not officially supported by Rclone, but with WinFsp version 2019.3 B2 / v1.5B2 or later it should be possible through path rewriting as described here.
To Windows service running any rclone command, the excellent third party utility NSSM, the "Non-Sucking Service Manager", can be used. It includes some advanced features such as adjusting process periority, defining process environment variables, redirect to file anything written to stdout, and customized response to different exit codes, with a GUI to configure everything from (although it can also be used from command line ).
There are also several other alternatives. To mention one more, WinSW, "Windows Service Wrapper", is worth checking out. It requires .NET Framework, but it is preinstalled on newer versions of Windows, and it also provides alternative standalone distributions which includes necessary runtime (.NET 5). WinSW is a command-line only utility, where you have to manually create an XML file with service configuration. This may be a drawback for some, but it can also be an advantage as it is easy to back up and re-use the configuration settings, without having go through manual steps in a GUI. One thing to note is that by default it does not restart the service on error, one have to explicit enable this in the configuration file (via the "onfailure" parameter).
To always run rclone in background, relevant for mount commands etc, you can use systemd to set up rclone as a system or user service. Running as a system service ensures that it is run at startup even if the user it is running as has no active session. Running rclone as a user service ensures that it only starts after the configured user has logged into the system.
To run a periodic command, such as a copy/sync, you can set up a cron job.
First, you'll need to configure rclone. As the object storage systems have quite complicated authentication these are kept in a config file. (See the --config
entry for how to find the config file and choose its location.)
The easiest way to make the config is to run rclone with the config option:
rclone config
See the following for detailed instructions for
Rclone syncs a directory tree from one storage system to another.
Its syntax is like this
Syntax: [options] subcommand <parameters> <parameters...>
Source and destination paths are specified by the name you gave the storage system in the config file then the sub path, e.g. "drive:myfolder" to look at "myfolder" in Google drive.
You can define as many storage paths as you like in the config file.
Please use the -i
/ --interactive
flag while learning rclone to avoid accidental data loss.
rclone uses a system of subcommands. For example
rclone ls remote:path # lists a remote
rclone copy /local/path remote:path # copies /local/path to the remote
rclone sync -i /local/path remote:path # syncs /local/path to the remote
Enter an interactive configuration session.
Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration.
rclone config [flags]
-h, --help help for config
See the global flags page for global options not listed here.
name
.Copy files from source to dest, skipping already copied.
Copy the source to the destination. Doesn't transfer unchanged files, testing by size and modification time or MD5SUM. Doesn't delete files from the destination.
Note that it is always the contents of the directory that is synced, not the directory so when source:path is a directory, it's the contents of source:path that are copied, not the directory name and contents.
If dest:path doesn't exist, it is created and the source:path contents go there.
For example
rclone copy source:sourcepath dest:destpath
Let's say there are two files in sourcepath
sourcepath/one.txt
sourcepath/two.txt
This copies them to
destpath/one.txt
destpath/two.txt
Not to
destpath/sourcepath/one.txt
destpath/sourcepath/two.txt
If you are familiar with rsync
, rclone always works as if you had written a trailing /
- meaning "copy the contents of this directory". This applies to all commands and whether you are talking about the source or destination.
See the --no-traverse option for controlling whether rclone lists the destination directory or not. Supplying this option when copying a small number of files into a large destination can speed transfers up greatly.
For example, if you have many files in /path/to/src but only a few of them change every day, you can copy all the files which have changed recently very efficiently like this:
rclone copy --max-age 24h --no-traverse /path/to/src remote:
Note: Use the -P
/--progress
flag to view real-time transfer statistics.
Note: Use the --dry-run
or the --interactive
/-i
flag to test without copying anything.
rclone copy source:path dest:path [flags]
--create-empty-src-dirs Create empty source dirs on destination after copy
-h, --help help for copy
See the global flags page for global options not listed here.
Make source and dest identical, modifying destination only.
Sync the source to the destination, changing the destination only. Doesn't transfer unchanged files, testing by size and modification time or MD5SUM. Destination is updated to match source, including deleting files if necessary (except duplicate objects, see below).
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
rclone sync -i SOURCE remote:DESTINATION
Note that files in the destination won't be deleted if there were any errors at any point. Duplicate objects (files with the same name, on those providers that support it) are also not yet handled.
It is always the contents of the directory that is synced, not the directory so when source:path is a directory, it's the contents of source:path that are copied, not the directory name and contents. See extended explanation in the copy
command above if unsure.
If dest:path doesn't exist, it is created and the source:path contents go there.
Note: Use the -P
/--progress
flag to view real-time transfer statistics
Note: Use the rclone dedupe
command to deal with "Duplicate object/directory found in source/destination - ignoring" errors. See this forum post for more info.
rclone sync source:path dest:path [flags]
--create-empty-src-dirs Create empty source dirs on destination after sync
-h, --help help for sync
See the global flags page for global options not listed here.
Move files from source to dest.
Moves the contents of the source directory to the destination directory. Rclone will error if the source and destination overlap and the remote does not support a server-side directory move operation.
If no filters are in use and if possible this will server-side move source:path
into dest:path
. After this source:path
will no longer exist.
Otherwise for each file in source:path
selected by the filters (if any) this will move it into dest:path
. If possible a server-side move will be used, otherwise it will copy it (server-side if possible) into dest:path
then delete the original (if no errors on copy) in source:path
.
If you want to delete empty source directories after move, use the --delete-empty-src-dirs flag.
See the --no-traverse option for controlling whether rclone lists the destination directory or not. Supplying this option when moving a small number of files into a large destination can speed transfers up greatly.
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
Note: Use the -P
/--progress
flag to view real-time transfer statistics.
rclone move source:path dest:path [flags]
--create-empty-src-dirs Create empty source dirs on destination after move
--delete-empty-src-dirs Delete empty source dirs after move
-h, --help help for move
See the global flags page for global options not listed here.
Remove the files in path.
Remove the files in path. Unlike purge
it obeys include/exclude filters so can be used to selectively delete files.
rclone delete
only deletes files but leaves the directory structure alone. If you want to delete a directory and all of its contents use the purge
command.
If you supply the --rmdirs
flag, it will remove all empty directories along with it. You can also use the separate command rmdir
or rmdirs
to delete empty directories only.
For example, to delete all files bigger than 100 MiB, you may first want to check what would be deleted (use either):
rclone --min-size 100M lsl remote:path
rclone --dry-run --min-size 100M delete remote:path
Then proceed with the actual delete:
rclone --min-size 100M delete remote:path
That reads "delete everything with a minimum size of 100 MiB", hence delete all files bigger than 100 MiB.
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
rclone delete remote:path [flags]
-h, --help help for delete
--rmdirs rmdirs removes empty directories but leaves root intact
See the global flags page for global options not listed here.
Remove the path and all of its contents.
Remove the path and all of its contents. Note that this does not obey include/exclude filters - everything will be removed. Use the delete
command if you want to selectively delete files. To delete empty directories only, use command rmdir
or rmdirs
.
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
rclone purge remote:path [flags]
-h, --help help for purge
See the global flags page for global options not listed here.
Make the path if it doesn't already exist.
rclone mkdir remote:path [flags]
-h, --help help for mkdir
See the global flags page for global options not listed here.
Remove the empty directory at path.
This removes empty directory given by path. Will not remove the path if it has any objects in it, not even empty subdirectories. Use command rmdirs
(or delete
with option --rmdirs
) to do that.
To delete a path and any objects in it, use purge
command.
rclone rmdir remote:path [flags]
-h, --help help for rmdir
See the global flags page for global options not listed here.
Checks the files in the source and destination match.
Checks the files in the source and destination match. It compares sizes and hashes (MD5 or SHA1) and logs a report of files which don't match. It doesn't alter the source or destination.
If you supply the --size-only
flag, it will only compare the sizes not the hashes as well. Use this for a quick check.
If you supply the --download
flag, it will download the data from both remotes and check them against each other on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.
If you supply the --checkfile HASH
flag with a valid hash name, the source:path
must point to a text file in the SUM format.
If you supply the --one-way
flag, it will only check that files in the source match the files in the destination, not the other way around. This means that extra files in the destination that are not in the source will not be detected.
The --differ
, --missing-on-dst
, --missing-on-src
, --match
and --error
flags write paths, one per line, to the file name (or stdout if it is -
) supplied. What they write is described in the help below. For example --differ
will write all paths which are present on both the source and destination but different.
The --combined
flag will write a file (or stdout) which contains all file paths with a symbol and then a space and then the path to tell you what happened to it. These are reminiscent of diff files.
= path
means path was found in source and destination and was identical- path
means path was missing on the source, so only in the destination+ path
means path was missing on the destination, so only in the source* path
means path was present in source and destination but different.! path
means there was an error reading or hashing the source or dest.rclone check source:path dest:path [flags]
-C, --checkfile string Treat source:path as a SUM file with hashes of given type
--combined string Make a combined report of changes to this file
--differ string Report all non-matching files to this file
--download Check by downloading rather than with hash.
--error string Report all files with errors (hashing or reading) to this file
-h, --help help for check
--match string Report all matching files to this file
--missing-on-dst string Report all files missing from the destination to this file
--missing-on-src string Report all files missing from the source to this file
--one-way Check one way only, source files must exist on remote
See the global flags page for global options not listed here.
List the objects in the path with size and path.
Lists the objects in the source path to standard output in a human readable format with size and path. Recurses by default.
Eg
$ rclone ls swift:bucket
60295 bevajer5jef
90613 canole
94467 diwogej7
37600 fubuwic
Any of the filtering options can be applied to this command.
There are several related list commands
ls
to list size and path of objects onlylsl
to list modification time, size and path of objects onlylsd
to list directories onlylsf
to list objects and directories in easy to parse formatlsjson
to list objects and directories in JSON formatls
,lsl
,lsd
are designed to be human readable. lsf
is designed to be human and machine readable. lsjson
is designed to be machine readable.
Note that ls
and lsl
recurse by default - use --max-depth 1
to stop the recursion.
The other list commands lsd
,lsf
,lsjson
do not recurse by default - use -R
to make them recurse.
Listing a non existent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket based remotes).
rclone ls remote:path [flags]
-h, --help help for ls
See the global flags page for global options not listed here.
List all directories/containers/buckets in the path.
Lists the directories in the source path to standard output. Does not recurse by default. Use the -R flag to recurse.
This command lists the total size of the directory (if known, -1 if not), the modification time (if known, the current time if not), the number of objects in the directory (if known, -1 if not) and the name of the directory, Eg
$ rclone lsd swift:
494000 2018-04-26 08:43:20 10000 10000files
65 2018-04-26 08:43:20 1 1File
Or
$ rclone lsd drive:test
-1 2016-10-17 17:41:53 -1 1000files
-1 2017-01-03 14:40:54 -1 2500files
-1 2017-07-08 14:39:28 -1 4000files
If you just want the directory names use "rclone lsf --dirs-only".
Any of the filtering options can be applied to this command.
There are several related list commands
ls
to list size and path of objects onlylsl
to list modification time, size and path of objects onlylsd
to list directories onlylsf
to list objects and directories in easy to parse formatlsjson
to list objects and directories in JSON formatls
,lsl
,lsd
are designed to be human readable. lsf
is designed to be human and machine readable. lsjson
is designed to be machine readable.
Note that ls
and lsl
recurse by default - use --max-depth 1
to stop the recursion.
The other list commands lsd
,lsf
,lsjson
do not recurse by default - use -R
to make them recurse.
Listing a non existent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket based remotes).
rclone lsd remote:path [flags]
-h, --help help for lsd
-R, --recursive Recurse into the listing.
See the global flags page for global options not listed here.
List the objects in path with modification time, size and path.
Lists the objects in the source path to standard output in a human readable format with modification time, size and path. Recurses by default.
Eg
$ rclone lsl swift:bucket
60295 2016-06-25 18:55:41.062626927 bevajer5jef
90613 2016-06-25 18:55:43.302607074 canole
94467 2016-06-25 18:55:43.046609333 diwogej7
37600 2016-06-25 18:55:40.814629136 fubuwic
Any of the filtering options can be applied to this command.
There are several related list commands
ls
to list size and path of objects onlylsl
to list modification time, size and path of objects onlylsd
to list directories onlylsf
to list objects and directories in easy to parse formatlsjson
to list objects and directories in JSON formatls
,lsl
,lsd
are designed to be human readable. lsf
is designed to be human and machine readable. lsjson
is designed to be machine readable.
Note that ls
and lsl
recurse by default - use --max-depth 1
to stop the recursion.
The other list commands lsd
,lsf
,lsjson
do not recurse by default - use -R
to make them recurse.
Listing a non existent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket based remotes).
rclone lsl remote:path [flags]
-h, --help help for lsl
See the global flags page for global options not listed here.
Produces an md5sum file for all the objects in the path.
Produces an md5sum file for all the objects in the path. This is in the same format as the standard md5sum tool produces.
By default, the hash is requested from the remote. If MD5 is not supported by the remote, no hash will be returned. With the download flag, the file will be downloaded from the remote and hashed locally enabling MD5 for any remote.
rclone md5sum remote:path [flags]
--base64 Output base64 encoded hashsum
-C, --checkfile string Validate hashes against a given SUM file instead of printing them
--download Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
-h, --help help for md5sum
--output-file string Output hashsums to a file rather than the terminal
See the global flags page for global options not listed here.
Produces an sha1sum file for all the objects in the path.
Produces an sha1sum file for all the objects in the path. This is in the same format as the standard sha1sum tool produces.
By default, the hash is requested from the remote. If SHA-1 is not supported by the remote, no hash will be returned. With the download flag, the file will be downloaded from the remote and hashed locally enabling SHA-1 for any remote.
rclone sha1sum remote:path [flags]
--base64 Output base64 encoded hashsum
-C, --checkfile string Validate hashes against a given SUM file instead of printing them
--download Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
-h, --help help for sha1sum
--output-file string Output hashsums to a file rather than the terminal
See the global flags page for global options not listed here.
Prints the total size and number of objects in remote:path.
rclone size remote:path [flags]
-h, --help help for size
--json format output as JSON
See the global flags page for global options not listed here.
Show the version number.
Show the rclone version number, the go version, the build target OS and architecture, the runtime OS and kernel version and bitness, build tags and the type of executable (static or dynamic).
For example:
$ rclone version
rclone v1.55.0
- os/version: ubuntu 18.04 (64 bit)
- os/kernel: 4.15.0-136-generic (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.16
- go/linking: static
- go/tags: none
Note: before rclone version 1.55 the os/type and os/arch lines were merged, and the "go/version" line was tagged as "go version".
If you supply the --check flag, then it will do an online check to compare your version with the latest release and the latest beta.
$ rclone version --check
yours: 1.42.0.6
latest: 1.42 (released 2018-06-16)
beta: 1.42.0.5 (released 2018-06-17)
Or
$ rclone version --check
yours: 1.41
latest: 1.42 (released 2018-06-16)
upgrade: https://downloads.rclone.org/v1.42
beta: 1.42.0.5 (released 2018-06-17)
upgrade: https://beta.rclone.org/v1.42-005-g56e1e820
rclone version [flags]
--check Check for new version.
-h, --help help for version
See the global flags page for global options not listed here.
Clean up the remote if possible.
Clean up the remote if possible. Empty the trash or delete old file versions. Not supported by all remotes.
rclone cleanup remote:path [flags]
-h, --help help for cleanup
See the global flags page for global options not listed here.
Interactively find duplicate filenames and delete/rename them.
By default dedupe
interactively finds files with duplicate names and offers to delete all but one or rename them to be different. This is known as deduping by name.
Deduping by name is only useful with a small group of backends (e.g. Google Drive, Opendrive) that can have duplicate file names. It can be run on wrapping backends (e.g. crypt) if they wrap a backend which supports duplicate file names.
However if --by-hash is passed in then dedupe will find files with duplicate hashes instead which will work on any backend which supports at least one hash. This can be used to find files with duplicate content. This is known as deduping by hash.
If deduping by name, first rclone will merge directories with the same name. It will do this iteratively until all the identically named directories have been merged.
Next, if deduping by name, for every group of duplicate file names / hashes, it will delete all but one identical files it finds without confirmation. This means that for most duplicated files the dedupe
command will not be interactive.
dedupe
considers files to be identical if they have the same file path and the same hash. If the backend does not support hashes (e.g. crypt wrapping Google Drive) then they will never be found to be identical. If you use the --size-only
flag then files will be considered identical if they have the same size (any hash will be ignored). This can be useful on crypt backends which do not support hashes.
Next rclone will resolve the remaining duplicates. Exactly which action is taken depends on the dedupe mode. By default rclone will interactively query the user for each one.
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
Here is an example run.
Before - with duplicates
$ rclone lsl drive:dupes
6048320 2016-03-05 16:23:16.798000000 one.txt
6048320 2016-03-05 16:23:11.775000000 one.txt
564374 2016-03-05 16:23:06.731000000 one.txt
6048320 2016-03-05 16:18:26.092000000 one.txt
6048320 2016-03-05 16:22:46.185000000 two.txt
1744073 2016-03-05 16:22:38.104000000 two.txt
564374 2016-03-05 16:22:52.118000000 two.txt
Now the dedupe
session
$ rclone dedupe drive:dupes
2016/03/05 16:24:37 Google drive root 'dupes': Looking for duplicates using interactive mode.
one.txt: Found 4 files with duplicate names
one.txt: Deleting 2/3 identical duplicates (MD5 "1eedaa9fe86fd4b8632e2ac549403b36")
one.txt: 2 duplicates remain
1: 6048320 bytes, 2016-03-05 16:23:16.798000000, MD5 1eedaa9fe86fd4b8632e2ac549403b36
2: 564374 bytes, 2016-03-05 16:23:06.731000000, MD5 7594e7dc9fc28f727c42ee3e0749de81
s) Skip and do nothing
k) Keep just one (choose which in next step)
r) Rename all to be different (by changing file.jpg to file-1.jpg)
s/k/r> k
Enter the number of the file to keep> 1
one.txt: Deleted 1 extra copies
two.txt: Found 3 files with duplicate names
two.txt: 3 duplicates remain
1: 564374 bytes, 2016-03-05 16:22:52.118000000, MD5 7594e7dc9fc28f727c42ee3e0749de81
2: 6048320 bytes, 2016-03-05 16:22:46.185000000, MD5 1eedaa9fe86fd4b8632e2ac549403b36
3: 1744073 bytes, 2016-03-05 16:22:38.104000000, MD5 851957f7fb6f0bc4ce76be966d336802
s) Skip and do nothing
k) Keep just one (choose which in next step)
r) Rename all to be different (by changing file.jpg to file-1.jpg)
s/k/r> r
two-1.txt: renamed from: two.txt
two-2.txt: renamed from: two.txt
two-3.txt: renamed from: two.txt
The result being
$ rclone lsl drive:dupes
6048320 2016-03-05 16:23:16.798000000 one.txt
564374 2016-03-05 16:22:52.118000000 two-1.txt
6048320 2016-03-05 16:22:46.185000000 two-2.txt
1744073 2016-03-05 16:22:38.104000000 two-3.txt
Dedupe can be run non interactively using the --dedupe-mode
flag or by using an extra parameter with the same value
--dedupe-mode interactive
- interactive as above.--dedupe-mode skip
- removes identical files then skips anything left.--dedupe-mode first
- removes identical files then keeps the first one.--dedupe-mode newest
- removes identical files then keeps the newest one.--dedupe-mode oldest
- removes identical files then keeps the oldest one.--dedupe-mode largest
- removes identical files then keeps the largest one.--dedupe-mode smallest
- removes identical files then keeps the smallest one.--dedupe-mode rename
- removes identical files then renames the rest to be different.--dedupe-mode list
- lists duplicate dirs and files only and changes nothing.For example to rename all the identically named photos in your Google Photos directory, do
rclone dedupe --dedupe-mode rename "drive:Google Photos"
Or
rclone dedupe rename "drive:Google Photos"
rclone dedupe [mode] remote:path [flags]
--by-hash Find indentical hashes rather than names
--dedupe-mode string Dedupe mode interactive|skip|first|newest|oldest|largest|smallest|rename. (default "interactive")
-h, --help help for dedupe
See the global flags page for global options not listed here.
Get quota information from the remote.
rclone about
prints quota information about a remote to standard output. The output is typically used, free, quota and trash contents.
E.g. Typical output from rclone about remote:
is:
Total: 17G
Used: 7.444G
Free: 1.315G
Trashed: 100.000M
Other: 8.241G
Where the fields are:
Not all backends print all fields. Information is not included if it is not provided by a backend. Where the value is unlimited it is omitted.
Applying a --full
flag to the command prints the bytes in full, e.g.
Total: 18253611008
Used: 7993453766
Free: 1411001220
Trashed: 104857602
Other: 8849156022
A --json
flag generates conveniently computer readable output, e.g.
{
"total": 18253611008,
"used": 7993453766,
"trashed": 104857602,
"other": 8849156022,
"free": 1411001220
}
Not all backends support the rclone about
command.
See List of backends that do not support about
rclone about remote: [flags]
--full Full numbers instead of SI units
-h, --help help for about
--json Format output as JSON
See the global flags page for global options not listed here.
Remote authorization.
Remote authorization. Used to authorize a remote or headless rclone from a machine with a browser - use as instructed by rclone config.
Use the --auth-no-open-browser to prevent rclone to open auth link in default browser automatically.
rclone authorize [flags]
--auth-no-open-browser Do not automatically open auth link in default browser
-h, --help help for authorize
See the global flags page for global options not listed here.
Run a backend specific command.
This runs a backend specific command. The commands themselves (except for "help" and "features") are defined by the backends and you should see the backend docs for definitions.
You can discover what commands a backend implements by using
rclone backend help remote:
rclone backend help <backendname>
You can also discover information about the backend using (see operations/fsinfo in the remote control docs for more info).
rclone backend features remote:
Pass options to the backend command with -o. This should be key=value or key, e.g.:
rclone backend stats remote:path stats -o format=json -o long
Pass arguments to the backend by placing them on the end of the line
rclone backend cleanup remote:path file1 file2 file3
Note to run these commands on a running backend then see backend/command in the rc docs.
rclone backend <command> remote:path [opts] <args> [flags]
-h, --help help for backend
--json Always output in JSON format.
-o, --option stringArray Option in the form name=value or name.
See the global flags page for global options not listed here.
Concatenates any files and sends them to stdout.
rclone cat sends any files to standard output.
You can use it like this to output a single file
rclone cat remote:path/to/file
Or like this to output any file in dir or its subdirectories.
rclone cat remote:path/to/dir
Or like this to output any .txt files in dir or its subdirectories.
rclone --include "*.txt" cat remote:path/to/dir
Use the --head
flag to print characters only at the start, --tail
for the end and --offset
and --count
to print a section in the middle. Note that if offset is negative it will count from the end, so --offset -1 --count 1
is equivalent to --tail 1
.
rclone cat remote:path [flags]
--count int Only print N characters. (default -1)
--discard Discard the output instead of printing.
--head int Only print the first N characters.
-h, --help help for cat
--offset int Start printing at offset N (or from end if -ve).
--tail int Only print the last N characters.
See the global flags page for global options not listed here.
Checks the files in the source against a SUM file.
Checks that hashsums of source files match the SUM file. It compares hashes (MD5, SHA1, etc) and logs a report of files which don't match. It doesn't alter the file system.
If you supply the --download
flag, it will download the data from remote and calculate the contents hash on the fly. This can be useful for remotes that don't support hashes or if you really want to check all the data.
If you supply the --one-way
flag, it will only check that files in the source match the files in the destination, not the other way around. This means that extra files in the destination that are not in the source will not be detected.
The --differ
, --missing-on-dst
, --missing-on-src
, --match
and --error
flags write paths, one per line, to the file name (or stdout if it is -
) supplied. What they write is described in the help below. For example --differ
will write all paths which are present on both the source and destination but different.
The --combined
flag will write a file (or stdout) which contains all file paths with a symbol and then a space and then the path to tell you what happened to it. These are reminiscent of diff files.
= path
means path was found in source and destination and was identical- path
means path was missing on the source, so only in the destination+ path
means path was missing on the destination, so only in the source* path
means path was present in source and destination but different.! path
means there was an error reading or hashing the source or dest.rclone checksum <hash> sumfile src:path [flags]
--combined string Make a combined report of changes to this file
--differ string Report all non-matching files to this file
--download Check by hashing the contents.
--error string Report all files with errors (hashing or reading) to this file
-h, --help help for checksum
--match string Report all matching files to this file
--missing-on-dst string Report all files missing from the destination to this file
--missing-on-src string Report all files missing from the source to this file
--one-way Check one way only, source files must exist on remote
See the global flags page for global options not listed here.
Create a new remote with name, type and options.
Create a new remote of name
with type
and options. The options should be passed in pairs of key
value
or as key=value
.
For example to make a swift remote of name myremote using auto config you would do:
rclone config create myremote swift env_auth true
rclone config create myremote swift env_auth=true
So for example if you wanted to configure a Google Drive remote but using remote authorization you would do this:
rclone config create mydrive drive config_is_local=false
Note that if the config process would normally ask a question the default is taken (unless --non-interactive
is used). Each time that happens rclone will print or DEBUG a message saying how to affect the value taken.
If any of the parameters passed is a password field, then rclone will automatically obscure them if they aren't already obscured before putting them in the config file.
NB If the password parameter is 22 characters or longer and consists only of base64 characters then rclone can get confused about whether the password is already obscured or not and put unobscured passwords into the config file. If you want to be 100% certain that the passwords get obscured then use the --obscure
flag, or if you are 100% certain you are already passing obscured passwords then use --no-obscure
. You can also set obscured passwords using the rclone config password
command.
The flag --non-interactive
is for use by applications that wish to configure rclone themeselves, rather than using rclone's text based configuration questions. If this flag is set, and rclone needs to ask the user a question, a JSON blob will be returned with the question in it.
This will look something like (some irrelevant detail removed):
{
"State": "*oauth-islocal,teamdrive,,",
"Option": {
"Name": "config_is_local",
"Help": "Use auto config?\n * Say Y if not sure\n * Say N if you are working on a remote or headless machine\n",
"Default": true,
"Examples": [
{
"Value": "true",
"Help": "Yes"
},
{
"Value": "false",
"Help": "No"
}
],
"Required": false,
"IsPassword": false,
"Type": "bool",
"Exclusive": true,
},
"Error": "",
}
The format of Option
is the same as returned by rclone config providers
. The question should be asked to the user and returned to rclone as the --result
option along with the --state
parameter.
The keys of Option
are used as follows:
Name
- name of variable - show to userHelp
- help text. Hard wrapped at 80 chars. Any URLs should be clicky.Default
- default value - return this if the user just wants the default.Examples
- the user should be able to choose one of theseRequired
- the value should be non-emptyIsPassword
- the value is a password and should be edited as suchType
- type of value, eg bool
, string
, int
and othersExclusive
- if set no free-form entry allowed only the Examples
Provider
, ShortOpt
, Hide
, NoPrefix
, Advanced
If Error
is set then it should be shown to the user at the same time as the question.
rclone config update name --continue --state "*oauth-islocal,teamdrive,," --result "true"
Note that when using --continue
all passwords should be passed in the clear (not obscured). Any default config values should be passed in with each invocation of --continue
.
At the end of the non interactive process, rclone will return a result with State
as empty string.
If --all
is passed then rclone will ask all the config questions, not just the post config questions. Any parameters are used as defaults for questions as usual.
Note that bin/config.py
in the rclone source implements this protocol as a readable demonstration.
rclone config create `name` `type` [`key` `value`]* [flags]
--all Ask the full set of config questions.
--continue Continue the configuration process with an answer.
-h, --help help for create
--no-obscure Force any passwords not to be obscured.
--non-interactive Don't interact with user and return questions.
--obscure Force any passwords to be obscured.
--result string Result - use with --continue.
--state string State - use with --continue.
See the global flags page for global options not listed here.
Delete an existing remote name
.
rclone config delete `name` [flags]
-h, --help help for delete
See the global flags page for global options not listed here.
Disconnects user from remote
This disconnects the remote: passed in to the cloud storage system.
This normally means revoking the oauth token.
To reconnect use "rclone config reconnect".
rclone config disconnect remote: [flags]
-h, --help help for disconnect
See the global flags page for global options not listed here.
Dump the config file as JSON.
rclone config dump [flags]
-h, --help help for dump
See the global flags page for global options not listed here.
Enter an interactive configuration session.
Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration.
rclone config edit [flags]
-h, --help help for edit
See the global flags page for global options not listed here.
Show path of configuration file in use.
rclone config file [flags]
-h, --help help for file
See the global flags page for global options not listed here.
Update password in an existing remote.
Update an existing remote's password. The password should be passed in pairs of key
password
or as key=password
. The password
should be passed in in clear (unobscured).
For example to set password of a remote of name myremote you would do:
rclone config password myremote fieldname mypassword
rclone config password myremote fieldname=mypassword
This command is obsolete now that "config update" and "config create" both support obscuring passwords directly.
rclone config password `name` [`key` `value`]+ [flags]
-h, --help help for password
See the global flags page for global options not listed here.
List in JSON format all the providers and options.
rclone config providers [flags]
-h, --help help for providers
See the global flags page for global options not listed here.
Re-authenticates user with remote.
This reconnects remote: passed in to the cloud storage system.
To disconnect the remote use "rclone config disconnect".
This normally means going through the interactive oauth flow again.
rclone config reconnect remote: [flags]
-h, --help help for reconnect
See the global flags page for global options not listed here.
Print (decrypted) config file, or the config for a single remote.
rclone config show [<remote>] [flags]
-h, --help help for show
See the global flags page for global options not listed here.
Ensure configuration file exists.
rclone config touch [flags]
-h, --help help for touch
See the global flags page for global options not listed here.
Update options in an existing remote.
Update an existing remote's options. The options should be passed in pairs of key
value
or as key=value
.
For example to update the env_auth field of a remote of name myremote you would do:
rclone config update myremote env_auth true
rclone config update myremote env_auth=true
If the remote uses OAuth the token will be updated, if you don't require this add an extra parameter thus:
rclone config update myremote env_auth=true config_refresh_token=false
Note that if the config process would normally ask a question the default is taken (unless --non-interactive
is used). Each time that happens rclone will print or DEBUG a message saying how to affect the value taken.
If any of the parameters passed is a password field, then rclone will automatically obscure them if they aren't already obscured before putting them in the config file.
NB If the password parameter is 22 characters or longer and consists only of base64 characters then rclone can get confused about whether the password is already obscured or not and put unobscured passwords into the config file. If you want to be 100% certain that the passwords get obscured then use the --obscure
flag, or if you are 100% certain you are already passing obscured passwords then use --no-obscure
. You can also set obscured passwords using the rclone config password
command.
The flag --non-interactive
is for use by applications that wish to configure rclone themeselves, rather than using rclone's text based configuration questions. If this flag is set, and rclone needs to ask the user a question, a JSON blob will be returned with the question in it.
This will look something like (some irrelevant detail removed):
{
"State": "*oauth-islocal,teamdrive,,",
"Option": {
"Name": "config_is_local",
"Help": "Use auto config?\n * Say Y if not sure\n * Say N if you are working on a remote or headless machine\n",
"Default": true,
"Examples": [
{
"Value": "true",
"Help": "Yes"
},
{
"Value": "false",
"Help": "No"
}
],
"Required": false,
"IsPassword": false,
"Type": "bool",
"Exclusive": true,
},
"Error": "",
}
The format of Option
is the same as returned by rclone config providers
. The question should be asked to the user and returned to rclone as the --result
option along with the --state
parameter.
The keys of Option
are used as follows:
Name
- name of variable - show to userHelp
- help text. Hard wrapped at 80 chars. Any URLs should be clicky.Default
- default value - return this if the user just wants the default.Examples
- the user should be able to choose one of theseRequired
- the value should be non-emptyIsPassword
- the value is a password and should be edited as suchType
- type of value, eg bool
, string
, int
and othersExclusive
- if set no free-form entry allowed only the Examples
Provider
, ShortOpt
, Hide
, NoPrefix
, Advanced
If Error
is set then it should be shown to the user at the same time as the question.
rclone config update name --continue --state "*oauth-islocal,teamdrive,," --result "true"
Note that when using --continue
all passwords should be passed in the clear (not obscured). Any default config values should be passed in with each invocation of --continue
.
At the end of the non interactive process, rclone will return a result with State
as empty string.
If --all
is passed then rclone will ask all the config questions, not just the post config questions. Any parameters are used as defaults for questions as usual.
Note that bin/config.py
in the rclone source implements this protocol as a readable demonstration.
rclone config update `name` [`key` `value`]+ [flags]
--all Ask the full set of config questions.
--continue Continue the configuration process with an answer.
-h, --help help for update
--no-obscure Force any passwords not to be obscured.
--non-interactive Don't interact with user and return questions.
--obscure Force any passwords to be obscured.
--result string Result - use with --continue.
--state string State - use with --continue.
See the global flags page for global options not listed here.
Prints info about logged in user of remote.
This prints the details of the person logged in to the cloud storage system.
rclone config userinfo remote: [flags]
-h, --help help for userinfo
--json Format output as JSON
See the global flags page for global options not listed here.
Copy files from source to dest, skipping already copied.
If source:path is a file or directory then it copies it to a file or directory named dest:path.
This can be used to upload single files to other than their current name. If the source is a directory then it acts exactly like the copy command.
So
rclone copyto src dst
where src and dst are rclone paths, either remote:path or /path/to/local or C:.
This will:
if src is file
copy it to dst, overwriting an existing file if it exists
if src is directory
copy it to dst, overwriting existing files if they exist
see copy command for full details
This doesn't transfer unchanged files, testing by size and modification time or MD5SUM. It doesn't delete files from the destination.
Note: Use the -P
/--progress
flag to view real-time transfer statistics
rclone copyto source:path dest:path [flags]
-h, --help help for copyto
See the global flags page for global options not listed here.
Copy url content to dest.
Download a URL's content and copy it to the destination without saving it in temporary storage.
Setting --auto-filename
will cause the file name to be retrieved from the URL (after any redirections) and used in the destination path. With --print-filename
in addition, the resulting file name will be printed.
Setting --no-clobber
will prevent overwriting file on the destination if there is one with the same name.
Setting --stdout
or making the output file name -
will cause the output to be written to standard output.
rclone copyurl https://example.com dest:path [flags]
-a, --auto-filename Get the file name from the URL and use it for destination file path
-h, --help help for copyurl
--no-clobber Prevent overwriting file with same name
-p, --print-filename Print the resulting name from --auto-filename
--stdout Write the output to stdout rather than a file
See the global flags page for global options not listed here.
Cryptcheck checks the integrity of a crypted remote.
rclone cryptcheck checks a remote against a crypted remote. This is the equivalent of running rclone check, but able to check the checksums of the crypted remote.
For it to work the underlying remote of the cryptedremote must support some kind of checksum.
It works by reading the nonce from each file on the cryptedremote: and using that to encrypt each file on the remote:. It then checks the checksum of the underlying file on the cryptedremote: against the checksum of the file it has just encrypted.
Use it like this
rclone cryptcheck /path/to/files encryptedremote:path
You can use it like this also, but that will involve downloading all the files in remote:path.
rclone cryptcheck remote:path encryptedremote:path
After it has run it will log the status of the encryptedremote:.
If you supply the --one-way
flag, it will only check that files in the source match the files in the destination, not the other way around. This means that extra files in the destination that are not in the source will not be detected.
The --differ
, --missing-on-dst
, --missing-on-src
, --match
and --error
flags write paths, one per line, to the file name (or stdout if it is -
) supplied. What they write is described in the help below. For example --differ
will write all paths which are present on both the source and destination but different.
The --combined
flag will write a file (or stdout) which contains all file paths with a symbol and then a space and then the path to tell you what happened to it. These are reminiscent of diff files.
= path
means path was found in source and destination and was identical- path
means path was missing on the source, so only in the destination+ path
means path was missing on the destination, so only in the source* path
means path was present in source and destination but different.! path
means there was an error reading or hashing the source or dest.rclone cryptcheck remote:path cryptedremote:path [flags]
--combined string Make a combined report of changes to this file
--differ string Report all non-matching files to this file
--error string Report all files with errors (hashing or reading) to this file
-h, --help help for cryptcheck
--match string Report all matching files to this file
--missing-on-dst string Report all files missing from the destination to this file
--missing-on-src string Report all files missing from the source to this file
--one-way Check one way only, source files must exist on remote
See the global flags page for global options not listed here.
Cryptdecode returns unencrypted file names.
rclone cryptdecode returns unencrypted file names when provided with a list of encrypted file names. List limit is 10 items.
If you supply the --reverse flag, it will return encrypted file names.
use it like this
rclone cryptdecode encryptedremote: encryptedfilename1 encryptedfilename2
rclone cryptdecode --reverse encryptedremote: filename1 filename2
Another way to accomplish this is by using the rclone backend encode
(or decode
)command. See the documentation on the crypt
overlay for more info.
rclone cryptdecode encryptedremote: encryptedfilename [flags]
-h, --help help for cryptdecode
--reverse Reverse cryptdecode, encrypts filenames
See the global flags page for global options not listed here.
Remove a single file from remote.
Remove a single file from remote. Unlike delete
it cannot be used to remove a directory and it doesn't obey include/exclude filters - if the specified file exists, it will always be removed.
rclone deletefile remote:path [flags]
-h, --help help for deletefile
See the global flags page for global options not listed here.
Output completion script for a given shell.
Generates a shell completion script for rclone. Run with --help to list the supported shells.
-h, --help help for genautocomplete
See the global flags page for global options not listed here.
Output bash completion script for rclone.
Generates a bash shell autocompletion script for rclone.
This writes to /etc/bash_completion.d/rclone by default so will probably need to be run with sudo or as root, e.g.
sudo rclone genautocomplete bash
Logout and login again to use the autocompletion scripts, or source them directly
. /etc/bash_completion
If you supply a command line argument the script will be written there.
If output_file is "-", then the output will be written to stdout.
rclone genautocomplete bash [output_file] [flags]
-h, --help help for bash
See the global flags page for global options not listed here.
Output fish completion script for rclone.
Generates a fish autocompletion script for rclone.
This writes to /etc/fish/completions/rclone.fish by default so will probably need to be run with sudo or as root, e.g.
sudo rclone genautocomplete fish
Logout and login again to use the autocompletion scripts, or source them directly
. /etc/fish/completions/rclone.fish
If you supply a command line argument the script will be written there.
If output_file is "-", then the output will be written to stdout.
rclone genautocomplete fish [output_file] [flags]
-h, --help help for fish
See the global flags page for global options not listed here.
Output zsh completion script for rclone.
Generates a zsh autocompletion script for rclone.
This writes to /usr/share/zsh/vendor-completions/_rclone by default so will probably need to be run with sudo or as root, e.g.
sudo rclone genautocomplete zsh
Logout and login again to use the autocompletion scripts, or source them directly
autoload -U compinit && compinit
If you supply a command line argument the script will be written there.
If output_file is "-", then the output will be written to stdout.
rclone genautocomplete zsh [output_file] [flags]
-h, --help help for zsh
See the global flags page for global options not listed here.
Output markdown docs for rclone to the directory supplied.
This produces markdown docs for the rclone commands to the directory supplied. These are in a format suitable for hugo to render into the rclone.org website.
rclone gendocs output_directory [flags]
-h, --help help for gendocs
See the global flags page for global options not listed here.
Produces a hashsum file for all the objects in the path.
Produces a hash file for all the objects in the path using the hash named. The output is in the same format as the standard md5sum/sha1sum tool.
By default, the hash is requested from the remote. If the hash is not supported by the remote, no hash will be returned. With the download flag, the file will be downloaded from the remote and hashed locally enabling any hash for any remote.
Run without a hash to see the list of all supported hashes, e.g.
$ rclone hashsum
Supported hashes are:
* md5
* sha1
* whirlpool
* crc32
* dropbox
* mailru
* quickxor
Then
$ rclone hashsum MD5 remote:path
Note that hash names are case insensitive.
rclone hashsum <hash> remote:path [flags]
--base64 Output base64 encoded hashsum
-C, --checkfile string Validate hashes against a given SUM file instead of printing them
--download Download the file and hash it locally; if this flag is not specified, the hash is requested from the remote
-h, --help help for hashsum
--output-file string Output hashsums to a file rather than the terminal
See the global flags page for global options not listed here.
Generate public link to file/folder.
rclone link will create, retrieve or remove a public link to the given file or folder.
rclone link remote:path/to/file
rclone link remote:path/to/folder/
rclone link --unlink remote:path/to/folder/
rclone link --expire 1d remote:path/to/file
If you supply the --expire flag, it will set the expiration time otherwise it will use the default (100 years). Note not all backends support the --expire flag - if the backend doesn't support it then the link returned won't expire.
Use the --unlink flag to remove existing public links to the file or folder. Note not all backends support "--unlink" flag - those that don't will just ignore it.
If successful, the last line of the output will contain the link. Exact capabilities depend on the remote, but the link will always by default be created with the least constraints – e.g. no expiry, no password protection, accessible without account.
rclone link remote:path [flags]
--expire Duration The amount of time that the link will be valid (default off)
-h, --help help for link
--unlink Remove existing public link to file/folder
See the global flags page for global options not listed here.
List all the remotes in the config file.
rclone listremotes lists all the available remotes from the config file.
When uses with the -l flag it lists the types too.
rclone listremotes [flags]
-h, --help help for listremotes
--long Show the type as well as names.
See the global flags page for global options not listed here.
List directories and objects in remote:path formatted for parsing.
List the contents of the source path (directories and objects) to standard output in a form which is easy to parse by scripts. By default this will just be the names of the objects and directories, one per line. The directories will have a / suffix.
Eg
$ rclone lsf swift:bucket
bevajer5jef
canole
diwogej7
ferejej3gux/
fubuwic
Use the --format option to control what gets listed. By default this is just the path, but you can use these parameters to control the output:
p - path
s - size
t - modification time
h - hash
i - ID of object
o - Original ID of underlying object
m - MimeType of object if known
e - encrypted name
T - tier of storage if known, e.g. "Hot" or "Cool"
So if you wanted the path, size and modification time, you would use --format "pst", or maybe --format "tsp" to put the path last.
Eg
$ rclone lsf --format "tsp" swift:bucket
2016-06-25 18:55:41;60295;bevajer5jef
2016-06-25 18:55:43;90613;canole
2016-06-25 18:55:43;94467;diwogej7
2018-04-26 08:50:45;0;ferejej3gux/
2016-06-25 18:55:40;37600;fubuwic
If you specify "h" in the format you will get the MD5 hash by default, use the "--hash" flag to change which hash you want. Note that this can be returned as an empty string if it isn't available on the object (and for directories), "ERROR" if there was an error reading it from the object and "UNSUPPORTED" if that object does not support that hash type.
For example to emulate the md5sum command you can use
rclone lsf -R --hash MD5 --format hp --separator " " --files-only .
Eg
$ rclone lsf -R --hash MD5 --format hp --separator " " --files-only swift:bucket
7908e352297f0f530b84a756f188baa3 bevajer5jef
cd65ac234e6fea5925974a51cdd865cc canole
03b5341b4f234b9d984d03ad076bae91 diwogej7
8fd37c3810dd660778137ac3a66cc06d fubuwic
99713e14a4c4ff553acaf1930fad985b gixacuh7ku
(Though "rclone md5sum ." is an easier way of typing this.)
By default the separator is ";" this can be changed with the --separator flag. Note that separators aren't escaped in the path so putting it last is a good strategy.
Eg
$ rclone lsf --separator "," --format "tshp" swift:bucket
2016-06-25 18:55:41,60295,7908e352297f0f530b84a756f188baa3,bevajer5jef
2016-06-25 18:55:43,90613,cd65ac234e6fea5925974a51cdd865cc,canole
2016-06-25 18:55:43,94467,03b5341b4f234b9d984d03ad076bae91,diwogej7
2018-04-26 08:52:53,0,,ferejej3gux/
2016-06-25 18:55:40,37600,8fd37c3810dd660778137ac3a66cc06d,fubuwic
You can output in CSV standard format. This will escape things in " if they contain ,
Eg
$ rclone lsf --csv --files-only --format ps remote:path
test.log,22355
test.sh,449
"this file contains a comma, in the file name.txt",6
Note that the --absolute parameter is useful for making lists of files to pass to an rclone copy with the --files-from-raw flag.
For example to find all the files modified within one day and copy those only (without traversing the whole directory structure):
rclone lsf --absolute --files-only --max-age 1d /path/to/local > new_files
rclone copy --files-from-raw new_files /path/to/local remote:path
Any of the filtering options can be applied to this command.
There are several related list commands
ls
to list size and path of objects onlylsl
to list modification time, size and path of objects onlylsd
to list directories onlylsf
to list objects and directories in easy to parse formatlsjson
to list objects and directories in JSON formatls
,lsl
,lsd
are designed to be human readable. lsf
is designed to be human and machine readable. lsjson
is designed to be machine readable.
Note that ls
and lsl
recurse by default - use --max-depth 1
to stop the recursion.
The other list commands lsd
,lsf
,lsjson
do not recurse by default - use -R
to make them recurse.
Listing a non existent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket based remotes).
rclone lsf remote:path [flags]
--absolute Put a leading / in front of path names.
--csv Output in CSV format.
-d, --dir-slash Append a slash to directory names. (default true)
--dirs-only Only list directories.
--files-only Only list files.
-F, --format string Output format - see help for details (default "p")
--hash h Use this hash when h is used in the format MD5|SHA-1|DropboxHash (default "md5")
-h, --help help for lsf
-R, --recursive Recurse into the listing.
-s, --separator string Separator for the items in the format. (default ";")
See the global flags page for global options not listed here.
List directories and objects in the path in JSON format.
List directories and objects in the path in JSON format.
The output is an array of Items, where each Item looks like this
{ "Hashes" : { "SHA-1" : "f572d396fae9206628714fb2ce00f72e94f2258f", "MD5" : "b1946ac92492d2347c6235b4d2611184", "DropboxHash" : "ecb65bb98f9d905b70458986c39fcbad7715e5f2fcc3b1f07767d7c83e2438cc" }, "ID": "y2djkhiujf83u33", "OrigID": "UYOJVTUW00Q1RzTDA", "IsBucket" : false, "IsDir" : false, "MimeType" : "application/octet-stream", "ModTime" : "2017-05-31T16:15:57.034468261+01:00", "Name" : "file.txt", "Encrypted" : "v0qpsdq8anpci8n929v3uu9338", "EncryptedPath" : "kja9098349023498/v0qpsdq8anpci8n929v3uu9338", "Path" : "full/path/goes/here/file.txt", "Size" : 6, "Tier" : "hot", }
If --hash is not specified the Hashes property won't be emitted. The types of hash can be specified with the --hash-type parameter (which may be repeated). If --hash-type is set then it implies --hash.
If --no-modtime is specified then ModTime will be blank. This can speed things up on remotes where reading the ModTime takes an extra request (e.g. s3, swift).
If --no-mimetype is specified then MimeType will be blank. This can speed things up on remotes where reading the MimeType takes an extra request (e.g. s3, swift).
If --encrypted is not specified the Encrypted won't be emitted.
If --dirs-only is not specified files in addition to directories are returned
If --files-only is not specified directories in addition to the files will be returned.
The Path field will only show folders below the remote path being listed. If "remote:path" contains the file "subfolder/file.txt", the Path for "file.txt" will be "subfolder/file.txt", not "remote:path/subfolder/file.txt". When used without --recursive the Path will always be the same as Name.
If the directory is a bucket in a bucket based backend, then "IsBucket" will be set to true. This key won't be present unless it is "true".
The time is in RFC3339 format with up to nanosecond precision. The number of decimal digits in the seconds will depend on the precision that the remote can hold the times, so if times are accurate to the nearest millisecond (e.g. Google Drive) then 3 digits will always be shown ("2017-05-31T16:15:57.034+01:00") whereas if the times are accurate to the nearest second (Dropbox, Box, WebDav, etc.) no digits will be shown ("2017-05-31T16:15:57+01:00").
The whole output can be processed as a JSON blob, or alternatively it can be processed line by line as each item is written one to a line.
Any of the filtering options can be applied to this command.
There are several related list commands
ls
to list size and path of objects onlylsl
to list modification time, size and path of objects onlylsd
to list directories onlylsf
to list objects and directories in easy to parse formatlsjson
to list objects and directories in JSON formatls
,lsl
,lsd
are designed to be human readable. lsf
is designed to be human and machine readable. lsjson
is designed to be machine readable.
Note that ls
and lsl
recurse by default - use --max-depth 1
to stop the recursion.
The other list commands lsd
,lsf
,lsjson
do not recurse by default - use -R
to make them recurse.
Listing a non existent directory will produce an error except for remotes which can't have empty directories (e.g. s3, swift, or gcs - the bucket based remotes).
rclone lsjson remote:path [flags]
--dirs-only Show only directories in the listing.
-M, --encrypted Show the encrypted names.
--files-only Show only files in the listing.
--hash Include hashes in the output (may take longer).
--hash-type stringArray Show only this hash type (may be repeated).
-h, --help help for lsjson
--no-mimetype Don't read the mime type (can speed things up).
--no-modtime Don't read the modification time (can speed things up).
--original Show the ID of the underlying Object.
-R, --recursive Recurse into the listing.
See the global flags page for global options not listed here.
Mount the remote as file system on a mountpoint.
rclone mount allows Linux, FreeBSD, macOS and Windows to mount any of Rclone's cloud storage systems as a file system with FUSE.
First set up your remote using rclone config
. Check it works with rclone ls
etc.
On Linux and OSX, you can either run mount in foreground mode or background (daemon) mode. Mount runs in foreground mode by default, use the --daemon
flag to specify background mode. You can only run mount in foreground mode on Windows.
On Linux/macOS/FreeBSD start the mount like this, where /path/to/local/mount
is an empty existing directory:
rclone mount remote:path/to/files /path/to/local/mount
On Windows you can start a mount in different ways. See below for details. The following examples will mount to an automatically assigned drive, to specific drive letter X:
, to path C:\path\parent\mount
(where parent directory or drive must exist, and mount must not exist, and is not supported when mounting as a network drive), and the last example will mount as network share \\cloud\remote
and map it to an automatically assigned drive:
rclone mount remote:path/to/files *
rclone mount remote:path/to/files X:
rclone mount remote:path/to/files C:\path\parent\mount
rclone mount remote:path/to/files \\cloud\remote
When the program ends while in foreground mode, either via Ctrl+C or receiving a SIGINT or SIGTERM signal, the mount should be automatically stopped.
When running in background mode the user will have to stop the mount manually:
# Linux
fusermount -u /path/to/local/mount
# OS X
umount /path/to/local/mount
The umount operation can fail, for example when the mountpoint is busy. When that happens, it is the user's responsibility to stop the mount manually.
The size of the mounted file system will be set according to information retrieved from the remote, the same as returned by the rclone about command. Remotes with unlimited storage may report the used size only, then an additional 1 PiB of free space is assumed. If the remote does not support the about feature at all, then 1 PiB is set as both the total and the free size.
Note: As of rclone
1.52.2, rclone mount
now requires Go version 1.13 or newer on some platforms depending on the underlying FUSE library in use.
To run rclone mount on Windows, you will need to download and install WinFsp.
WinFsp is an open source Windows File System Proxy which makes it easy to write user space file systems for Windows. It provides a FUSE emulation layer which rclone uses combination with cgofuse. Both of these packages are by Bill Zissimopoulos who was very helpful during the implementation of rclone mount for Windows.
Unlike other operating systems, Microsoft Windows provides a different filesystem type for network and fixed drives. It optimises access on the assumption fixed disk drives are fast and reliable, while network drives have relatively high latency and less reliability. Some settings can also be differentiated between the two types, for example that Windows Explorer should just display icons and not create preview thumbnails for image and video files on network drives.
In most cases, rclone will mount the remote as a normal, fixed disk drive by default. However, you can also choose to mount it as a remote network drive, often described as a network share. If you mount an rclone remote using the default, fixed drive mode and experience unexpected program errors, freezes or other issues, consider mounting as a network drive instead.
When mounting as a fixed disk drive you can either mount to an unused drive letter, or to a path representing a non-existent subdirectory of an existing parent directory or drive. Using the special value *
will tell rclone to automatically assign the next available drive letter, starting with Z: and moving backward. Examples:
rclone mount remote:path/to/files *
rclone mount remote:path/to/files X:
rclone mount remote:path/to/files C:\path\parent\mount
rclone mount remote:path/to/files X:
Option --volname
can be used to set a custom volume name for the mounted file system. The default is to use the remote name and path.
To mount as network drive, you can add option --network-mode
to your mount command. Mounting to a directory path is not supported in this mode, it is a limitation Windows imposes on junctions, so the remote must always be mounted to a drive letter.
rclone mount remote:path/to/files X: --network-mode
A volume name specified with --volname
will be used to create the network share path. A complete UNC path, such as \\cloud\remote
, optionally with path \\cloud\remote\madeup\path
, will be used as is. Any other string will be used as the share part, after a default prefix \\server\
. If no volume name is specified then \\server\share
will be used. You must make sure the volume name is unique when you are mounting more than one drive, or else the mount command will fail. The share name will treated as the volume label for the mapped drive, shown in Windows Explorer etc, while the complete \\server\share
will be reported as the remote UNC path by net use
etc, just like a normal network drive mapping.
If you specify a full network share UNC path with --volname
, this will implicitely set the --network-mode
option, so the following two examples have same result:
rclone mount remote:path/to/files X: --network-mode
rclone mount remote:path/to/files X: --volname \\server\share
You may also specify the network share UNC path as the mountpoint itself. Then rclone will automatically assign a drive letter, same as with *
and use that as mountpoint, and instead use the UNC path specified as the volume name, as if it were specified with the --volname
option. This will also implicitely set the --network-mode
option. This means the following two examples have same result:
rclone mount remote:path/to/files \\cloud\remote
rclone mount remote:path/to/files * --volname \\cloud\remote
There is yet another way to enable network mode, and to set the share path, and that is to pass the "native" libfuse/WinFsp option directly: --fuse-flag --VolumePrefix=\server\share
. Note that the path must be with just a single backslash prefix in this case.
Note: In previous versions of rclone this was the only supported method.
See also Limitations section below.
The FUSE emulation layer on Windows must convert between the POSIX-based permission model used in FUSE, and the permission model used in Windows, based on access-control lists (ACL).
The mounted filesystem will normally get three entries in its access-control list (ACL), representing permissions for the POSIX permission scopes: Owner, group and others. By default, the owner and group will be taken from the current user, and the built-in group "Everyone" will be used to represent others. The user/group can be customized with FUSE options "UserName" and "GroupName", e.g. -o UserName=user123 -o GroupName="Authenticated Users"
.
The permissions on each entry will be set according to options --dir-perms
and --file-perms
, which takes a value in traditional numeric notation, where the default corresponds to --file-perms 0666 --dir-perms 0777
.
Note that the mapping of permissions is not always trivial, and the result you see in Windows Explorer may not be exactly like you expected. For example, when setting a value that includes write access, this will be mapped to individual permissions "write attributes", "write data" and "append data", but not "write extended attributes". Windows will then show this as basic permission "Special" instead of "Write", because "Write" includes the "write extended attributes" permission.
If you set POSIX permissions for only allowing access to the owner, using --file-perms 0600 --dir-perms 0700
, the user group and the built-in "Everyone" group will still be given some special permissions, such as "read attributes" and "read permissions", in Windows. This is done for compatibility reasons, e.g. to allow users without additional permissions to be able to read basic metadata about files like in UNIX. One case that may arise is that other programs (incorrectly) interprets this as the file being accessible by everyone. For example an SSH client may warn about "unprotected private key file".
WinFsp 2021 (version 1.9) introduces a new FUSE option "FileSecurity", that allows the complete specification of file security descriptors using SDDL. With this you can work around issues such as the mentioned "unprotected private key file" by specifying -o FileSecurity="D:P(A;;FA;;;OW)"
, for file all access (FA) to the owner (OW).
Drives created as Administrator are not visible to other accounts, not even an account that was elevated to Administrator with the User Account Control (UAC) feature. A result of this is that if you mount to a drive letter from a Command Prompt run as Administrator, and then try to access the same drive from Windows Explorer (which does not run as Administrator), you will not be able to see the mounted drive.
If you don't need to access the drive from applications running with administrative privileges, the easiest way around this is to always create the mount from a non-elevated command prompt.
To make mapped drives available to the user account that created them regardless if elevated or not, there is a special Windows setting called linked connections that can be enabled.
It is also possible to make a drive mount available to everyone on the system, by running the process creating it as the built-in SYSTEM account. There are several ways to do this: One is to use the command-line utility PsExec, from Microsoft's Sysinternals suite, which has option -s
to start processes as the SYSTEM account. Another alternative is to run the mount command from a Windows Scheduled Task, or a Windows Service, configured to run as the SYSTEM account. A third alternative is to use the WinFsp.Launcher infrastructure). Note that when running rclone as another user, it will not use the configuration file from your profile unless you tell it to with the --config
option. Read more in the install documentation.
Note that mapping to a directory path, instead of a drive letter, does not suffer from the same limitations.
Without the use of --vfs-cache-mode
this can only write files sequentially, it can only seek when reading. This means that many applications won't work with their files on an rclone mount without --vfs-cache-mode writes
or --vfs-cache-mode full
. See the VFS File Caching section for more info.
The bucket based remotes (e.g. Swift, S3, Google Compute Storage, B2, Hubic) do not support the concept of empty directories, so empty directories will have a tendency to disappear once they fall out of the directory cache.
Only supported on Linux, FreeBSD, OS X and Windows at the moment.
File systems expect things to be 100% reliable, whereas cloud storage systems are a long way from 100% reliable. The rclone sync/copy commands cope with this with lots of retries. However rclone mount can't use retries in the same way without making local copies of the uploads. Look at the VFS File Caching for solutions to make mount more reliable.
You can use the flag --attr-timeout
to set the time the kernel caches the attributes (size, modification time, etc.) for directory entries.
The default is 1s
which caches files just long enough to avoid too many callbacks to rclone from the kernel.
In theory 0s should be the correct value for filesystems which can change outside the control of the kernel. However this causes quite a few problems such as rclone using too much memory, rclone not serving files to samba and excessive time listing directories.
The kernel can cache the info about a file for the time given by --attr-timeout
. You may see corruption if the remote file changes length during this window. It will show up as either a truncated file or a file with garbage on the end. With --attr-timeout 1s
this is very unlikely but not impossible. The higher you set --attr-timeout
the more likely it is. The default setting of "1s" is the lowest setting which mitigates the problems above.
If you set it higher (10s
or 1m
say) then the kernel will call back to rclone less often making it more efficient, however there is more chance of the corruption issue above.
If files don't change on the remote outside of the control of rclone then there is no chance of corruption.
This is the same as setting the attr_timeout option in mount.fuse.
Note that all the rclone filters can be used to select a subset of the files to be visible in the mount.
When running rclone mount as a systemd service, it is possible to use Type=notify. In this case the service will enter the started state after the mountpoint has been successfully set up. Units having the rclone mount service specified as a requirement will see all files and folders immediately in this mode.
--vfs-read-chunk-size
will enable reading the source objects in parts. This can reduce the used download quota for some remotes by requesting only chunks from the remote that are actually read at the cost of an increased number of requests.
When --vfs-read-chunk-size-limit
is also specified and greater than --vfs-read-chunk-size
, the chunk size for each open file will get doubled for each chunk read, until the specified value is reached. A value of -1
will disable the limit and the chunk size will grow indefinitely.
With --vfs-read-chunk-size 100M
and --vfs-read-chunk-size-limit 0
the following parts will be downloaded: 0-100M, 100M-200M, 200M-300M, 300M-400M and so on. When --vfs-read-chunk-size-limit 500M
is specified, the result would be 0-100M, 100M-300M, 300M-700M, 700M-1200M, 1200M-1700M and so on.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
rclone mount remote:path /path/to/mountpoint [flags]
--allow-non-empty Allow mounting over a non-empty directory. Not supported on Windows.
--allow-other Allow access to other users. Not supported on Windows.
--allow-root Allow access to root user. Not supported on Windows.
--async-read Use asynchronous reads. Not supported on Windows. (default true)
--attr-timeout duration Time for which file/directory attributes are cached. (default 1s)
--daemon Run mount as a daemon (background mode). Not supported on Windows.
--daemon-timeout duration Time limit for rclone to respond to kernel. Not supported on Windows.
--debug-fuse Debug the FUSE internals - needs -v.
--default-permissions Makes kernel enforce access control based on the file mode. Not supported on Windows.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--fuse-flag stringArray Flags or arguments to be passed direct to libfuse/WinFsp. Repeat if required.
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for mount
--max-read-ahead SizeSuffix The number of bytes that can be prefetched for sequential reads. Not supported on Windows. (default 128Ki)
--network-mode Mount as remote network drive, instead of fixed disk drive. Supported on Windows only
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--noappledouble Ignore Apple Double (._) and .DS_Store files. Supported on OSX only. (default true)
--noapplexattr Ignore all "com.apple.*" extended attributes. Supported on OSX only.
-o, --option stringArray Option for libfuse/WinFsp. Repeat if required.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
--volname string Set the volume name. Supported on Windows and OSX only.
--write-back-cache Makes kernel buffer writes before sending them to rclone. Without this, writethrough caching is used. Not supported on Windows.
See the global flags page for global options not listed here.
Move file or directory from source to dest.
If source:path is a file or directory then it moves it to a file or directory named dest:path.
This can be used to rename files or upload single files to other than their existing name. If the source is a directory then it acts exactly like the move command.
So
rclone moveto src dst
where src and dst are rclone paths, either remote:path or /path/to/local or C:.
This will:
if src is file
move it to dst, overwriting an existing file if it exists
if src is directory
move it to dst, overwriting existing files if they exist
see move command for full details
This doesn't transfer unchanged files, testing by size and modification time or MD5SUM. src will be deleted on successful transfer.
Important: Since this can cause data loss, test first with the --dry-run
or the --interactive
/-i
flag.
Note: Use the -P
/--progress
flag to view real-time transfer statistics.
rclone moveto source:path dest:path [flags]
-h, --help help for moveto
See the global flags page for global options not listed here.
Explore a remote with a text based user interface.
This displays a text based user interface allowing the navigation of a remote. It is most useful for answering the question - "What is using all my disk space?".
To make the user interface it first scans the entire remote given and builds an in memory representation. rclone ncdu can be used during this scanning phase and you will see it building up the directory structure as it goes along.
Here are the keys - press '?' to toggle the help on and off
↑,↓ or k,j to Move
→,l to enter
←,h to return
c toggle counts
g toggle graph
a toggle average size in directory
n,s,C,A sort by name,size,count,average size
d delete file/directory
y copy current path to clipboard
Y display current path
^L refresh screen
? to toggle help on and off
q/ESC/c-C to quit
This an homage to the ncdu tool but for rclone remotes. It is missing lots of features at the moment but is useful as it stands.
Note that it might take some time to delete big files/folders. The UI won't respond in the meantime since the deletion is done synchronously.
rclone ncdu remote:path [flags]
-h, --help help for ncdu
See the global flags page for global options not listed here.
Obscure password for use in the rclone config file.
In the rclone config file, human readable passwords are obscured. Obscuring them is done by encrypting them and writing them out in base64. This is not a secure way of encrypting these passwords as rclone can decrypt them - it is to prevent "eyedropping" - namely someone seeing a password in the rclone config file by accident.
Many equally important things (like access tokens) are not obscured in the config file. However it is very hard to shoulder surf a 64 character hex token.
This command can also accept a password through STDIN instead of an argument by passing a hyphen as an argument. This will use the first line of STDIN as the password not including the trailing newline.
echo "secretpassword" | rclone obscure -
If there is no data on STDIN to read, rclone obscure will default to obfuscating the hyphen itself.
If you want to encrypt the config file then please use config file encryption - see rclone config for more info.
rclone obscure password [flags]
-h, --help help for obscure
See the global flags page for global options not listed here.
Run a command against a running rclone.
This runs a command against a running rclone. Use the --url flag to specify an non default URL to connect on. This can be either a ":port" which is taken to mean "http://localhost:port" or a "host:port" which is taken to mean "http://host:port"
A username and password can be passed in with --user and --pass.
Note that --rc-addr, --rc-user, --rc-pass will be read also for --url, --user, --pass.
Arguments should be passed in as parameter=value.
The result will be returned as a JSON object by default.
The --json parameter can be used to pass in a JSON blob as an input instead of key=value arguments. This is the only way of passing in more complicated values.
The -o/--opt option can be used to set a key "opt" with key, value options in the form "-o key=value" or "-o key". It can be repeated as many times as required. This is useful for rc commands which take the "opt" parameter which by convention is a dictionary of strings.
-o key=value -o key2
Will place this in the "opt" value
{"key":"value", "key2","")
The -a/--arg option can be used to set strings in the "arg" value. It can be repeated as many times as required. This is useful for rc commands which take the "arg" parameter which by convention is a list of strings.
-a value -a value2
Will place this in the "arg" value
["value", "value2"]
Use --loopback to connect to the rclone instance running "rclone rc". This is very useful for testing commands without having to run an rclone rc server, e.g.:
rclone rc --loopback operations/about fs=/
Use "rclone rc" to see a list of all possible commands.
rclone rc commands parameter [flags]
-a, --arg stringArray Argument placed in the "arg" array.
-h, --help help for rc
--json string Input JSON - use instead of key=value args.
--loopback If set connect to this rclone instance not via HTTP.
--no-output If set, don't output the JSON result.
-o, --opt stringArray Option in the form name=value or name placed in the "opt" array.
--pass string Password to use to connect to rclone remote control.
--url string URL to connect to rclone remote control. (default "http://localhost:5572/")
--user string Username to use to rclone remote control.
See the global flags page for global options not listed here.
Copies standard input to file on remote.
rclone rcat reads from standard input (stdin) and copies it to a single remote file.
echo "hello world" | rclone rcat remote:path/to/file
ffmpeg - | rclone rcat remote:path/to/file
If the remote file already exists, it will be overwritten.
rcat will try to upload small files in a single request, which is usually more efficient than the streaming/chunked upload endpoints, which use multiple requests. Exact behaviour depends on the remote. What is considered a small file may be set through --streaming-upload-cutoff
. Uploading only starts after the cutoff is reached or if the file ends before that. The data must fit into RAM. The cutoff needs to be small enough to adhere the limits of your remote, please see there. Generally speaking, setting this cutoff too high will decrease your performance.
Use the |--size| flag to preallocate the file in advance at the remote end and actually stream it, even if remote backend doesn't support streaming.
|--size| should be the exact size of the input stream in bytes. If the size of the stream is different in length to the |--size| passed in then the transfer will likely fail.
Note that the upload can also not be retried because the data is not kept around until the upload succeeds. If you need to transfer a lot of data, you're better off caching locally and then rclone move
it to the destination.
rclone rcat remote:path [flags]
-h, --help help for rcat
--size int File size hint to preallocate (default -1)
See the global flags page for global options not listed here.
Run rclone listening to remote control commands only.
This runs rclone so that it only listens to remote control commands.
This is useful if you are controlling rclone via the rc API.
If you pass in a path to a directory, rclone will serve that directory for GET requests on the URL passed in. It will also open the URL in the browser when rclone is run.
See the rc documentation for more info on the rc flags.
rclone rcd <path to files to serve>* [flags]
-h, --help help for rcd
See the global flags page for global options not listed here.
Remove empty directories under the path.
This recursively removes any empty directories (including directories that only contain empty directories), that it finds under the path. The root path itself will also be removed if it is empty, unless you supply the --leave-root
flag.
Use command rmdir
to delete just the empty directory given by path, not recurse.
This is useful for tidying up remotes that rclone has left a lot of empty directories in. For example the delete
command will delete files but leave the directory structure (unless used with option --rmdirs
).
To delete a path and any objects in it, use purge
command.
rclone rmdirs remote:path [flags]
-h, --help help for rmdirs
--leave-root Do not remove root directory if empty
See the global flags page for global options not listed here.
Update the rclone binary.
This command downloads the latest release of rclone and replaces the currently running binary. The download is verified with a hashsum and cryptographically signed signature.
If used without flags (or with implied --stable
flag), this command will install the latest stable release. However, some issues may be fixed (or features added) only in the latest beta release. In such cases you should run the command with the --beta
flag, i.e. rclone selfupdate --beta
. You can check in advance what version would be installed by adding the --check
flag, then repeat the command without it when you are satisfied.
Sometimes the rclone team may recommend you a concrete beta or stable rclone release to troubleshoot your issue or add a bleeding edge feature. The --version VER
flag, if given, will update to the concrete version instead of the latest one. If you omit micro version from VER
(for example 1.53
), the latest matching micro version will be used.
Upon successful update rclone will print a message that contains a previous version number. You will need it if you later decide to revert your update for some reason. Then you'll have to note the previous version and run the following command: rclone selfupdate [--beta] OLDVER
. If the old version contains only dots and digits (for example v1.54.0
) then it's a stable release so you won't need the --beta
flag. Beta releases have an additional information similar to v1.54.0-beta.5111.06f1c0c61
. (if you are a developer and use a locally built rclone, the version number will end with -DEV
, you will have to rebuild it as it obviously can't be distributed).
If you previously installed rclone via a package manager, the package may include local documentation or configure services. You may wish to update with the flag --package deb
or --package rpm
(whichever is correct for your OS) to update these too. This command with the default --package zip
will update only the rclone executable so the local manual may become inaccurate after it.
The rclone mount
command (https://rclone.org/commands/rclone_mount/) may or may not support extended FUSE options depending on the build and OS. selfupdate
will refuse to update if the capability would be discarded.
Note: Windows forbids deletion of a currently running executable so this command will rename the old executable to 'rclone.old.exe' upon success.
Please note that this command was not available before rclone version 1.55. If it fails for you with the message unknown command "selfupdate"
then you will need to update manually following the install instructions located at https://rclone.org/install/
rclone selfupdate [flags]
--beta Install beta release.
--check Check for latest release, do not download.
-h, --help help for selfupdate
--output string Save the downloaded binary at a given path (default: replace running binary)
--package string Package format: zip|deb|rpm (default: zip)
--stable Install stable release (this is the default)
--version string Install the given rclone version (default: latest)
See the global flags page for global options not listed here.
Serve a remote over a protocol.
rclone serve is used to serve a remote over a given protocol. This command requires the use of a subcommand to specify the protocol, e.g.
rclone serve http remote:
Each subcommand has its own options which you can see in their help.
rclone serve <protocol> [opts] <remote> [flags]
-h, --help help for serve
See the global flags page for global options not listed here.
Serve remote:path over DLNA
rclone serve dlna is a DLNA media server for media stored in an rclone remote. Many devices, such as the Xbox and PlayStation, can automatically discover this server in the LAN and play audio/video from it. VLC is also supported. Service discovery uses UDP multicast packets (SSDP) and will thus only work on LANs.
Rclone will list all files present in the remote, without filtering based on media formats or file extensions. Additionally, there is no media transcoding support. This means that some players might show files that they are not able to play back correctly.
Use --addr
to specify which IP address and port the server should listen on, e.g. --addr 1.2.3.4:8000
or --addr :8080
to listen to all IPs.
Use --name
to choose the friendly server name, which is by default "rclone (hostname)".
Use --log-trace
in conjunction with -vv
to enable additional debug logging of all UPNP traffic.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
rclone serve dlna remote:path [flags]
--addr string ip:port or :port to bind the DLNA http server to. (default ":7879")
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for dlna
--log-trace enable trace logging of SOAP traffic
--name string name of DLNA server
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
See the global flags page for global options not listed here.
Serve any remote on docker's volume plugin API.
This command implements the Docker volume plugin API allowing docker to use rclone as a data storage mechanism for various cloud providers. rclone provides docker volume plugin based on it.
To create a docker plugin, one must create a Unix or TCP socket that Docker will look for when you use the plugin and then it listens for commands from docker daemon and runs the corresponding code when necessary. Docker plugins can run as a managed plugin under control of the docker daemon or as an independent native service. For testing, you can just run it directly from the command line, for example:
sudo rclone serve docker --base-dir /tmp/rclone-volumes --socket-addr localhost:8787 -vv
Running rclone serve docker
will create the said socket, listening for commands from Docker to create the necessary Volumes. Normally you need not give the --socket-addr
flag. The API will listen on the unix domain socket at /run/docker/plugins/rclone.sock
. In the example above rclone will create a TCP socket and a small file /etc/docker/plugins/rclone.spec
containing the socket address. We use sudo
because both paths are writeable only by the root user.
If you later decide to change listening socket, the docker daemon must be restarted to reconnect to /run/docker/plugins/rclone.sock
or parse new /etc/docker/plugins/rclone.spec
. Until you restart, any volume related docker commands will timeout trying to access the old socket. Running directly is supported on Linux only, not on Windows or MacOS. This is not a problem with managed plugin mode described in details in the full documentation.
The command will create volume mounts under the path given by --base-dir
(by default /var/lib/docker-volumes/rclone
available only to root) and maintain the JSON formatted file docker-plugin.state
in the rclone cache directory with book-keeping records of created and mounted volumes.
All mount and VFS options are submitted by the docker daemon via API, but you can also provide defaults on the command line as well as set path to the config file and cache directory or adjust logging verbosity.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
rclone serve docker [flags]
--allow-non-empty Allow mounting over a non-empty directory. Not supported on Windows.
--allow-other Allow access to other users. Not supported on Windows.
--allow-root Allow access to root user. Not supported on Windows.
--async-read Use asynchronous reads. Not supported on Windows. (default true)
--attr-timeout duration Time for which file/directory attributes are cached. (default 1s)
--base-dir string base directory for volumes (default "/var/lib/docker-volumes/rclone")
--daemon Run mount as a daemon (background mode). Not supported on Windows.
--daemon-timeout duration Time limit for rclone to respond to kernel. Not supported on Windows.
--debug-fuse Debug the FUSE internals - needs -v.
--default-permissions Makes kernel enforce access control based on the file mode. Not supported on Windows.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--forget-state skip restoring previous state
--fuse-flag stringArray Flags or arguments to be passed direct to libfuse/WinFsp. Repeat if required.
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for docker
--max-read-ahead SizeSuffix The number of bytes that can be prefetched for sequential reads. Not supported on Windows. (default 128Ki)
--network-mode Mount as remote network drive, instead of fixed disk drive. Supported on Windows only
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--no-spec do not write spec file
--noappledouble Ignore Apple Double (._) and .DS_Store files. Supported on OSX only. (default true)
--noapplexattr Ignore all "com.apple.*" extended attributes. Supported on OSX only.
-o, --option stringArray Option for libfuse/WinFsp. Repeat if required.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--socket-addr string <host:port> or absolute path (default: /run/docker/plugins/rclone.sock)
--socket-gid int GID for unix socket (default: current process GID) (default 1000)
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
--volname string Set the volume name. Supported on Windows and OSX only.
--write-back-cache Makes kernel buffer writes before sending them to rclone. Without this, writethrough caching is used. Not supported on Windows.
See the global flags page for global options not listed here.
Serve remote:path over FTP.
rclone serve ftp implements a basic ftp server to serve the remote over FTP protocol. This can be viewed with a ftp client or you can make a remote of type ftp to read and write it.
Use --addr to specify which IP address and port the server should listen on, e.g. --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.
If you set --addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.
By default this will serve files without needing a login.
You can set a single username and password with the --user and --pass flags.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
If you supply the parameter --auth-proxy /path/to/program
then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocol with input on STDIN and output on STDOUT.
PLEASE NOTE: --auth-proxy
and --authorized-keys
cannot be used together, if --auth-proxy
is set the authorized keys option will be ignored.
There is an example program bin/test_proxy.py in the rclone source code.
The program's job is to take a user
and pass
on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won't use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.
This config generated must have this extra parameter - _root
- root to use for the backend
And it may have this parameter - _obscure
- comma separated strings for parameters to obscure
If password authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"pass": "mypassword"
}
If public-key authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
}
And as an example return this on STDOUT
{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}
This would mean that an SFTP backend would be created on the fly for the user
and pass
/public_key
returned in the output to the host given. Note that since _obscure
is set to pass
, rclone will obscure the pass
parameter before creating the backend (which is required for sftp backends).
The program can manipulate the supplied user
in any way, for example to make proxy to many different sftp backends, you could make the user
be user@example.com
and then set the host
to example.com
in the output and the user to user
. For security you'd probably want to restrict the host
to a limited list.
Note that an internal cache is keyed on user
so only use that for configuration, don't use pass
or public_key
. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.
This can be used to build general purpose proxies to any kind of backend that rclone supports.
rclone serve ftp remote:path [flags]
--addr string IPaddress:Port or :Port to bind server to. (default "localhost:2121")
--auth-proxy string A program to use to create the backend from the auth.
--cert string TLS PEM key (concatenation of certificate and CA certificate)
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for ftp
--key string TLS PEM Private key
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication. (empty value allow every password)
--passive-port string Passive port range to use. (default "30000-32000")
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--public-ip string Public IP address to advertise for passive connections.
--read-only Mount read-only.
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--user string User name for authentication. (default "anonymous")
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
See the global flags page for global options not listed here.
Serve the remote over HTTP.
rclone serve http implements a basic web server to serve the remote over HTTP. This can be viewed in a web browser or you can make a remote of type http read from it.
You can use the filter flags (e.g. --include, --exclude) to control what is served.
The server will log errors. Use -v to see access logs.
--bwlimit will be respected for file transfers. Use --stats to control the stats printing.
Use --addr to specify which IP address and port the server should listen on, eg --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.
If you set --addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.
--server-read-timeout and --server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.
--max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.
--baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used --baseurl "/rclone" then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on --baseurl, so --baseurl "rclone", --baseurl "/rclone" and --baseurl "/rclone/" are all treated identically.
By default this will serve over http. If you want you can serve over https. You will need to supply the --cert and --key flags. If you wish to do client side certificate validation then you will need to supply --client-ca also.
--cert should be a either a PEM encoded certificate or a concatenation of that with the CA certificate. --key should be the PEM encoded private key and --client-ca should be the PEM encoded client certificate authority certificate. --template allows a user to specify a custom markup template for http and webdav serve functions. The server exports the following markup to be used within the template to server pages:
Parameter | Description |
---|---|
.Name | The full path of a file/directory. |
.Title | Directory listing of .Name |
.Sort | The current sort used. This is changeable via ?sort= parameter |
Sort Options: namedirfirst,name,size,time (default namedirfirst) | |
.Order | The current ordering used. This is changeable via ?order= parameter |
Order Options: asc,desc (default asc) | |
.Query | Currently unused. |
.Breadcrumb | Allows for creating a relative navigation |
-- .Link | The relative to the root link of the Text. |
-- .Text | The Name of the directory. |
.Entries | Information about a specific file/directory. |
-- .URL | The 'url' of an entry. |
-- .Leaf | Currently same as 'URL' but intended to be 'just' the name. |
-- .IsDir | Boolean for if an entry is a directory or not. |
-- .Size | Size in Bytes of the entry. |
-- .ModTime | The UTC timestamp of an entry. |
By default this will serve files without needing a login.
You can either use an htpasswd file which can take lots of users, or set a single username and password with the --user and --pass flags.
Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.
To create an htpasswd file:
touch htpasswd
htpasswd -B htpasswd user
htpasswd -B htpasswd anotherUser
The password file can be updated while rclone is running.
Use --realm to set the authentication realm.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
rclone serve http remote:path [flags]
--addr string IPaddress:Port or :Port to bind server to. (default "127.0.0.1:8080")
--baseurl string Prefix for URLs - leave blank for root.
--cert string SSL PEM key (concatenation of certificate and CA certificate)
--client-ca string Client certificate authority to verify clients with
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for http
--htpasswd string htpasswd file - if not provided no authentication is done
--key string SSL PEM Private key
--max-header-bytes int Maximum size of request header (default 4096)
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--realm string realm for authentication
--server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--template string User Specified Template.
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--user string User name for authentication.
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
See the global flags page for global options not listed here.
Serve the remote for restic's REST API.
rclone serve restic implements restic's REST backend API over HTTP. This allows restic to use rclone as a data storage mechanism for cloud providers that restic does not support directly.
Restic is a command line program for doing backups.
The server will log errors. Use -v to see access logs.
--bwlimit will be respected for file transfers. Use --stats to control the stats printing.
First set up a remote for your chosen cloud provider.
Once you have set up the remote, check it is working with, for example "rclone lsd remote:". You may have called the remote something other than "remote:" - just substitute whatever you called it in the following instructions.
Now start the rclone restic server
rclone serve restic -v remote:backup
Where you can replace "backup" in the above by whatever path in the remote you wish to use.
By default this will serve on "localhost:8080" you can change this with use of the "--addr" flag.
You might wish to start this server on boot.
Adding --cache-objects=false will cause rclone to stop caching objects returned from the List call. Caching is normally desirable as it speeds up downloading objects, saves transactions and uses very little memory.
Now you can follow the restic instructions on setting up restic.
Note that you will need restic 0.8.2 or later to interoperate with rclone.
For the example above you will want to use "http://localhost:8080/" as the URL for the REST server.
For example:
$ export RESTIC_REPOSITORY=rest:http://localhost:8080/
$ export RESTIC_PASSWORD=yourpassword
$ restic init
created restic backend 8b1a4b56ae at rest:http://localhost:8080/
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
$ restic backup /path/to/files/to/backup
scan [/path/to/files/to/backup]
scanned 189 directories, 312 files in 0:00
[0:00] 100.00% 38.128 MiB / 38.128 MiB 501 / 501 items 0 errors ETA 0:00
duration: 0:00
snapshot 45c8fdd8 saved
Note that you can use the endpoint to host multiple repositories. Do this by adding a directory name or path after the URL. Note that these must end with /. Eg
$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user1repo/
# backup user1 stuff
$ export RESTIC_REPOSITORY=rest:http://localhost:8080/user2repo/
# backup user2 stuff
The "--private-repos" flag can be used to limit users to repositories starting with a path of /<username>/
.
Use --addr to specify which IP address and port the server should listen on, e.g. --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.
If you set --addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.
--server-read-timeout and --server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.
--max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.
--baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used --baseurl "/rclone" then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on --baseurl, so --baseurl "rclone", --baseurl "/rclone" and --baseurl "/rclone/" are all treated identically.
--template allows a user to specify a custom markup template for http and webdav serve functions. The server exports the following markup to be used within the template to server pages:
Parameter | Description |
---|---|
.Name | The full path of a file/directory. |
.Title | Directory listing of .Name |
.Sort | The current sort used. This is changeable via ?sort= parameter |
Sort Options: namedirfirst,name,size,time (default namedirfirst) | |
.Order | The current ordering used. This is changeable via ?order= parameter |
Order Options: asc,desc (default asc) | |
.Query | Currently unused. |
.Breadcrumb | Allows for creating a relative navigation |
-- .Link | The relative to the root link of the Text. |
-- .Text | The Name of the directory. |
.Entries | Information about a specific file/directory. |
-- .URL | The 'url' of an entry. |
-- .Leaf | Currently same as 'URL' but intended to be 'just' the name. |
-- .IsDir | Boolean for if an entry is a directory or not. |
-- .Size | Size in Bytes of the entry. |
-- .ModTime | The UTC timestamp of an entry. |
By default this will serve files without needing a login.
You can either use an htpasswd file which can take lots of users, or set a single username and password with the --user and --pass flags.
Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.
To create an htpasswd file:
touch htpasswd
htpasswd -B htpasswd user
htpasswd -B htpasswd anotherUser
The password file can be updated while rclone is running.
Use --realm to set the authentication realm.
By default this will serve over http. If you want you can serve over https. You will need to supply the --cert and --key flags. If you wish to do client side certificate validation then you will need to supply --client-ca also.
--cert should be either a PEM encoded certificate or a concatenation of that with the CA certificate. --key should be the PEM encoded private key and --client-ca should be the PEM encoded client certificate authority certificate.
rclone serve restic remote:path [flags]
--addr string IPaddress:Port or :Port to bind server to. (default "localhost:8080")
--append-only disallow deletion of repository data
--baseurl string Prefix for URLs - leave blank for root.
--cache-objects cache listed objects (default true)
--cert string SSL PEM key (concatenation of certificate and CA certificate)
--client-ca string Client certificate authority to verify clients with
-h, --help help for restic
--htpasswd string htpasswd file - if not provided no authentication is done
--key string SSL PEM Private key
--max-header-bytes int Maximum size of request header (default 4096)
--pass string Password for authentication.
--private-repos users can only access their private repo
--realm string realm for authentication (default "rclone")
--server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--stdio run an HTTP2 server on stdin/stdout
--template string User Specified Template.
--user string User name for authentication.
See the global flags page for global options not listed here.
Serve the remote over SFTP.
rclone serve sftp implements an SFTP server to serve the remote over SFTP. This can be used with an SFTP client or you can make a remote of type sftp to use with it.
You can use the filter flags (e.g. --include, --exclude) to control what is served.
The server will log errors. Use -v to see access logs.
--bwlimit will be respected for file transfers. Use --stats to control the stats printing.
You must provide some means of authentication, either with --user/--pass, an authorized keys file (specify location with --authorized-keys - the default is the same as ssh), an --auth-proxy, or set the --no-auth flag for no authentication when logging in.
Note that this also implements a small number of shell commands so that it can provide md5sum/sha1sum/df information for the rclone sftp backend. This means that is can support SHA1SUMs, MD5SUMs and the about command when paired with the rclone sftp backend.
If you don't supply a --key then rclone will generate one and cache it for later use.
By default the server binds to localhost:2022 - if you want it to be reachable externally then supply "--addr :2022" for example.
Note that the default of "--vfs-cache-mode off" is fine for the rclone sftp backend, but it may not be with other SFTP clients.
If --stdio is specified, rclone will serve SFTP over stdio, which can be used with sshd via ~/.ssh/authorized_keys, for example:
restrict,command="rclone serve sftp --stdio ./photos" ssh-rsa ...
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
If you supply the parameter --auth-proxy /path/to/program
then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocol with input on STDIN and output on STDOUT.
PLEASE NOTE: --auth-proxy
and --authorized-keys
cannot be used together, if --auth-proxy
is set the authorized keys option will be ignored.
There is an example program bin/test_proxy.py in the rclone source code.
The program's job is to take a user
and pass
on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won't use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.
This config generated must have this extra parameter - _root
- root to use for the backend
And it may have this parameter - _obscure
- comma separated strings for parameters to obscure
If password authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"pass": "mypassword"
}
If public-key authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
}
And as an example return this on STDOUT
{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}
This would mean that an SFTP backend would be created on the fly for the user
and pass
/public_key
returned in the output to the host given. Note that since _obscure
is set to pass
, rclone will obscure the pass
parameter before creating the backend (which is required for sftp backends).
The program can manipulate the supplied user
in any way, for example to make proxy to many different sftp backends, you could make the user
be user@example.com
and then set the host
to example.com
in the output and the user to user
. For security you'd probably want to restrict the host
to a limited list.
Note that an internal cache is keyed on user
so only use that for configuration, don't use pass
or public_key
. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.
This can be used to build general purpose proxies to any kind of backend that rclone supports.
rclone serve sftp remote:path [flags]
--addr string IPaddress:Port or :Port to bind server to. (default "localhost:2022")
--auth-proxy string A program to use to create the backend from the auth.
--authorized-keys string Authorized keys file (default "~/.ssh/authorized_keys")
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--file-perms FileMode File permissions (default 0666)
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for sftp
--key stringArray SSH private host key file (Can be multi-valued, leave blank to auto generate)
--no-auth Allow connections with no authentication if set.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--stdio Run an sftp server on run stdin/stdout
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--user string User name for authentication.
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
See the global flags page for global options not listed here.
Serve remote:path over webdav.
rclone serve webdav implements a basic webdav server to serve the remote over HTTP via the webdav protocol. This can be viewed with a webdav client, through a web browser, or you can make a remote of type webdav to read and write it.
This controls the ETag header. Without this flag the ETag will be based on the ModTime and Size of the object.
If this flag is set to "auto" then rclone will choose the first supported hash on the backend or you can use a named hash such as "MD5" or "SHA-1".
Use "rclone hashsum" to see the full list.
Use --addr to specify which IP address and port the server should listen on, e.g. --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. You can use port :0 to let the OS choose an available port.
If you set --addr to listen on a public or LAN accessible IP address then using Authentication is advised - see the next section for info.
--server-read-timeout and --server-write-timeout can be used to control the timeouts on the server. Note that this is the total time for a transfer.
--max-header-bytes controls the maximum number of bytes the server will accept in the HTTP header.
--baseurl controls the URL prefix that rclone serves from. By default rclone will serve from the root. If you used --baseurl "/rclone" then rclone would serve from a URL starting with "/rclone/". This is useful if you wish to proxy rclone serve. Rclone automatically inserts leading and trailing "/" on --baseurl, so --baseurl "rclone", --baseurl "/rclone" and --baseurl "/rclone/" are all treated identically.
--template allows a user to specify a custom markup template for http and webdav serve functions. The server exports the following markup to be used within the template to server pages:
Parameter | Description |
---|---|
.Name | The full path of a file/directory. |
.Title | Directory listing of .Name |
.Sort | The current sort used. This is changeable via ?sort= parameter |
Sort Options: namedirfirst,name,size,time (default namedirfirst) | |
.Order | The current ordering used. This is changeable via ?order= parameter |
Order Options: asc,desc (default asc) | |
.Query | Currently unused. |
.Breadcrumb | Allows for creating a relative navigation |
-- .Link | The relative to the root link of the Text. |
-- .Text | The Name of the directory. |
.Entries | Information about a specific file/directory. |
-- .URL | The 'url' of an entry. |
-- .Leaf | Currently same as 'URL' but intended to be 'just' the name. |
-- .IsDir | Boolean for if an entry is a directory or not. |
-- .Size | Size in Bytes of the entry. |
-- .ModTime | The UTC timestamp of an entry. |
By default this will serve files without needing a login.
You can either use an htpasswd file which can take lots of users, or set a single username and password with the --user and --pass flags.
Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is in standard apache format and supports MD5, SHA1 and BCrypt for basic authentication. Bcrypt is recommended.
To create an htpasswd file:
touch htpasswd
htpasswd -B htpasswd user
htpasswd -B htpasswd anotherUser
The password file can be updated while rclone is running.
Use --realm to set the authentication realm.
By default this will serve over http. If you want you can serve over https. You will need to supply the --cert and --key flags. If you wish to do client side certificate validation then you will need to supply --client-ca also.
--cert should be either a PEM encoded certificate or a concatenation of that with the CA certificate. --key should be the PEM encoded private key and --client-ca should be the PEM encoded client certificate authority certificate.
This command uses the VFS layer. This adapts the cloud storage objects that rclone uses into something which looks much more like a disk filing system.
Cloud storage objects have lots of properties which aren't like disk files - you can't extend them or write to the middle of them, so the VFS layer has to deal with that. Because there is no one right way of doing this there are various options explained below.
The VFS layer also implements a directory cache - this caches info about files and directories (but not the data) in memory.
Using the --dir-cache-time
flag, you can control how long a directory should be considered up to date and not refreshed from the backend. Changes made through the mount will appear immediately or invalidate the cache.
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
However, changes made directly on the cloud storage by the web interface or a different copy of rclone will only be picked up once the directory cache expires if the backend configured does not support polling for changes. If the backend supports polling, changes will be picked up within the polling interval.
You can send a SIGHUP
signal to rclone for it to flush all directory caches, regardless of how old they are. Assuming only one rclone instance is running, you can reset the cache like this:
kill -SIGHUP $(pidof rclone)
If you configure rclone with a remote control then you can use rclone rc to flush the whole directory cache:
rclone rc vfs/forget
Or individual files or directories:
rclone rc vfs/forget file=path/to/file dir=path/to/dir
The --buffer-size
flag determines the amount of memory, that will be used to buffer data in advance.
Each open file will try to keep the specified amount of data in memory at all times. The buffered data is bound to one open file and won't be shared.
This flag is a upper limit for the used memory per open file. The buffer will only use memory for data that is downloaded but not not yet read. If the buffer is empty, only a small amount of memory will be used.
The maximum memory used by rclone for buffering can be up to --buffer-size * open files
.
These flags control the VFS file caching options. File caching is necessary to make the VFS layer appear compatible with a normal file system. It can be disabled at the cost of some compatibility.
For example you'll need to enable VFS caching if you want to read and write simultaneously to a file. See below for more details.
Note that the VFS cache is separate from the cache backend and you may find that you need one or the other or both.
--cache-dir string Directory rclone will use for caching.
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
If run with -vv
rclone will print the location of the file cache. The files are stored in the user cache file area which is OS dependent but can be controlled with --cache-dir
or setting the appropriate environment variable.
The cache has 4 different modes selected by --vfs-cache-mode
. The higher the cache mode the more compatible rclone becomes at the cost of using disk space.
Note that files are written back to the remote only when they are closed and if they haven't been accessed for --vfs-write-back second. If rclone is quit or dies with files that haven't been uploaded, these will be uploaded next time rclone is run with the same flags.
If using --vfs-cache-max-size
note that the cache may exceed this size for two reasons. Firstly because it is only checked every --vfs-cache-poll-interval
. Secondly because open files cannot be evicted from the cache.
You should not run two copies of rclone using the same VFS cache with the same or overlapping remotes if using --vfs-cache-mode > off
. This can potentially cause data corruption if you do. You can work around this by giving each rclone its own cache hierarchy with --cache-dir
. You don't need to worry about this if the remotes in use don't overlap.
In this mode (the default) the cache will read directly from the remote and write directly to the remote without caching anything on disk.
This will mean some operations are not possible
This is very similar to "off" except that files opened for read AND write will be buffered to disk. This means that files opened for write will be a lot more compatible, but uses the minimal disk space.
These operations are not possible
In this mode files opened for read only are still read directly from the remote, write only and read/write files are buffered to disk first.
This mode should support all normal file system operations.
If an upload fails it will be retried at exponentially increasing intervals up to 1 minute.
In this mode all reads and writes are buffered to and from disk. When data is read from the remote this is buffered to disk as well.
In this mode the files in the cache will be sparse files and rclone will keep track of which bits of the files it has downloaded.
So if an application only reads the starts of each file, then rclone will only buffer the start of the file. These files will appear to be their full size in the cache, but they will be sparse files with only the data that has been downloaded present in them.
This mode should support all normal file system operations and is otherwise identical to --vfs-cache-mode writes.
When reading a file rclone will read --buffer-size plus --vfs-read-ahead bytes ahead. The --buffer-size is buffered in memory whereas the --vfs-read-ahead is buffered on disk.
When using this mode it is recommended that --buffer-size is not set too big and --vfs-read-ahead is set large if required.
IMPORTANT not all file systems support sparse files. In particular FAT/exFAT do not. Rclone will perform very badly if the cache directory is on a filesystem which doesn't support sparse files and it will log an ERROR message if one is detected.
These flags may be used to enable/disable features of the VFS for performance or other reasons.
In particular S3 and Swift benefit hugely from the --no-modtime flag (or use --use-server-modtime for a slightly different effect) as each read of the modification time takes a transaction.
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--read-only Mount read-only.
When rclone reads files from a remote it reads them in chunks. This means that rather than requesting the whole file rclone reads the chunk specified. This is advantageous because some cloud providers account for reads being all the data requested, not all the data delivered.
Rclone will keep doubling the chunk size requested starting at --vfs-read-chunk-size with a maximum of --vfs-read-chunk-size-limit unless it is set to "off" in which case there will be no limit.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128M)
--vfs-read-chunk-size-limit SizeSuffix Max chunk doubling size (default "off")
Sometimes rclone is delivered reads or writes out of order. Rather than seeking rclone will wait a short time for the in sequence read or write to come in. These flags only come into effect when not using an on disk cache file.
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
When using VFS write caching (--vfs-cache-mode with value writes or full), the global flag --transfers can be set to adjust the number of parallel uploads of modified files from cache (the related global flag --checkers have no effect on mount).
--transfers int Number of file transfers to run in parallel. (default 4)
Linux file systems are case-sensitive: two files can differ only by case, and the exact case must be used when opening a file.
File systems in modern Windows are case-insensitive but case-preserving: although existing files can be opened using any case, the exact case used to create the file is preserved and available for programs to query. It is not allowed for two files in the same directory to differ only by case.
Usually file systems on macOS are case-insensitive. It is possible to make macOS file systems case-sensitive but that is not the default
The --vfs-case-insensitive
mount flag controls how rclone handles these two cases. If its value is "false", rclone passes file names to the mounted file system as-is. If the flag is "true" (or appears without a value on command line), rclone may perform a "fixup" as explained below.
The user may specify a file name to open/delete/rename/etc with a case different than what is stored on mounted file system. If an argument refers to an existing file with exactly the same name, then the case of the existing file on the disk will be used. However, if a file name with exactly the same name is not found but a name differing only by case exists, rclone will transparently fixup the name. This fixup happens only when an existing file is requested. Case sensitivity of file names created anew by rclone is controlled by an underlying mounted file system.
Note that case sensitivity of the operating system running rclone (the target) may differ from case sensitivity of a file system mounted by rclone (the source). The flag controls whether "fixup" is performed to satisfy the target.
If the flag is not provided on the command line, then its default value depends on the operating system where rclone runs: "true" on Windows and macOS, "false" otherwise. If the flag is provided without a value, then it is "true".
Some backends, most notably S3, do not report the amount of bytes used. If you need this information to be available when running df
on the filesystem, then pass the flag --vfs-used-is-size
to rclone. With this flag set, instead of relying on the backend to report this information, rclone will scan the whole remote similar to rclone size
and compute the total used space itself.
WARNING. Contrary to rclone size
, this flag ignores filters so that the result is accurate. However, this is very inefficient and may cost lots of API calls resulting in extra charges. Use it as a last resort and only with caching.
If you supply the parameter --auth-proxy /path/to/program
then rclone will use that program to generate backends on the fly which then are used to authenticate incoming requests. This uses a simple JSON based protocol with input on STDIN and output on STDOUT.
PLEASE NOTE: --auth-proxy
and --authorized-keys
cannot be used together, if --auth-proxy
is set the authorized keys option will be ignored.
There is an example program bin/test_proxy.py in the rclone source code.
The program's job is to take a user
and pass
on the input and turn those into the config for a backend on STDOUT in JSON format. This config will have any default parameters for the backend added, but it won't use configuration from environment variables or command line options - it is the job of the proxy program to make a complete config.
This config generated must have this extra parameter - _root
- root to use for the backend
And it may have this parameter - _obscure
- comma separated strings for parameters to obscure
If password authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"pass": "mypassword"
}
If public-key authentication was used by the client, input to the proxy process (on STDIN) would look similar to this:
{
"user": "me",
"public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDuwESFdAe14hVS6omeyX7edc...JQdf"
}
And as an example return this on STDOUT
{
"type": "sftp",
"_root": "",
"_obscure": "pass",
"user": "me",
"pass": "mypassword",
"host": "sftp.example.com"
}
This would mean that an SFTP backend would be created on the fly for the user
and pass
/public_key
returned in the output to the host given. Note that since _obscure
is set to pass
, rclone will obscure the pass
parameter before creating the backend (which is required for sftp backends).
The program can manipulate the supplied user
in any way, for example to make proxy to many different sftp backends, you could make the user
be user@example.com
and then set the host
to example.com
in the output and the user to user
. For security you'd probably want to restrict the host
to a limited list.
Note that an internal cache is keyed on user
so only use that for configuration, don't use pass
or public_key
. This also means that if a user's password or public-key is changed the cache will need to expire (which takes 5 mins) before it takes effect.
This can be used to build general purpose proxies to any kind of backend that rclone supports.
rclone serve webdav remote:path [flags]
--addr string IPaddress:Port or :Port to bind server to. (default "localhost:8080")
--auth-proxy string A program to use to create the backend from the auth.
--baseurl string Prefix for URLs - leave blank for root.
--cert string SSL PEM key (concatenation of certificate and CA certificate)
--client-ca string Client certificate authority to verify clients with
--dir-cache-time duration Time to cache directory entries for. (default 5m0s)
--dir-perms FileMode Directory permissions (default 0777)
--disable-dir-list Disable HTML directory list on GET request for a directory
--etag-hash string Which hash to use for the ETag, or auto or blank for off
--file-perms FileMode File permissions (default 0666)
--gid uint32 Override the gid field set by the filesystem. Not supported on Windows. (default 1000)
-h, --help help for webdav
--htpasswd string htpasswd file - if not provided no authentication is done
--key string SSL PEM Private key
--max-header-bytes int Maximum size of request header (default 4096)
--no-checksum Don't compare checksums on up/download.
--no-modtime Don't read/write the modification time (can speed things up).
--no-seek Don't allow seeking in files.
--pass string Password for authentication.
--poll-interval duration Time to wait between polling for changes. Must be smaller than dir-cache-time. Only on supported remotes. Set to 0 to disable. (default 1m0s)
--read-only Mount read-only.
--realm string realm for authentication (default "rclone")
--server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--template string User Specified Template.
--uid uint32 Override the uid field set by the filesystem. Not supported on Windows. (default 1000)
--umask int Override the permission bits set by the filesystem. Not supported on Windows. (default 2)
--user string User name for authentication.
--vfs-cache-max-age duration Max age of objects in the cache. (default 1h0m0s)
--vfs-cache-max-size SizeSuffix Max total size of objects in the cache. (default off)
--vfs-cache-mode CacheMode Cache mode off|minimal|writes|full (default off)
--vfs-cache-poll-interval duration Interval to poll the cache for stale objects. (default 1m0s)
--vfs-case-insensitive If a file name not found, find a case insensitive match.
--vfs-read-ahead SizeSuffix Extra read ahead over --buffer-size when using cache-mode full.
--vfs-read-chunk-size SizeSuffix Read the source objects in chunks. (default 128Mi)
--vfs-read-chunk-size-limit SizeSuffix If greater than --vfs-read-chunk-size, double the chunk size after each chunk read, until the limit is reached. 'off' is unlimited. (default off)
--vfs-read-wait duration Time to wait for in-sequence read before seeking. (default 20ms)
--vfs-used-is-size rclone size Use the rclone size algorithm for Used size.
--vfs-write-back duration Time to writeback files after last use when using cache. (default 5s)
--vfs-write-wait duration Time to wait for in-sequence write before giving error. (default 1s)
See the global flags page for global options not listed here.
Changes storage class/tier of objects in remote.
rclone settier changes storage tier or class at remote if supported. Few cloud storage services provides different storage classes on objects, for example AWS S3 and Glacier, Azure Blob storage - Hot, Cool and Archive, Google Cloud Storage, Regional Storage, Nearline, Coldline etc.
Note that, certain tier changes make objects not available to access immediately. For example tiering to archive in azure blob storage makes objects in frozen state, user can restore by setting tier to Hot/Cool, similarly S3 to Glacier makes object inaccessible.true
You can use it to tier single object
rclone settier Cool remote:path/file
Or use rclone filters to set tier on only specific files
rclone --include "*.txt" settier Hot remote:path/dir
Or just provide remote directory and all files in directory will be tiered
rclone settier tier remote:path/dir
rclone settier tier remote:path [flags]
-h, --help help for settier
See the global flags page for global options not listed here.
Run a test command
Rclone test is used to run test commands.
Select which test comand you want with the subcommand, eg
rclone test memory remote:
Each subcommand has its own options which you can see in their help.
NB Be careful running these commands, they may do strange things so reading their documentation first is recommended.
-h, --help help for test
See the global flags page for global options not listed here.
Log any change notify requests for the remote passed in.
rclone test changenotify remote: [flags]
-h, --help help for changenotify
--poll-interval duration Time to wait between polling for changes. (default 10s)
See the global flags page for global options not listed here.
Makes a histogram of file name characters.
This command outputs JSON which shows the histogram of characters used in filenames in the remote:path specified.
The data doesn't contain any identifying information but is useful for the rclone developers when developing filename compression.
rclone test histogram [remote:path] [flags]
-h, --help help for histogram
See the global flags page for global options not listed here.
Discovers file name or other limitations for paths.
rclone info discovers what filenames and upload methods are possible to write to the paths passed in and how long they can be. It can take some time. It will write test files into the remote:path passed in. It outputs a bit of go code for each one.
NB this can create undeletable files and other hazards - use with care
rclone test info [remote:path]+ [flags]
--all Run all tests.
--check-control Check control characters.
--check-length Check max filename length.
--check-normalization Check UTF-8 Normalization.
--check-streaming Check uploads with indeterminate file size.
-h, --help help for info
--upload-wait duration Wait after writing a file.
--write-json string Write results to file.
See the global flags page for global options not listed here.
Make a random file hierarchy in a directory
rclone test makefiles <dir> [flags]
--files int Number of files to create (default 1000)
--files-per-directory int Average number of files per directory (default 10)
-h, --help help for makefiles
--max-file-size SizeSuffix Maximum size of files to create (default 100)
--max-name-length int Maximum size of file names (default 12)
--min-file-size SizeSuffix Minimum size of file to create
--min-name-length int Minimum size of file names (default 4)
--seed int Seed for the random number generator (0 for random) (default 1)
See the global flags page for global options not listed here.
Load all the objects at remote:path into memory and report memory stats.
rclone test memory remote:path [flags]
-h, --help help for memory
See the global flags page for global options not listed here.
Create new file or change file modification time.
Set the modification time on object(s) as specified by remote:path to have the current time.
If remote:path does not exist then a zero sized object will be created unless the --no-create flag is provided.
If --timestamp is used then it will set the modification time to that time instead of the current time. Times may be specified as one of:
Note that --timestamp is in UTC if you want local time then add the --localtime flag.
rclone touch remote:path [flags]
-h, --help help for touch
--localtime Use localtime for timestamp, not UTC.
-C, --no-create Do not create the file if it does not exist.
-t, --timestamp string Use specified time instead of the current time of day.
See the global flags page for global options not listed here.
List the contents of the remote in a tree like fashion.
rclone tree lists the contents of a remote in a similar way to the unix tree command.
For example
$ rclone tree remote:path
/
├── file1
├── file2
├── file3
└── subdir
├── file4
└── file5
1 directories, 5 files
You can use any of the filtering options with the tree command (e.g. --include and --exclude). You can also use --fast-list.
The tree command has many options for controlling the listing which are compatible with the tree command. Note that not all of them have short options as they conflict with rclone's short options.
rclone tree remote:path [flags]
-a, --all All files are listed (list . files too).
-C, --color Turn colorization on always.
-d, --dirs-only List directories only.
--dirsfirst List directories before files (-U disables).
--full-path Print the full path prefix for each file.
-h, --help help for tree
--human Print the size in a more human readable way.
--level int Descend only level directories deep.
-D, --modtime Print the date of last modification.
--noindent Don't print indentation lines.
--noreport Turn off file/directory count at end of tree listing.
-o, --output string Output to file instead of stdout.
-p, --protections Print the protections for each file.
-Q, --quote Quote filenames with double quotes.
-s, --size Print the size in bytes of each file.
--sort string Select sort: name,version,size,mtime,ctime.
--sort-ctime Sort files by last status change time.
-t, --sort-modtime Sort files by last modification time.
-r, --sort-reverse Reverse the order of the sort.
-U, --unsorted Leave files unsorted.
--version Sort files alphanumerically by version.
See the global flags page for global options not listed here.
rclone normally syncs or copies directories. However, if the source remote points to a file, rclone will just copy that file. The destination remote must point to a directory - rclone will give the error Failed to create file system for "remote:file": is a file not a directory
if it isn't.
For example, suppose you have a remote with a file in called test.jpg
, then you could copy just that file like this
rclone copy remote:test.jpg /tmp/download
The file test.jpg
will be placed inside /tmp/download
.
This is equivalent to specifying
rclone copy --files-from /tmp/files remote: /tmp/download
Where /tmp/files
contains the single line
test.jpg
It is recommended to use copy
when copying individual files, not sync
. They have pretty much the same effect but copy
will use a lot less memory.
The syntax of the paths passed to the rclone command are as follows.
This refers to the local file system.
On Windows \
may be used instead of /
in local paths only, non local paths must use /
. See local filesystem documentation for more about Windows-specific paths.
These paths needn't start with a leading /
- if they don't then they will be relative to the current directory.
This refers to a directory path/to/dir
on remote:
as defined in the config file (configured with rclone config
).
On most backends this is refers to the same directory as remote:path/to/dir
and that format should be preferred. On a very small number of remotes (FTP, SFTP, Dropbox for business) this will refer to a different directory. On these, paths without a leading /
will refer to your "home" directory and paths with a leading /
will refer to the root.
This is an advanced form for creating remotes on the fly. backend
should be the name or prefix of a backend (the type
in the config file) and all the configuration for the backend should be provided on the command line (or in environment variables).
Here are some examples:
rclone lsd --http-url https://pub.rclone.org :http:
To list all the directories in the root of https://pub.rclone.org/
.
rclone lsf --http-url https://example.com :http:path/to/dir
To list files and directories in https://example.com/path/to/dir/
rclone copy --http-url https://example.com :http:path/to/dir /tmp/dir
To copy files and directories in https://example.com/path/to/dir
to /tmp/dir
.
rclone copy --sftp-host example.com :sftp:path/to/dir /tmp/dir
To copy files and directories from example.com
in the relative directory path/to/dir
to /tmp/dir
using sftp.
The above examples can also be written using a connection string syntax, so instead of providing the arguments as command line parameters --http-url https://pub.rclone.org
they are provided as part of the remote specification as a kind of connection string.
rclone lsd ":http,url='https://pub.rclone.org':"
rclone lsf ":http,url='https://example.com':path/to/dir"
rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
rclone copy :sftp,host=example.com:path/to/dir /tmp/dir
These can apply to modify existing remotes as well as create new remotes with the on the fly syntax. This example is equivalent to adding the --drive-shared-with-me
parameter to the remote gdrive:
.
rclone lsf "gdrive,shared_with_me:path/to/dir"
The major advantage to using the connection string style syntax is that it only applies to the remote, not to all the remotes of that type of the command line. A common confusion is this attempt to copy a file shared on google drive to the normal drive which does not work because the --drive-shared-with-me
flag applies to both the source and the destination.
rclone copy --drive-shared-with-me gdrive:shared-file.txt gdrive:
However using the connection string syntax, this does work.
rclone copy "gdrive,shared_with_me:shared-file.txt" gdrive:
Note that the connection string only affects the options of the immediate backend. If for example gdriveCrypt is a crypt based on gdrive, then the following command will not work as intended, because shared_with_me
is ignored by the crypt backend:
rclone copy "gdriveCrypt,shared_with_me:shared-file.txt" gdriveCrypt:
The connection strings have the following syntax
remote,parameter=value,parameter2=value2:path/to/dir
:backend,parameter=value,parameter2=value2:path/to/dir
If the parameter
has a :
or ,
then it must be placed in quotes "
or '
, so
remote,parameter="colon:value",parameter2="comma,value":path/to/dir
:backend,parameter='colon:value',parameter2='comma,value':path/to/dir
If a quoted value needs to include that quote, then it should be doubled, so
remote,parameter="with""quote",parameter2='with''quote':path/to/dir
This will make parameter
be with"quote
and parameter2
be with'quote
.
If you leave off the =parameter
then rclone will substitute =true
which works very well with flags. For example to use s3 configured in the environment you could use:
rclone lsd :s3,env_auth:
Which is equivalent to
rclone lsd :s3,env_auth=true:
Note that on the command line you might need to surround these connection strings with "
or '
to stop the shell interpreting any special characters within them.
If you are a shell master then you'll know which strings are OK and which aren't, but if you aren't sure then enclose them in "
and use '
as the inside quote. This syntax works on all OSes.
rclone copy ":http,url='https://example.com':path/to/dir" /tmp/dir
On Linux/macOS some characters are still interpreted inside "
strings in the shell (notably \
and $
and "
) so if your strings contain those you can swap the roles of "
and '
thus. (This syntax does not work on Windows.)
rclone copy ':http,url="https://example.com":path/to/dir' /tmp/dir
If you supply extra configuration to a backend by command line flag, environment variable or connection string then rclone will add a suffix based on the hash of the config to the name of the remote, eg
rclone -vv lsf --s3-chunk-size 20M s3:
Has the log message
DEBUG : s3: detected overridden config - adding "{Srj1p}" suffix to name
This is so rclone can tell the modified remote apart from the unmodified remote when caching the backends.
This should only be noticeable in the logs.
This means that on the fly backends such as
rclone -vv lsf :s3,env_auth:
Will get their own names
DEBUG : :s3: detected overridden config - adding "{YTu53}" suffix to name
When you are typing commands to your computer you are using something called the command line shell. This interprets various characters in an OS specific way.
Here are some gotchas which may help users unfamiliar with the shell rules
If your names have spaces or shell metacharacters (e.g. *
, ?
, $
, '
, "
, etc.) then you must quote them. Use single quotes '
by default.
rclone copy 'Important files?' remote:backup
If you want to send a '
you will need to use "
, e.g.
rclone copy "O'Reilly Reviews" remote:backup
The rules for quoting metacharacters are complicated and if you want the full details you'll have to consult the manual page for your shell.
If your names have spaces in you need to put them in "
, e.g.
rclone copy "E:\folder name\folder name\folder name" remote:backup
If you are using the root directory on its own then don't quote it (see #464 for why), e.g.
rclone copy E:\ remote:backup
:
in the namesrclone uses :
to mark a remote name. This is, however, a valid filename component in non-Windows OSes. The remote name parser will only search for a :
up to the first /
so if you need to act on a file or directory like this then use the full path starting with a /
, or use ./
as a current directory prefix.
So to sync a directory called sync:me
to a remote called remote:
use
rclone sync -i ./sync:me remote:path
or
rclone sync -i /full/path/to/sync:me remote:path
Most remotes (but not all - see the overview) support server-side copy.
This means if you want to copy one folder to another then rclone won't download all the files and re-upload them; it will instruct the server to copy them in place.
Eg
rclone copy s3:oldbucket s3:newbucket
Will copy the contents of oldbucket
to newbucket
without downloading and re-uploading.
Remotes which don't support server-side copy will download and re-upload in this case.
Server side copies are used with sync
and copy
and will be identified in the log when using the -v
flag. The move
command may also use them if remote doesn't support server-side move directly. This is done by issuing a server-side copy then a delete which is much quicker than a download and re-upload.
Server side copies will only be attempted if the remote names are the same.
This can be used when scripting to make aged backups efficiently, e.g.
rclone sync -i remote:current-backup remote:previous-backup
rclone sync -i /path/to/files remote:current-backup
Rclone has a number of options to control its behaviour.
Options that take parameters can have the values passed in two ways, --option=value
or --option value
. However boolean (true/false) options behave slightly differently to the other options in that --boolean
sets the option to true
and the absence of the flag sets it to false
. It is also possible to specify --boolean=false
or --boolean=true
. Note that --boolean false
is not valid - this is parsed as --boolean
and the false
is parsed as an extra command line argument for rclone.
Options which use TIME use the go time parser. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" or "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
Options which use SIZE use KiByte (multiples of 1024 bytes) by default. However, a suffix of B
for Byte, K
for KiByte, M
for MiByte, G
for GiByte, T
for TiByte and P
for PiByte may be used. These are the binary units, e.g. 1, 2**10, 2**20, 2**30 respectively.
When using sync
, copy
or move
any files which would have been overwritten or deleted are moved in their original hierarchy into this directory.
If --suffix
is set, then the moved files will have the suffix added to them. If there is a file with the same path (after the suffix has been added) in DIR, then it will be overwritten.
The remote in use must support server-side move or copy and you must use the same remote as the destination of the sync. The backup directory must not overlap the destination directory.
For example
rclone sync -i /path/to/local remote:current --backup-dir remote:old
will sync /path/to/local
to remote:current
, but for any files which would have been updated or deleted will be stored in remote:old
.
If running rclone from a script you might want to use today's date as the directory name passed to --backup-dir
to store the old files, or you might want to pass --suffix
with today's date.
See --compare-dest
and --copy-dest
.
Local address to bind to for outgoing connections. This can be an IPv4 address (1.2.3.4), an IPv6 address (1234::789A) or host name. If the host name doesn't resolve or resolves to more than one IP address it will give an error.
This option controls the bandwidth limit. For example
--bwlimit 10M
would mean limit the upload and download bandwidth to 10 MiByte/s. NB this is bytes per second not bits per second. To use a single limit, specify the desired bandwidth in KiByte/s, or use a suffix B|K|M|G|T|P. The default is 0
which means to not limit bandwidth.
The upload and download bandwidth can be specified seperately, as --bwlimit UP:DOWN
, so
--bwlimit 10M:100k
would mean limit the upload bandwidth to 10 MiByte/s and the download bandwidth to 100 KiByte/s. Either limit can be "off" meaning no limit, so to just limit the upload bandwidth you would use
--bwlimit 10M:off
this would limit the upload bandwidth to 10 MiByte/s but the download bandwidth would be unlimited.
When specified as above the bandwidth limits last for the duration of run of the rclone binary.
It is also possible to specify a "timetable" of limits, which will cause certain limits to be applied at certain times. To specify a timetable, format your entries as WEEKDAY-HH:MM,BANDWIDTH WEEKDAY-HH:MM,BANDWIDTH...
where: WEEKDAY
is optional element.
BANDWIDTH
can be a single number, e.g.100k
or a pair of numbers for upload:download, e.g.10M:1M
.WEEKDAY
can be written as the whole word or only using the first 3 characters. It is optional.HH:MM
is an hour from 00:00 to 23:59.An example of a typical timetable to avoid link saturation during daytime working hours could be:
--bwlimit "08:00,512k 12:00,10M 13:00,512k 18:00,30M 23:00,off"
In this example, the transfer bandwidth will be set to 512 KiByte/s at 8am every day. At noon, it will rise to 10 MiByte/s, and drop back to 512 KiByte/sec at 1pm. At 6pm, the bandwidth limit will be set to 30 MiByte/s, and at 11pm it will be completely disabled (full speed). Anything between 11pm and 8am will remain unlimited.
An example of timetable with WEEKDAY
could be:
--bwlimit "Mon-00:00,512 Fri-23:59,10M Sat-10:00,1M Sun-20:00,off"
It means that, the transfer bandwidth will be set to 512 KiByte/s on Monday. It will rise to 10 MiByte/s before the end of Friday. At 10:00 on Saturday it will be set to 1 MiByte/s. From 20:00 on Sunday it will be unlimited.
Timeslots without WEEKDAY
are extended to the whole week. So this example:
--bwlimit "Mon-00:00,512 12:00,1M Sun-20:00,off"
Is equivalent to this:
--bwlimit "Mon-00:00,512Mon-12:00,1M Tue-12:00,1M Wed-12:00,1M Thu-12:00,1M Fri-12:00,1M Sat-12:00,1M Sun-12:00,1M Sun-20:00,off"
Bandwidth limit apply to the data transfer for all backends. For most backends the directory listing bandwidth is also included (exceptions being the non HTTP backends, ftp
, sftp
and tardigrade
).
Note that the units are Byte/s, not bit/s. Typically connections are measured in bit/s - to convert divide by 8. For example, let's say you have a 10 Mbit/s connection and you wish rclone to use half of it - 5 Mbit/s. This is 5/8 = 0.625 MiByte/s so you would use a --bwlimit 0.625M
parameter for rclone.
On Unix systems (Linux, macOS, …) the bandwidth limiter can be toggled by sending a SIGUSR2
signal to rclone. This allows to remove the limitations of a long running rclone transfer and to restore it back to the value specified with --bwlimit
quickly when needed. Assuming there is only one rclone instance running, you can toggle the limiter like this:
kill -SIGUSR2 $(pidof rclone)
If you configure rclone with a remote control then you can use change the bwlimit dynamically:
rclone rc core/bwlimit rate=1M
This option controls per file bandwidth limit. For the options see the --bwlimit
flag.
For example use this to allow no transfers to be faster than 1 MiByte/s
--bwlimit-file 1M
This can be used in conjunction with --bwlimit
.
Note that if a schedule is provided the file will use the schedule in effect at the start of the transfer.
Use this sized buffer to speed up file transfers. Each --transfer
will use this much memory for buffering.
When using mount
or cmount
each open file descriptor will use this much memory for buffering. See the mount documentation for more details.
Set to 0
to disable the buffering for the minimum memory usage.
Note that the memory allocation of the buffers is influenced by the --use-mmap flag.
If this flag is set then in a sync
, copy
or move
, rclone will do all the checks to see whether files need to be transferred before doing any of the transfers. Normally rclone would start running transfers as soon as possible.
This flag can be useful on IO limited systems where transfers interfere with checking.
It can also be useful to ensure perfect ordering when using --order-by
.
Using this flag can use more memory as it effectively sets --max-backlog
to infinite. This means that all the info on the objects to transfer is held in memory before the transfers start.
The number of checkers to run in parallel. Checkers do the equality checking of files during a sync. For some storage systems (e.g. S3, Swift, Dropbox) this can take a significant amount of time so they are run in parallel.
The default is to run 8 checkers in parallel.
Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check the file hash and size to determine if files are equal.
This is useful when the remote doesn't support setting modified time and a more accurate sync is desired than just checking the file size.
This is very useful when transferring between remotes which store the same hash type on the object, e.g. Drive and Swift. For details of which remotes support which hash type see the table in the overview section.
Eg rclone --checksum sync s3:/bucket swift:/bucket
would run much quicker than without the --checksum
flag.
When using this flag, rclone won't update mtimes of remote files if they are incorrect as it would normally.
When using sync
, copy
or move
DIR is checked in addition to the destination for files. If a file identical to the source is found that file is NOT copied from source. This is useful to copy just files that have changed since the last backup.
You must use the same remote as the destination of the sync. The compare directory must not overlap the destination directory.
See --copy-dest
and --backup-dir
.
Specify the location of the rclone configuration file, to override the default. E.g. rclone config --config="rclone.conf"
.
The exact default is a bit complex to describe, due to changes introduced through different versions of rclone while preserving backwards compatibility, but in most cases it is as simple as:
%APPDATA%/rclone/rclone.conf
on Windows~/.config/rclone/rclone.conf
on otherThe complete logic is as follows: Rclone will look for an existing configuration file in any of the following locations, in priority order:
rclone.conf
(in program directory, where rclone executable is)%APPDATA%/rclone/rclone.conf
(only on Windows)$XDG_CONFIG_HOME/rclone/rclone.conf
(on all systems, including Windows)~/.config/rclone/rclone.conf
(see below for explanation of ~ symbol)~/.rclone.conf
If no existing configuration file is found, then a new one will be created in the following location:
APPDATA
is not defined, then location 4 is used instead.XDG_CONFIG_HOME
is defined, else location 4..rclone.conf
relative to current working directory will be used as a final resort.The ~
symbol in paths above represent the home directory of the current user on any OS, and the value is defined as following:
%HOME%
if defined, else %USERPROFILE%
, or else %HOMEDRIVE%\%HOMEPATH%
.$HOME
if defined, else by looking up current user in OS-specific user database (e.g. passwd file), or else use the result from shell command cd && pwd
.If you run rclone config file
you will see where the default location is for you.
The fact that an existing file rclone.conf
in the same directory as the rclone executable is always preferred, means that it is easy to run in "portable" mode by downloading rclone executable to a writable directory and then create an empty file rclone.conf
in the same directory.
If the location is set to empty string ""
or path to a file with name notfound
, or the os null device represented by value NUL
on Windows and /dev/null
on Unix systems, then rclone will keep the config file in memory only.
The file format is basic INI: Sections of text, led by a [section]
header and followed by key=value
entries on separate lines. In rclone each remote is represented by its own section, where the section name defines the name of the remote. Options are specified as the key=value
entries, where the key is the option name without the --backend-
prefix, in lowercase and with _
instead of -
. E.g. option --mega-hard-delete
corresponds to key hard_delete
. Only backend options can be specified. A special, and required, key type
identifies the storage system, where the value is the internal lowercase name as returned by command rclone help backends
. Comments are indicated by ;
or #
at the beginning of a line.
Example:
[megaremote]
type = mega
user = you@example.com
pass = PDPcQVVjVtzFY-GTdDFozqBhTdsPg3qH
Note that passwords are in obscured form. Also, many storage systems uses token-based authentication instead of passwords, and this requires additional steps. It is easier, and safer, to use the interactive command rclone config
instead of manually editing the configuration file.
The configuration file will typically contain login information, and should therefore have restricted permissions so that only the current user can read it. Rclone tries to ensure this when it writes the file. You may also choose to encrypt the file.
When token-based authentication are used, the configuration file must be writable, because rclone needs to update the tokens inside it.
Set the connection timeout. This should be in go time format which looks like 5s
for 5 seconds, 10m
for 10 minutes, or 3h30m
.
The connection timeout is the amount of time rclone will wait for a connection to go through to a remote object storage system. It is 1m
by default.
When using sync
, copy
or move
DIR is checked in addition to the destination for files. If a file identical to the source is found that file is server-side copied from DIR to the destination. This is useful for incremental backup.
The remote in use must support server-side copy and you must use the same remote as the destination of the sync. The compare directory must not overlap the destination directory.
See --compare-dest
and --backup-dir
.
Mode to run dedupe command in. One of interactive
, skip
, first
, newest
, oldest
, rename
. The default is interactive
. See the dedupe command for more information as to what these options mean.
This disables a comma separated list of optional features. For example to disable server-side move and server-side copy use:
--disable move,copy
The features can be put in any case.
To see a list of which features can be disabled use:
--disable help
See the overview features and optional features to get an idea of which feature does what.
This flag can be useful for debugging and in exceptional circumstances (e.g. Google Drive limiting the total volume of Server Side Copies to 100 GiB/day).
Specify a DSCP value or name to use in connections. This could help QoS system to identify traffic class. BE, EF, DF, LE, CSx and AFxx are allowed.
See the description of differentiated services to get an idea of this field. Setting this to 1 (LE) to identify the flow to SCAVENGER class can avoid occupying too much bandwidth in a network with DiffServ support (RFC 8622).
For example, if you configured QoS on router to handle LE properly. Running:
rclone copy --dscp LE from:/from to:/to
would make the priority lower than usual internet flows.
This option has no effect on Windows (see golang/go#42728).
Do a trial run with no permanent changes. Use this to see what rclone would do without actually doing it. Useful when setting up the sync
command which deletes files in the destination.
This specifies the amount of time to wait for a server's first response headers after fully writing the request headers if the request has an "Expect: 100-continue" header. Not all backends support using this.
Zero means no timeout and causes the body to be sent immediately, without waiting for the server to approve. This time does not include the time to send the request header.
The default is 1s
. Set to 0
to disable.
By default, rclone will exit with return code 0 if there were no errors.
This option allows rclone to return exit code 9 if no files were transferred between the source and destination. This allows using rclone in scripts, and triggering follow-on actions if data was copied, or skipping if not.
NB: Enabling this option turns a usually non-fatal error into a potentially fatal one - please check and adjust your scripts accordingly!
When using rclone via the API rclone caches created remotes for 5 minutes by default in the "fs cache". This means that if you do repeated actions on the same remote then rclone won't have to build it again from scratch, which makes it more efficient.
This flag sets the time that the remotes are cached for. If you set it to 0
(or negative) then rclone won't cache the remotes at all.
Note that if you use some flags, eg --backup-dir
and if this is set to 0
rclone may build two remotes (one for the source or destination and one for the --backup-dir
where it may have only built one before.
This controls how often rclone checks for cached remotes to expire. See the --fs-cache-expire-duration
documentation above for more info. The default is 60s, set to 0 to disable expiry.
Add an HTTP header for all transactions. The flag can be repeated to add multiple headers.
If you want to add headers only for uploads use --header-upload
and if you want to add headers only for downloads use --header-download
.
This flag is supported for all HTTP based backends even those not supported by --header-upload
and --header-download
so may be used as a workaround for those with care.
rclone ls remote:test --header "X-Rclone: Foo" --header "X-LetMeIn: Yes"
Add an HTTP header for all download transactions. The flag can be repeated to add multiple headers.
rclone sync -i s3:test/src ~/dst --header-download "X-Amz-Meta-Test: Foo" --header-download "X-Amz-Meta-Test2: Bar"
See the GitHub issue here for currently supported backends.
Add an HTTP header for all upload transactions. The flag can be repeated to add multiple headers.
rclone sync -i ~/src s3:test/dst --header-upload "Content-Disposition: attachment; filename='cool.html'" --header-upload "X-Amz-Meta-Test: FooBar"
See the GitHub issue here for currently supported backends.
Using this option will cause rclone to ignore the case of the files when synchronizing so files will not be copied/synced when the existing filenames are the same, even if the casing is different.
Normally rclone will check that the checksums of transferred files match, and give an error "corrupted on transfer" if they don't.
You can use this option to skip that check. You should only use it if you have had the "corrupted on transfer" error message and you are sure you might want to transfer potentially corrupted data.
Using this option will make rclone unconditionally skip all files that exist on the destination, no matter the content of these files.
While this isn't a generally recommended option, it can be useful in cases where your files change due to encryption. However, it cannot correct partial transfers in case a transfer was interrupted.
Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check only the modification time. If --checksum
is set then it only checks the checksum.
It will also cause rclone to skip verifying the sizes are the same after transfer.
This can be useful for transferring files to and from OneDrive which occasionally misreports the size of image files (see #399 for more info).
Using this option will cause rclone to unconditionally upload all files regardless of the state of files on the destination.
Normally rclone would skip any files that have the same modification time and are the same size (or have the same checksum if using --checksum
).
Treat source and destination files as immutable and disallow modification.
With this option set, files will be created and deleted as requested, but existing files will never be updated. If an existing file does not match between the source and destination, rclone will give the error Source and destination exist but do not match: immutable file modified
.
Note that only commands which transfer files (e.g. sync
, copy
, move
) are affected by this behavior, and only modification is disallowed. Files may still be deleted explicitly (e.g. delete
, purge
) or implicitly (e.g. sync
, move
). Use copy --immutable
if it is desired to avoid deletion as well as modification.
This can be useful as an additional layer of protection for immutable or append-only data sets (notably backup archives), where modification implies corruption and should not be propagated.
This flag can be used to tell rclone that you wish a manual confirmation before destructive operations.
It is recommended that you use this flag while learning rclone especially with rclone sync
.
For example
$ rclone delete -i /tmp/dir
rclone: delete "important-file.txt"?
y) Yes, this is OK (default)
n) No, skip this
s) Skip all delete operations with no more questions
!) Do all delete operations with no more questions
q) Exit rclone now.
y/n/s/!/q> n
The options mean
y
: Yes, this operation should go ahead. You can also press Return for this to happen. You'll be asked every time unless you choose s
or !
.n
: No, do not do this operation. You'll be asked every time unless you choose s
or !
.s
: Skip all the following operations of this type with no more questions. This takes effect until rclone exits. If there are any different kind of operations you'll be prompted for them.!
: Do all the following operations with no more questions. Useful if you've decided that you don't mind rclone doing that kind of operation. This takes effect until rclone exits . If there are any different kind of operations you'll be prompted for them.q
: Quit rclone now, just in case!During rmdirs it will not remove root directory, even if it's empty.
Log all of rclone's output to FILE. This is not active by default. This can be useful for tracking down problems with syncs in combination with the -v
flag. See the Logging section for more info.
If FILE exists then rclone will append to it.
Note that if you are using the logrotate
program to manage rclone's logs, then you should use the copytruncate
option as rclone doesn't have a signal to rotate logs.
Comma separated list of log format options. date
, time
, microseconds
, longfile
, shortfile
, UTC
. The default is "date
,time
".
This sets the log level for rclone. The default log level is NOTICE
.
DEBUG
is equivalent to -vv
. It outputs lots of debug info - useful for bug reports and really finding out what rclone is doing.
INFO
is equivalent to -v
. It outputs information about each transfer and prints stats once a minute by default.
NOTICE
is the default log level if no logging flags are supplied. It outputs very little when things are working normally. It outputs warnings and significant events.
ERROR
is equivalent to -q
. It only outputs error messages.
This switches the log format to JSON for rclone. The fields of json log are level, msg, source, time.
This controls the number of low level retries rclone does.
A low level retry is used to retry a failing operation - typically one HTTP request. This might be uploading a chunk of a big file for example. You will see low level retries in the log with the -v
flag.
This shouldn't need to be changed from the default in normal operations. However, if you get a lot of low level retries you may wish to reduce the value so rclone moves on to a high level retry (see the --retries
flag) quicker.
Disable low level retries with --low-level-retries 1
.
This is the maximum allowable backlog of files in a sync/copy/move queued for being checked or transferred.
This can be set arbitrarily large. It will only use memory when the queue is in use. Note that it will use in the order of N KiB of memory when the backlog is in use.
Setting this large allows rclone to calculate how many files are pending more accurately, give a more accurate estimated finish time and make --order-by
work more accurately.
Setting this small will make rclone more synchronous to the listings of the remote which may be desirable.
Setting this to a negative number will make the backlog as large as possible.
This tells rclone not to delete more than N files. If that limit is exceeded then a fatal error will be generated and rclone will stop the operation in progress.
This modifies the recursion depth for all the commands except purge.
So if you do rclone --max-depth 1 ls remote:path
you will see only the files in the top level directory. Using --max-depth 2
means you will see all the files in first two directory levels and so on.
For historical reasons the lsd
command defaults to using a --max-depth
of 1 - you can override this with the command line flag.
You can use this command to disable recursion (with --max-depth 1
).
Note that if you use this with sync
and --delete-excluded
the files not recursed through are considered excluded and will be deleted on the destination. Test first with --dry-run
if you are not sure what will happen.
Rclone will stop scheduling new transfers when it has run for the duration specified.
Defaults to off.
When the limit is reached any existing transfers will complete.
Rclone won't exit with an error if the transfer limit is reached.
Rclone will stop transferring when it has reached the size specified. Defaults to off.
When the limit is reached all transfers will stop immediately.
Rclone will exit with exit code 8 if the transfer limit is reached.
This modifies the behavior of --max-transfer
Defaults to --cutoff-mode=hard
.
Specifying --cutoff-mode=hard
will stop transferring immediately when Rclone reaches the limit.
Specifying --cutoff-mode=soft
will stop starting new transfers when Rclone reaches the limit.
Specifying --cutoff-mode=cautious
will try to prevent Rclone from reaching the limit.
When checking whether a file has been modified, this is the maximum allowed time difference that a file can have and still be considered equivalent.
The default is 1ns
unless this is overridden by a remote. For example OS X only stores modification times to the nearest second so if you are reading and writing to an OS X filing system this will be 1s
by default.
This command line flag allows you to override that computed default.
When downloading files to the local backend above this size, rclone will use multiple threads to download the file (default 250M).
Rclone preallocates the file (using fallocate(FALLOC_FL_KEEP_SIZE)
on unix or NTSetInformationFile
on Windows both of which takes no time) then each thread writes directly into the file at the correct place. This means that rclone won't create fragmented or sparse files and there won't be any assembly time at the end of the transfer.
The number of threads used to download is controlled by --multi-thread-streams
.
Use -vv
if you wish to see info about the threads.
This will work with the sync
/copy
/move
commands and friends copyto
/moveto
. Multi thread downloads will be used with rclone mount
and rclone serve
if --vfs-cache-mode
is set to writes
or above.
NB that this only works for a local destination but will work with any source.
NB that multi thread copies are disabled for local to local copies as they are faster without unless --multi-thread-streams
is set explicitly.
NB on Windows using multi-thread downloads will cause the resulting files to be sparse. Use --local-no-sparse
to disable sparse files (which may cause long delays at the start of downloads) or disable multi-thread downloads with --multi-thread-streams 0
When using multi thread downloads (see above --multi-thread-cutoff
) this sets the maximum number of streams to use. Set to 0
to disable multi thread downloads (Default 4).
Exactly how many streams rclone uses for the download depends on the size of the file. To calculate the number of download streams Rclone divides the size of the file by the --multi-thread-cutoff
and rounds up, up to the maximum set with --multi-thread-streams
.
So if --multi-thread-cutoff 250M
and --multi-thread-streams 4
are in effect (the defaults):
The --no-check-dest
can be used with move
or copy
and it causes rclone not to check the destination at all when copying files.
This means that:
--retries 1
is recommended otherwise you'll transfer everything again on a retryThis flag is useful to minimise the transactions if you know that none of the files are on the destination.
This is a specialized flag which should be ignored by most users!
Don't set Accept-Encoding: gzip
. This means that rclone won't ask the server for compressed files automatically. Useful if you've set the server to return files with Content-Encoding: gzip
but you uploaded compressed files.
There is no need to set this in normal operation, and doing so will decrease the network transfer efficiency of rclone.
The --no-traverse
flag controls whether the destination file system is traversed when using the copy
or move
commands. --no-traverse
is not compatible with sync
and will be ignored if you supply it with sync
.
If you are only copying a small number of files (or are filtering most of the files) and/or have a large number of files on the destination then --no-traverse
will stop rclone listing the destination and save time.
However, if you are copying a large number of files, especially if you are doing a copy where lots of the files under consideration haven't changed and won't need copying then you shouldn't use --no-traverse
.
See rclone copy for an example of how to use it.
Don't normalize unicode characters in filenames during the sync routine.
Sometimes, an operating system will store filenames containing unicode parts in their decomposed form (particularly macOS). Some cloud storage systems will then recompose the unicode, resulting in duplicate files if the data is ever copied back to a local filesystem.
Using this flag will disable that functionality, treating each unicode character as unique. For example, by default é and é will be normalized into the same character. With --no-unicode-normalization
they will be treated as unique characters.
When using this flag, rclone won't update modification times of remote files if they are incorrect as it would normally.
This can be used if the remote is being synced with another tool also (e.g. the Google Drive client).
The --order-by
flag controls the order in which files in the backlog are processed in rclone sync
, rclone copy
and rclone move
.
The order by string is constructed like this. The first part describes what aspect is being measured:
size
- order by the size of the filesname
- order by the full path of the filesmodtime
- order by the modification date of the filesThis can have a modifier appended with a comma:
ascending
or asc
- order so that the smallest (or oldest) is processed firstdescending
or desc
- order so that the largest (or newest) is processed firstmixed
- order so that the smallest is processed first for some threads and the largest for othersIf the modifier is mixed
then it can have an optional percentage (which defaults to 50
), e.g. size,mixed,25
which means that 25% of the threads should be taking the smallest items and 75% the largest. The threads which take the smallest first will always take the smallest first and likewise the largest first threads. The mixed
mode can be useful to minimise the transfer time when you are transferring a mixture of large and small files - the large files are guaranteed upload threads and bandwidth and the small files will be processed continuously.
If no modifier is supplied then the order is ascending
.
For example
--order-by size,desc
- send the largest files first--order-by modtime,ascending
- send the oldest files first--order-by name
- send the files with alphabetically by path firstIf the --order-by
flag is not supplied or it is supplied with an empty string then the default ordering will be used which is as scanned. With --checkers 1
this is mostly alphabetical, however with the default --checkers 8
it is somewhat random.
The --order-by
flag does not do a separate pass over the data. This means that it may transfer some files out of the order specified if
Rclone will do its best to transfer the best file it has so in practice this should not cause a problem. Think of --order-by
as being more of a best efforts flag rather than a perfect ordering.
If you want perfect ordering then you will need to specify --check-first which will find all the files which need transferring first before transferring any.
This flag supplies a program which should supply the config password when run. This is an alternative to rclone prompting for the password or setting the RCLONE_CONFIG_PASS
variable.
The argument to this should be a command with a space separated list of arguments. If one of the arguments has a space in then enclose it in "
, if you want a literal "
in an argument then enclose the argument in "
and double the "
. See CSV encoding for more info.
Eg
--password-command echo hello
--password-command echo "hello with space"
--password-command echo "hello with ""quotes"" and space"
See the Configuration Encryption for more info.
See a Windows PowerShell example on the Wiki.
This flag makes rclone update the stats in a static block in the terminal providing a realtime overview of the transfer.
Any log messages will scroll above the static block. Log messages will push the static block down to the bottom of the terminal where it will stay.
Normally this is updated every 500mS but this period can be overridden with the --stats
flag.
This can be used with the --stats-one-line
flag for a simpler display.
Note: On Windows until this bug is fixed all non-ASCII characters will be replaced with .
when --progress
is in use.
This flag, when used with -P/--progress
, will print the string ETA: %s
to the terminal title.
This flag will limit rclone's output to error messages only.
The --refresh-times
flag can be used to update modification times of existing files when they are out of sync on backends which don't support hashes.
This is useful if you uploaded files with the incorrect timestamps and you now wish to correct them.
This flag is only useful for destinations which don't support hashes (e.g. crypt
).
This can be used any of the sync commands sync
, copy
or move
.
To use this flag you will need to be doing a modification time sync (so not using --size-only
or --checksum
). The flag will have no effect when using --size-only
or --checksum
.
If this flag is used when rclone comes to upload a file it will check to see if there is an existing file on the destination. If this file matches the source with size (and checksum if available) but has a differing timestamp then instead of re-uploading it, rclone will update the timestamp on the destination file. If the checksum does not match rclone will upload the new file. If the checksum is absent (e.g. on a crypt
backend) then rclone will update the timestamp.
Note that some remotes can't set the modification time without re-uploading the file so this flag is less useful on them.
Normally if you are doing a modification time sync rclone will update modification times without --refresh-times
provided that the remote supports checksums and the checksums match on the file. However if the checksums are absent then rclone will upload the file rather than setting the timestamp as this is the safe behaviour.
Retry the entire sync if it fails this many times it fails (default 3).
Some remotes can be unreliable and a few retries help pick up the files which didn't get transferred because of errors.
Disable retries with --retries 1
.
This sets the interval between each retry specified by --retries
The default is 0
. Use 0
to disable.
Normally rclone will look at modification time and size of files to see if they are equal. If you set this flag then rclone will check only the size.
This can be useful transferring files from Dropbox which have been modified by the desktop sync client which doesn't set checksums of modification times in the same way as rclone.
Commands which transfer data (sync
, copy
, copyto
, move
, moveto
) will print data transfer stats at regular intervals to show their progress.
This sets the interval.
The default is 1m
. Use 0
to disable.
If you set the stats interval then all commands can show stats. This can be useful when running other commands, check
or mount
for example.
Stats are logged at INFO
level by default which means they won't show at default log level NOTICE
. Use --stats-log-level NOTICE
or -v
to make them show. See the Logging section for more info on log levels.
Note that on macOS you can send a SIGINFO (which is normally ctrl-T in the terminal) to make the stats print immediately.
By default, the --stats
output will truncate file names and paths longer than 40 characters. This is equivalent to providing --stats-file-name-length 40
. Use --stats-file-name-length 0
to disable any truncation of file names printed by stats.
Log level to show --stats
output at. This can be DEBUG
, INFO
, NOTICE
, or ERROR
. The default is INFO
. This means at the default level of logging which is NOTICE
the stats won't show - if you want them to then use --stats-log-level NOTICE
. See the Logging section for more info on log levels.
When this is specified, rclone condenses the stats into a single line showing the most important stats only.
When this is specified, rclone enables the single-line stats and prepends the display with a date string. The default is 2006/01/02 15:04:05 -
When this is specified, rclone enables the single-line stats and prepends the display with a user-supplied date string. The date string MUST be enclosed in quotes. Follow golang specs for date formatting syntax.
By default, data transfer rates will be printed in bytes per second.
This option allows the data rate to be printed in bits per second.
Data transfer volume will still be reported in bytes.
The rate is reported as a binary unit, not SI unit. So 1 Mbit/s equals 1,048,576 bit/s and not 1,000,000 bit/s.
The default is bytes
.
When using sync
, copy
or move
any files which would have been overwritten or deleted will have the suffix added to them. If there is a file with the same path (after the suffix has been added), then it will be overwritten.
The remote in use must support server-side move or copy and you must use the same remote as the destination of the sync.
This is for use with files to add the suffix in the current directory or with --backup-dir
. See --backup-dir
for more info.
For example
rclone copy -i /path/to/local/file remote:current --suffix .bak
will copy /path/to/local
to remote:current
, but for any files which would have been updated or deleted have .bak added.
If using rclone sync
with --suffix
and without --backup-dir
then it is recommended to put a filter rule in excluding the suffix otherwise the sync
will delete the backup files.
rclone sync -i /path/to/local/file remote:current --suffix .bak --exclude "*.bak"
When using --suffix
, setting this causes rclone put the SUFFIX before the extension of the files that it backs up rather than after.
So let's say we had --suffix -2019-01-01
, without the flag file.txt
would be backed up to file.txt-2019-01-01
and with the flag it would be backed up to file-2019-01-01.txt
. This can be helpful to make sure the suffixed files can still be opened.
On capable OSes (not Windows or Plan9) send all log output to syslog.
This can be useful for running rclone in a script or rclone mount
.
If using --syslog
this sets the syslog facility (e.g. KERN
, USER
). See man syslog
for a list of possible facilities. The default facility is DAEMON
.
Limit transactions per second to this number. Default is 0 which is used to mean unlimited transactions per second.
A transaction is roughly defined as an API call; its exact meaning will depend on the backend. For HTTP based backends it is an HTTP PUT/GET/POST/etc and its response. For FTP/SFTP it is a round trip transaction over TCP.
For example to limit rclone to 10 transactions per second use --tpslimit 10
, or to 1 transaction every 2 seconds use --tpslimit 0.5
.
Use this when the number of transactions per second from rclone is causing a problem with the cloud storage provider (e.g. getting you banned or rate limited).
This can be very useful for rclone mount
to control the behaviour of applications using it.
This limit applies to all HTTP based backends and to the FTP and SFTP backends. It does not apply to the local backend or the Tardigrade backend.
See also --tpslimit-burst
.
Max burst of transactions for --tpslimit
(default 1
).
Normally --tpslimit
will do exactly the number of transaction per second specified. However if you supply --tps-burst
then rclone can save up some transactions from when it was idle giving a burst of up to the parameter supplied.
For example if you provide --tpslimit-burst 10
then if rclone has been idle for more than 10*--tpslimit
then it can do 10 transactions very quickly before they are limited again.
This may be used to increase performance of --tpslimit
without changing the long term average number of transactions per second.
By default, rclone doesn't keep track of renamed files, so if you rename a file locally then sync it to a remote, rclone will delete the old file on the remote and upload a new copy.
If you use this flag, and the remote supports server-side copy or server-side move, and the source and destination have a compatible hash, then this will track renames during sync
operations and perform renaming server-side.
Files will be matched by size and hash - if both match then a rename will be considered.
If the destination does not support server-side copy or move, rclone will fall back to the default behaviour and log an error level message to the console.
Encrypted destinations are not currently supported by --track-renames
if --track-renames-strategy
includes hash
.
Note that --track-renames
is incompatible with --no-traverse
and that it uses extra memory to keep track of all the rename candidates.
Note also that --track-renames
is incompatible with --delete-before
and will select --delete-after
instead of --delete-during
.
This option changes the matching criteria for --track-renames
.
The matching is controlled by a comma separated selection of these tokens:
modtime
- the modification time of the file - not supported on all backendshash
- the hash of the file contents - not supported on all backendsleaf
- the name of the file not including its directory namesize
- the size of the file (this is always enabled)So using --track-renames-strategy modtime,leaf
would match files based on modification time, the leaf of the file name and the size only.
Using --track-renames-strategy modtime
or leaf
can enable --track-renames
support for encrypted destinations.
If nothing is specified, the default option is matching by hash
es.
Note that the hash
strategy is not supported with encrypted destinations.
This option allows you to specify when files on your destination are deleted when you sync folders.
Specifying the value --delete-before
will delete all files present on the destination, but not on the source before starting the transfer of any new or updated files. This uses two passes through the file systems, one for the deletions and one for the copies.
Specifying --delete-during
will delete files while checking and uploading files. This is the fastest option and uses the least memory.
Specifying --delete-after
(the default value) will delay deletion of files until all new/updated files have been successfully transferred. The files to be deleted are collected in the copy pass then deleted after the copy pass has completed successfully. The files to be deleted are held in memory so this mode may use more memory. This is the safest mode as it will only delete files if there have been no errors subsequent to that. If there have been errors before the deletions start then you will get the message not deleting files as there were IO errors
.
When doing anything which involves a directory listing (e.g. sync
, copy
, ls
- in fact nearly every command), rclone normally lists a directory and processes it before using more directory lists to process any subdirectories. This can be parallelised and works very quickly using the least amount of memory.
However, some remotes have a way of listing all files beneath a directory in one (or a small number) of transactions. These tend to be the bucket based remotes (e.g. S3, B2, GCS, Swift, Hubic).
If you use the --fast-list
flag then rclone will use this method for listing directories. This will have the following consequences for the listing:
rclone should always give identical results with and without --fast-list
.
If you pay for transactions and can fit your entire sync listing into memory then --fast-list
is recommended. If you have a very big sync to do then don't use --fast-list
otherwise you will run out of memory.
If you use --fast-list
on a remote which doesn't support it, then rclone will just ignore it.
This sets the IO idle timeout. If a transfer has started but then becomes idle for this long it is considered broken and disconnected.
The default is 5m
. Set to 0
to disable.
The number of file transfers to run in parallel. It can sometimes be useful to set this to a smaller number if the remote is giving a lot of timeouts or bigger if you have lots of bandwidth and a fast remote.
The default is to run 4 file transfers in parallel.
This forces rclone to skip any files which exist on the destination and have a modified time that is newer than the source file.
This can be useful when transferring to a remote which doesn't support mod times directly (or when using --use-server-modtime
to avoid extra API calls) as it is more accurate than a --size-only
check and faster than using --checksum
.
If an existing destination file has a modification time equal (within the computed modify window precision) to the source file's, it will be updated if the sizes are different. If --checksum
is set then rclone will update the destination if the checksums differ too.
If an existing destination file is older than the source file then it will be updated if the size or checksum differs from the source file.
On remotes which don't support mod time directly (or when using --use-server-modtime
) the time checked will be the uploaded time. This means that if uploading to one of these remotes, rclone will skip any files which exist on the destination and have an uploaded time that is newer than the modification time of the source file.
If this flag is set then rclone will use anonymous memory allocated by mmap on Unix based platforms and VirtualAlloc on Windows for its transfer buffers (size controlled by --buffer-size
). Memory allocated like this does not go on the Go heap and can be returned to the OS immediately when it is finished with.
If this flag is not set then rclone will allocate and free the buffers using the Go memory allocator which may use more memory as memory pages are returned less aggressively to the OS.
It is possible this does not work well on all platforms so it is disabled by default; in the future it may be enabled by default.
Some object-store backends (e.g, Swift, S3) do not preserve file modification times (modtime). On these backends, rclone stores the original modtime as additional metadata on the object. By default it will make an API call to retrieve the metadata when the modtime is needed by an operation.
Use this flag to disable the extra API call and rely instead on the server's modified time. In cases such as a local to remote sync using --update
, knowing the local file is newer than the time it was last uploaded to the remote is sufficient. In those cases, this flag can speed up the process and reduce the number of API calls necessary.
Using this flag on a sync operation without also using --update
would cause all files modified at any time other than the last upload time to be uploaded again, which is probably not what you want.
With -v
rclone will tell you about each file that is transferred and a small number of significant events.
With -vv
rclone will become very verbose telling you about every file it considers and transfers. Please send bug reports with a log with this setting.
Prints the version number
The outgoing SSL/TLS connections rclone makes can be controlled with these options. For example this can be very useful with the HTTP or WebDAV backends. Rclone HTTP servers have their own set of configuration for SSL/TLS which you can find in their documentation.
This loads the PEM encoded certificate authority certificate and uses it to verify the certificates of the servers rclone connects to.
If you have generated certificates signed with a local CA then you will need this flag to connect to servers using those certificates.
This loads the PEM encoded client side certificate.
This is used for mutual TLS authentication.
The --client-key
flag is required too when using this.
This loads the PEM encoded client side private key used for mutual TLS authentication. Used in conjunction with --client-cert
.
--no-check-certificate
controls whether a client verifies the server's certificate chain and host name. If --no-check-certificate
is true, TLS accepts any certificate presented by the server and any host name in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
This option defaults to false
.
This should be used only for testing.
Your configuration file contains information for logging in to your cloud services. This means that you should keep your rclone.conf
file in a secure location.
If you are in an environment where that isn't possible, you can add a password to your configuration. This means that you will have to supply the password every time you start rclone.
To add a password to your rclone configuration, execute rclone config
.
>rclone config
Current remotes:
e) Edit existing remote
n) New remote
d) Delete remote
s) Set configuration password
q) Quit config
e/n/d/s/q>
Go into s
, Set configuration password:
e/n/d/s/q> s
Your configuration is not encrypted.
If you add a password, you will protect your login information to cloud services.
a) Add Password
q) Quit to main menu
a/q> a
Enter NEW configuration password:
password:
Confirm NEW password:
password:
Password set
Your configuration is encrypted.
c) Change Password
u) Unencrypt configuration
q) Quit to main menu
c/u/q>
Your configuration is now encrypted, and every time you start rclone you will have to supply the password. See below for details. In the same menu, you can change the password or completely remove encryption from your configuration.
There is no way to recover the configuration if you lose your password.
rclone uses nacl secretbox which in turn uses XSalsa20 and Poly1305 to encrypt and authenticate your configuration with secret-key cryptography. The password is SHA-256 hashed, which produces the key for secretbox. The hashed password is not stored.
While this provides very good security, we do not recommend storing your encrypted rclone configuration in public if it contains sensitive information, maybe except if you use a very strong password.
If it is safe in your environment, you can set the RCLONE_CONFIG_PASS
environment variable to contain your password, in which case it will be used for decrypting the configuration.
You can set this for a session from a script. For unix like systems save this to a file called set-rclone-password
:
#!/bin/echo Source this file don't run it
read -s RCLONE_CONFIG_PASS
export RCLONE_CONFIG_PASS
Then source the file when you want to use it. From the shell you would do source set-rclone-password
. It will then ask you for the password and set it in the environment variable.
An alternate means of supplying the password is to provide a script which will retrieve the password and print on standard output. This script should have a fully specified path name and not rely on any environment variables. The script is supplied either via --password-command="..."
command line argument or via the RCLONE_PASSWORD_COMMAND
environment variable.
One useful example of this is using the passwordstore
application to retrieve the password:
export RCLONE_PASSWORD_COMMAND="pass rclone/config"
If the passwordstore
password manager holds the password for the rclone configuration, using the script method means the password is primarily protected by the passwordstore
system, and is never embedded in the clear in scripts, nor available for examination using the standard commands available. It is quite possible with long running rclone sessions for copies of passwords to be innocently captured in log files or terminal scroll buffers, etc. Using the script method of supplying the password enhances the security of the config password considerably.
If you are running rclone inside a script, unless you are using the --password-command
method, you might want to disable password prompts. To do that, pass the parameter --ask-password=false
to rclone. This will make rclone fail instead of asking for a password if RCLONE_CONFIG_PASS
doesn't contain a valid password, and --password-command
has not been supplied.
Whenever running commands that may be affected by options in a configuration file, rclone will look for an existing file according to the rules described above, and load any it finds. If an encrypted file is found, this includes decrypting it, with the possible consequence of a password prompt. When executing a command line that you know are not actually using anything from such a configuration file, you can avoid it being loaded by overriding the location, e.g. with one of the documented special values for memory-only configuration. Since only backend options can be stored in configuration files, this is normally unnecessary for commands that do not operate on backends, e.g. genautocomplete
. However, it will be relevant for commands that do operate on backends in general, but are used without referencing a stored remote, e.g. listing local filesystem paths, or connection strings: rclone --config="" ls .
These options are useful when developing or debugging rclone. There are also some more remote specific options which aren't documented here which are used for testing. These start with remote name e.g. --drive-test-option
- see the docs for the remote in question.
Write CPU profile to file. This can be analysed with go tool pprof
.
The --dump
flag takes a comma separated list of flags to dump info about.
Note that some headers including Accept-Encoding
as shown may not be correct in the request and the response may not show Content-Encoding
if the go standard libraries auto gzip encoding was in effect. In this case the body of the request will be gunzipped before showing it.
The available flags are:
Dump HTTP headers with Authorization:
lines removed. May still contain sensitive info. Can be very verbose. Useful for debugging only.
Use --dump auth
if you do want the Authorization:
headers.
Dump HTTP headers and bodies - may contain sensitive info. Can be very verbose. Useful for debugging only.
Note that the bodies are buffered in memory so don't use this for enormous files.
Like --dump bodies
but dumps the request bodies and the response headers. Useful for debugging download problems.
Like --dump bodies
but dumps the response bodies and the request headers. Useful for debugging upload problems.
Dump HTTP headers - will contain sensitive info such as Authorization:
headers - use --dump headers
to dump without Authorization:
headers. Can be very verbose. Useful for debugging only.
Dump the filters to the output. Useful to see exactly what include and exclude options are filtering on.
This dumps a list of the running go-routines at the end of the command to standard output.
This dumps a list of the open files at the end of the command. It uses the lsof
command to do that so you'll need that installed to use it.
Write memory profile to file. This can be analysed with go tool pprof
.
For the filtering options
--delete-excluded
--filter
--filter-from
--exclude
--exclude-from
--include
--include-from
--files-from
--files-from-raw
--min-size
--max-size
--min-age
--max-age
--dump filters
See the filtering section.
For the remote control options and for instructions on how to remote control rclone
--rc
--rc-
See the remote control section.
rclone has 4 levels of logging, ERROR
, NOTICE
, INFO
and DEBUG
.
By default, rclone logs to standard error. This means you can redirect standard error and still see the normal output of rclone commands (e.g. rclone ls
).
By default, rclone will produce Error
and Notice
level messages.
If you use the -q
flag, rclone will only produce Error
messages.
If you use the -v
flag, rclone will produce Error
, Notice
and Info
messages.
If you use the -vv
flag, rclone will produce Error
, Notice
, Info
and Debug
messages.
You can also control the log levels with the --log-level
flag.
If you use the --log-file=FILE
option, rclone will redirect Error
, Info
and Debug
messages along with standard error to FILE.
If you use the --syslog
flag then rclone will log to syslog and the --syslog-facility
control which facility it uses.
Rclone prefixes all log messages with their level in capitals, e.g. INFO which makes it easy to grep the log file for different kinds of information.
If any errors occur during the command execution, rclone will exit with a non-zero exit code. This allows scripts to detect when rclone operations have failed.
During the startup phase, rclone will exit immediately if an error is detected in the configuration. There will always be a log message immediately before exiting.
When rclone is running it will accumulate errors as it goes along, and only exit with a non-zero exit code if (after retries) there were still failed transfers. For every error counted there will be a high priority log message (visible with -q
) showing the message and which file caused the problem. A high priority message is also shown when starting a retry so the user can see that any previous error messages may not be valid after the retry. If rclone has done a retry it will log a high priority message if the retry was successful.
0
- success1
- Syntax or usage error2
- Error not otherwise categorised3
- Directory not found4
- File not found5
- Temporary error (one that more retries might fix) (Retry errors)6
- Less serious errors (like 461 errors from dropbox) (NoRetry errors)7
- Fatal error (one that more retries won't fix, like account suspended) (Fatal errors)8
- Transfer exceeded - limit set by --max-transfer reached9
- Operation successful, but no files transferredRclone can be configured entirely using environment variables. These can be used to set defaults for options or config file entries.
Every option in rclone can have its default set by environment variable.
To find the name of the environment variable, first, take the long option name, strip the leading --
, change -
to _
, make upper case and prepend RCLONE_
.
For example, to always set --stats 5s
, set the environment variable RCLONE_STATS=5s
. If you set stats on the command line this will override the environment variable setting.
Or to always use the trash in drive --drive-use-trash
, set RCLONE_DRIVE_USE_TRASH=true
.
The same parser is used for the options and the environment variables so they take exactly the same form.
The options set by environment variables can be seen with the -vv
flag, e.g. rclone version -vv
.
You can set defaults for values in the config file on an individual remote basis. The names of the config items are documented in the page for each backend.
To find the name of the environment variable, you need to set, take RCLONE_CONFIG_
+ name of remote + _
+ name of config file option and make it all uppercase.
For example, to configure an S3 remote named mys3:
without a config file (using unix ways of setting environment variables):
$ export RCLONE_CONFIG_MYS3_TYPE=s3
$ export RCLONE_CONFIG_MYS3_ACCESS_KEY_ID=XXX
$ export RCLONE_CONFIG_MYS3_SECRET_ACCESS_KEY=XXX
$ rclone lsd MYS3:
-1 2016-09-21 12:54:21 -1 my-bucket
$ rclone listremotes | grep mys3
mys3:
Note that if you want to create a remote using environment variables you must create the ..._TYPE
variable as above.
Note that you can only set the options of the immediate backend, so RCLONE_CONFIG_MYS3CRYPT_ACCESS_KEY_ID has no effect, if myS3Crypt is a crypt remote based on an S3 remote. However RCLONE_S3_ACCESS_KEY_ID will set the access key of all remotes using S3, including myS3Crypt.
Note also that now rclone has connection strings, it is probably easier to use those instead which makes the above example
rclone lsd :s3,access_key_id=XXX,secret_access_key=XXX:
The various different methods of backend configuration are read in this order and the first one with a value is used.
myRemote,skip_links:
--skip-links
RCLONE_CONFIG_MYREMOTE_SKIP_LINKS
(see above).RCLONE_LOCAL_SKIP_LINKS
.RCLONE_SKIP_LINKS
.skip_links = true
.false
- these can't be changed.So if both --skip-links
is supplied on the command line and an environment variable RCLONE_LOCAL_SKIP_LINKS
is set, the command line flag will take preference.
The backend configurations set by environment variables can be seen with the -vv
flag, e.g. rclone about myRemote: -vv
.
For non backend configuration the order is as follows:
--stats 5s
.RCLONE_STATS=5s
.1m
- these can't be changed.RCLONE_CONFIG_PASS
set to contain your config file password (see Configuration Encryption section)HTTP_PROXY
, HTTPS_PROXY
and NO_PROXY
(or the lowercase versions thereof).
HTTPS_PROXY
takes precedence over HTTP_PROXY
for https requests.USER
and LOGNAME
values are used as fallbacks for current username. The primary method for looking up username is OS-specific: Windows API on Windows, real user ID in /etc/passwd on Unix systems. In the documentation the current username is simply referred to as $USER
.RCLONE_CONFIG_DIR
- rclone sets this variable for use in config files and sub processes to point to the directory holding the config file.The options set by environment variables can be seen with the -vv
and --log-level=DEBUG
flags, e.g. rclone version -vv
.
Some of the configurations (those involving oauth2) require an Internet connected web browser.
If you are trying to set rclone up on a remote or headless box with no browser available on it (e.g. a NAS or a server in a datacenter) then you will need to use an alternative means of configuration. There are two ways of doing it, described below.
On the headless box run rclone
config but answer N
to the Use auto config?
question.
...
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n> n
For this to work, you will need rclone available on a machine that has
a web browser available.
For more help and alternate methods see: https://rclone.org/remote_setup/
Execute the following on the machine with the web browser (same rclone
version recommended):
rclone authorize "amazon cloud drive"
Then paste the result below:
result>
Then on your main desktop machine
rclone authorize "amazon cloud drive"
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
Paste the following into your remote machine --->
SECRET_TOKEN
<---End paste
Then back to the headless box, paste in the code
result> SECRET_TOKEN
--------------------
[acd12]
client_id =
client_secret =
token = SECRET_TOKEN
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d>
Rclone stores all of its config in a single configuration file. This can easily be copied to configure a remote rclone.
So first configure rclone on your desktop machine with
rclone config
to set up the config file.
Find the config file by running rclone config file
, for example
$ rclone config file
Configuration file is stored at:
/home/user/.rclone.conf
Now transfer it to the remote box (scp, cut paste, ftp, sftp, etc.) and place it in the correct place (use rclone config file
on the remote box to find out where).
Filter flags determine which files rclone sync
, move
, ls
, lsl
, md5sum
, sha1sum
, size
, delete
, check
and similar commands apply to.
They are specified in terms of path/file name patterns; path/file lists; file age and size, or presence of a file in a directory. Bucket based remotes without the concept of directory apply filters to object key, age and size in an analogous way.
Rclone purge
does not obey filters.
To test filters without risk of damage to data, apply them to rclone ls
, or with the --dry-run
and -vv
flags.
Rclone filter patterns can only be used in filter command line options, not in the specification of a remote.
E.g. rclone copy "remote:dir*.jpg" /path/to/dir
does not have a filter effect. rclone copy remote:dir /path/to/dir --include "*.jpg"
does.
Important Avoid mixing any two of --include...
, --exclude...
or --filter...
flags in an rclone command. The results may not be what you expect. Instead use a --filter...
flag.
Rclone matching rules follow a glob style:
* matches any sequence of non-separator (/) characters
** matches any sequence of characters including / separators
? matches any single non-separator (/) character
[ [ ! ] { character-range } ]
character class (must be non-empty)
{ pattern-list }
pattern alternatives
c matches character c (c != *, **, ?, \, [, {, })
\c matches reserved character c (c = *, **, ?, \, [, {, })
character-range:
c matches character c (c != \, -, ])
\c matches reserved character c (c = \, -, ])
lo - hi matches character c for lo <= c <= hi
pattern-list:
pattern { , pattern }
comma-separated (without spaces) patterns
character classes (see Go regular expression reference) include:
Named character classes (e.g. [\d], [^\d], [\D], [^\D])
Perl character classes (e.g. \s, \S, \w, \W)
ASCII character classes (e.g. [[:alnum:]], [[:alpha:]], [[:punct:]], [[:xdigit:]])
If the filter pattern starts with a /
then it only matches at the top level of the directory tree, relative to the root of the remote (not necessarily the root of the drive). If it does not start with /
then it is matched starting at the end of the path/file name but it only matches a complete path element - it must match from a /
separator or the beginning of the path/file.
file.jpg - matches "file.jpg"
- matches "directory/file.jpg"
- doesn't match "afile.jpg"
- doesn't match "directory/afile.jpg"
/file.jpg - matches "file.jpg" in the root directory of the remote
- doesn't match "afile.jpg"
- doesn't match "directory/file.jpg"
The top level of the remote may not be the top level of the drive.
E.g. for a Microsoft Windows local directory structure
F:
├── bkp
├── data
│ ├── excl
│ │ ├── 123.jpg
│ │ └── 456.jpg
│ ├── incl
│ │ └── document.pdf
To copy the contents of folder data
into folder bkp
excluding the contents of subfolder excl
the following command treats F:\data
and F:\bkp
as top level for filtering.
rclone copy F:\data\ F:\bkp\ --exclude=/excl/**
Important Use /
in path/file name patterns and not \
even if running on Microsoft Windows.
Simple patterns are case sensitive unless the --ignore-case
flag is used.
Without --ignore-case
(default)
potato - matches "potato"
- doesn't match "POTATO"
With --ignore-case
potato - matches "potato"
- matches "POTATO"
Rclone path/file name filters are made up of one or more of the following flags:
--include
--include-from
--exclude
--exclude-from
--filter
--filter-from
There can be more than one instance of individual flags.
Rclone internally uses a combined list of all the include and exclude rules. The order in which rules are processed can influence the result of the filter.
All flags of the same type are processed together in the order above, regardless of what order the different types of flags are included on the command line.
Multiple instances of the same flag are processed from left to right according to their position in the command line.
To mix up the order of processing includes and excludes use --filter...
flags.
Within --include-from
, --exclude-from
and --filter-from
flags rules are processed from top to bottom of the referenced file.
If there is an --include
or --include-from
flag specified, rclone implies a - **
rule which it adds to the bottom of the internal rule list. Specifying a +
rule with a --filter...
flag does not imply that rule.
Each path/file name passed through rclone is matched against the combined filter list. At first match to a rule the path/file name is included or excluded and no further filter rules are processed for that path/file.
If rclone does not find a match, after testing against all rules (including the implied rule if appropriate), the path/file name is included.
Any path/file included at that stage is processed by the rclone command.
--files-from
and --files-from-raw
flags over-ride and cannot be combined with other filter options.
To see the internal combined rule list, in regular expression form, for a command add the --dump filters
flag. Running an rclone command with --dump filters
and -vv
flags lists the internal filter elements and shows how they are applied to each source path/file. There is not currently a means provided to pass regular expression filter options into rclone directly though character class filter rules contain character classes. Go regular expression reference
Rclone commands are applied to path/file names not directories. The entire contents of a directory can be matched to a filter by the pattern directory/*
or recursively by directory/**
.
Directory filter rules are defined with a closing /
separator.
E.g. /directory/subdirectory/
is an rclone directory filter rule.
Rclone commands can use directory filter rules to determine whether they recurse into subdirectories. This potentially optimises access to a remote by avoiding listing unnecessary directories. Whether optimisation is desirable depends on the specific filter rules and source remote content.
Directory recursion optimisation occurs if either:
A source remote does not support the rclone ListR
primitive. local, sftp, Microsoft OneDrive and WebDav do not support ListR
. Google Drive and most bucket type storage do. Full list
On other remotes (those that support ListR
), if the rclone command is not naturally recursive, and provided it is not run with the --fast-list
flag. ls
, lsf -R
and size
are naturally recursive but sync
, copy
and move
are not.
Whenever the --disable ListR
flag is applied to an rclone command.
Rclone commands imply directory filter rules from path/file filter rules. To view the directory filter rules rclone has implied for a command specify the --dump filters
flag.
E.g. for an include rule
/a/*.jpg
Rclone implies the directory include rule
/a/
Directory filter rules specified in an rclone command can limit the scope of an rclone command but path/file filters still have to be specified.
E.g. rclone ls remote: --include /directory/
will not match any files. Because it is an --include
option the --exclude **
rule is implied, and the /directory/
pattern serves only to optimise access to the remote by ignoring everything outside of that directory.
E.g. rclone ls remote: --filter-from filter-list.txt
with a file filter-list.txt
:
- /dir1/
- /dir2/
+ *.pdf
- **
All files in directories dir1
or dir2
or their subdirectories are completely excluded from the listing. Only files of suffix pdf
in the root of remote:
or its subdirectories are listed. The - **
rule prevents listing of any path/files not previously matched by the rules above.
Option exclude-if-present
creates a directory exclude rule based on the presence of a file in a directory and takes precedence over other rclone directory filter rules.
When using pattern list syntax, if a pattern item contains either /
or **
, then rclone will not able to imply a directory filter rule from this pattern list.
E.g. for an include rule
{dir1/**,dir2/**}
Rclone will match files below directories dir1
or dir2
only, but will not be able to use this filter to exclude a directory dir3
from being traversed.
Directory recursion optimisation may affect performance, but normally not the result. One exception to this is sync operations with option --create-empty-src-dirs
, where any traversed empty directories will be created. With the pattern list example {dir1/**,dir2/**}
above, this would create an empty directory dir3
on destination (when it exists on source). Changing the filter to {dir1,dir2}/**
, or splitting it into two include rules --include dir1/** --include dir2/**
, will match the same files while also filtering directories, with the result that an empty directory dir3
will no longer be created.
--exclude
- Exclude files matching patternExcludes path/file names from an rclone command based on a single exclude rule.
This flag can be repeated. See above for the order filter flags are processed in.
--exclude
should not be used with --include
, --include-from
, --filter
or --filter-from
flags.
--exclude
has no effect when combined with --files-from
or --files-from-raw
flags.
E.g. rclone ls remote: --exclude *.bak
excludes all .bak files from listing.
E.g. rclone size remote: "--exclude /dir/**"
returns the total size of all files on remote:
excluding those in root directory dir
and sub directories.
E.g. on Microsoft Windows rclone ls remote: --exclude "*\[{JP,KR,HK}\]*"
lists the files in remote:
with [JP]
or [KR]
or [HK]
in their name. Quotes prevent the shell from interpreting the \
characters.\
characters escape the [
and ]
so an rclone filter treats them literally rather than as a character-range. The {
and }
define an rclone pattern list. For other operating systems single quotes are required ie rclone ls remote: --exclude '*\[{JP,KR,HK}\]*'
--exclude-from
- Read exclude patterns from fileExcludes path/file names from an rclone command based on rules in a named file. The file contains a list of remarks and pattern rules.
For an example exclude-file.txt
:
# a sample exclude rule file
*.bak
file2.jpg
rclone ls remote: --exclude-from exclude-file.txt
lists the files on remote:
except those named file2.jpg
or with a suffix .bak
. That is equivalent to rclone ls remote: --exclude file2.jpg --exclude "*.bak"
.
This flag can be repeated. See above for the order filter flags are processed in.
The --exclude-from
flag is useful where multiple exclude filter rules are applied to an rclone command.
--exclude-from
should not be used with --include
, --include-from
, --filter
or --filter-from
flags.
--exclude-from
has no effect when combined with --files-from
or --files-from-raw
flags.
--exclude-from
followed by -
reads filter rules from standard input.
--include
- Include files matching patternAdds a single include rule based on path/file names to an rclone command.
This flag can be repeated. See above for the order filter flags are processed in.
--include
has no effect when combined with --files-from
or --files-from-raw
flags.
--include
implies --exclude **
at the end of an rclone internal filter list. Therefore if you mix --include
and --include-from
flags with --exclude
, --exclude-from
, --filter
or --filter-from
, you must use include rules for all the files you want in the include statement. For more flexibility use the --filter-from
flag.
E.g. rclone ls remote: --include "*.{png,jpg}"
lists the files on remote:
with suffix .png
and .jpg
. All other files are excluded.
E.g. multiple rclone copy commands can be combined with --include
and a pattern-list.
rclone copy /vol1/A remote:A
rclone copy /vol1/B remote:B
is equivalent to:
rclone copy /vol1 remote: --include "{A,B}/**"
E.g. rclone ls remote:/wheat --include "??[^[:punct:]]*"
lists the files remote:
directory wheat
(and subdirectories) whose third character is not punctuation. This example uses an ASCII character class.
--include-from
- Read include patterns from fileAdds path/file names to an rclone command based on rules in a named file. The file contains a list of remarks and pattern rules.
For an example include-file.txt
:
# a sample include rule file
*.jpg
file2.avi
rclone ls remote: --include-from include-file.txt
lists the files on remote:
with name file2.avi
or suffix .jpg
. That is equivalent to rclone ls remote: --include file2.avi --include "*.jpg"
.
This flag can be repeated. See above for the order filter flags are processed in.
The --include-from
flag is useful where multiple include filter rules are applied to an rclone command.
--include-from
implies --exclude **
at the end of an rclone internal filter list. Therefore if you mix --include
and --include-from
flags with --exclude
, --exclude-from
, --filter
or --filter-from
, you must use include rules for all the files you want in the include statement. For more flexibility use the --filter-from
flag.
--exclude-from
has no effect when combined with --files-from
or --files-from-raw
flags.
--exclude-from
followed by -
reads filter rules from standard input.
--filter
- Add a file-filtering ruleSpecifies path/file names to an rclone command, based on a single include or exclude rule, in +
or -
format.
This flag can be repeated. See above for the order filter flags are processed in.
--filter +
differs from --include
. In the case of --include
rclone implies an --exclude *
rule which it adds to the bottom of the internal rule list. --filter...+
does not imply that rule.
--filter
has no effect when combined with --files-from
or --files-from-raw
flags.
--filter
should not be used with --include
, --include-from
, --exclude
or --exclude-from
flags.
E.g. rclone ls remote: --filter "- *.bak"
excludes all .bak
files from a list of remote:
.
--filter-from
- Read filtering patterns from a fileAdds path/file names to an rclone command based on rules in a named file. The file contains a list of remarks and pattern rules. Include rules start with +
and exclude rules with -
. !
clears existing rules. Rules are processed in the order they are defined.
This flag can be repeated. See above for the order filter flags are processed in.
Arrange the order of filter rules with the most restrictive first and work down.
E.g. for filter-file.txt
:
# a sample filter rule file
- secret*.jpg
+ *.jpg
+ *.png
+ file2.avi
- /dir/Trash/**
+ /dir/**
# exclude everything else
- *
rclone ls remote: --filter-from filter-file.txt
lists the path/files on remote:
including all jpg
and png
files, excluding any matching secret*.jpg
and including file2.avi
. It also includes everything in the directory dir
at the root of remote
, except remote:dir/Trash
which it excludes. Everything else is excluded.
E.g. for an alternative filter-file.txt
:
- secret*.jpg
+ *.jpg
+ *.png
+ file2.avi
- *
Files file1.jpg
, file3.png
and file2.avi
are listed whilst secret17.jpg
and files without the suffix .jpgor
.png` are excluded.
E.g. for an alternative filter-file.txt
:
+ *.jpg
+ *.gif
!
+ 42.doc
- *
Only file 42.doc is listed. Prior rules are cleared by the !
.
--files-from
- Read list of source-file namesAdds path/files to an rclone command from a list in a named file. Rclone processes the path/file names in the order of the list, and no others.
Other filter flags (--include
, --include-from
, --exclude
, --exclude-from
, --filter
and --filter-from
) are ignored when --files-from
is used.
--files-from
expects a list of files as its input. Leading or trailing whitespace is stripped from the input lines. Lines starting with #
or ;
are ignored.
Rclone commands with a --files-from
flag traverse the remote, treating the names in --files-from
as a set of filters.
If the --no-traverse
and --files-from
flags are used together an rclone command does not traverse the remote. Instead it addresses each path/file named in the file individually. For each path/file name, that requires typically 1 API call. This can be efficient for a short --files-from
list and a remote containing many files.
Rclone commands do not error if any names in the --files-from
file are missing from the source remote.
The --files-from
flag can be repeated in a single rclone command to read path/file names from more than one file. The files are read from left to right along the command line.
Paths within the --files-from
file are interpreted as starting with the root specified in the rclone command. Leading /
separators are ignored. See --files-from-raw if you need the input to be processed in a raw manner.
E.g. for a file files-from.txt
:
# comment
file1.jpg
subdir/file2.jpg
rclone copy --files-from files-from.txt /home/me/pics remote:pics
copies the following, if they exist, and only those files.
/home/me/pics/file1.jpg → remote:pics/file1.jpg
/home/me/pics/subdir/file2.jpg → remote:pics/subdir/file2.jpg
E.g. to copy the following files referenced by their absolute paths:
/home/user1/42
/home/user1/dir/ford
/home/user2/prefect
First find a common subdirectory - in this case /home
and put the remaining files in files-from.txt
with or without leading /
, e.g.
user1/42
user1/dir/ford
user2/prefect
Then copy these to a remote:
rclone copy --files-from files-from.txt /home remote:backup
The three files are transferred as follows:
/home/user1/42 → remote:backup/user1/important
/home/user1/dir/ford → remote:backup/user1/dir/file
/home/user2/prefect → remote:backup/user2/stuff
Alternatively if /
is chosen as root files-from.txt
will be:
/home/user1/42
/home/user1/dir/ford
/home/user2/prefect
The copy command will be:
rclone copy --files-from files-from.txt / remote:backup
Then there will be an extra home
directory on the remote:
/home/user1/42 → remote:backup/home/user1/42
/home/user1/dir/ford → remote:backup/home/user1/dir/ford
/home/user2/prefect → remote:backup/home/user2/prefect
--files-from-raw
- Read list of source-file names without any processingThis flag is the same as --files-from
except that input is read in a raw manner. Lines with leading / trailing whitespace, and lines starting with ;
or #
are read without any processing. rclone lsf has a compatible format that can be used to export file lists from remotes for input to --files-from-raw
.
--ignore-case
- make searches case insensitiveBy default rclone filter patterns are case sensitive. The --ignore-case
flag makes all of the filters patterns on the command line case insensitive.
E.g. --include "zaphod.txt"
does not match a file Zaphod.txt
. With --ignore-case
a match is made.
Rclone commands with filter patterns containing shell metacharacters may not as work as expected in your shell and may require quoting.
E.g. linux, OSX (*
metacharacter)
--include \*.jpg
--include '*.jpg'
--include='*.jpg'
Microsoft Windows expansion is done by the command, not shell, so --include *.jpg
does not require quoting.
If the rclone error Command .... needs .... arguments maximum: you provided .... non flag arguments:
is encountered, the cause is commonly spaces within the name of a remote or flag value. The fix then is to quote values containing spaces.
--min-size
- Don't transfer any file smaller than thisControls the minimum size file within the scope of an rclone command. Default units are KiByte
but abbreviations K
, M
, G
, T
or P
are valid.
E.g. rclone ls remote: --min-size 50k
lists files on remote:
of 50 KiByte size or larger.
--max-size
- Don't transfer any file larger than thisControls the maximum size file within the scope of an rclone command. Default units are KiByte
but abbreviations K
, M
, G
, T
or P
are valid.
E.g. rclone ls remote: --max-size 1G
lists files on remote:
of 1 GiByte size or smaller.
--max-age
- Don't transfer any file older than thisControls the maximum age of files within the scope of an rclone command. Default units are seconds or the following abbreviations are valid:
ms
- Millisecondss
- Secondsm
- Minutesh
- Hoursd
- Daysw
- WeeksM
- Monthsy
- Years--max-age
can also be specified as an absolute time in the following formats:
2006-01-02T15:04:05Z
or 2006-01-02T15:04:05+07:00
2006-01-02T15:04:05
2006-01-02 15:04:05
2006-01-02
(YYYY-MM-DD)--max-age
applies only to files and not to directories.
E.g. rclone ls remote: --max-age 2d
lists files on remote:
of 2 days old or less.
--min-age
- Don't transfer any file younger than thisControls the minimum age of files within the scope of an rclone command. (see --max-age
for valid formats)
--min-age
applies only to files and not to directories.
E.g. rclone ls remote: --min-age 2d
lists files on remote:
of 2 days old or more.
--delete-excluded
- Delete files on dest excluded from syncImportant this flag is dangerous to your data - use with --dry-run
and -v
first.
In conjunction with rclone sync
, --delete-excluded
deletes any files on the destination which are excluded from the command.
E.g. the scope of rclone sync -i A: B:
can be restricted:
rclone --min-size 50k --delete-excluded sync A: B:
All files on B:
which are less than 50 KiByte are deleted because they are excluded from the rclone sync command.
--dump filters
- dump the filters to the outputDumps the defined filters to standard output in regular expression format.
Useful for debugging.
The --exclude-if-present
flag controls whether a directory is within the scope of an rclone command based on the presence of a named file within it.
This flag has a priority over other filter flags.
E.g. for the following directory structure:
dir1/file1
dir1/dir2/file2
dir1/dir2/dir3/file3
dir1/dir2/dir3/.ignore
The command rclone ls --exclude-if-present .ignore dir1
does not list dir3
, file3
or .ignore
.
--exclude-if-present
can only be used once in an rclone command.
The most frequent filter support issues on the rclone forum are:
/
to match from the root of a remote**
to match the contents of a directoryRclone can serve a web based GUI (graphical user interface). This is somewhat experimental at the moment so things may be subject to change.
Run this command in a terminal and rclone will download and then display the GUI in a web browser.
rclone rcd --rc-web-gui
This will produce logs like this and rclone needs to continue to run to serve the GUI:
2019/08/25 11:40:14 NOTICE: A new release for gui is present at https://github.com/rclone/rclone-webui-react/releases/download/v0.0.6/currentbuild.zip
2019/08/25 11:40:14 NOTICE: Downloading webgui binary. Please wait. [Size: 3813937, Path : /home/USER/.cache/rclone/webgui/v0.0.6.zip]
2019/08/25 11:40:16 NOTICE: Unzipping
2019/08/25 11:40:16 NOTICE: Serving remote control on http://127.0.0.1:5572/
This assumes you are running rclone locally on your machine. It is possible to separate the rclone and the GUI - see below for details.
If you wish to check for updates then you can add --rc-web-gui-update
to the command line.
If you find your GUI broken, you may force it to update by add --rc-web-gui-force-update
.
By default, rclone will open your browser. Add --rc-web-gui-no-open-browser
to disable this feature.
Once the GUI opens, you will be looking at the dashboard which has an overall overview.
On the left hand side you will see a series of view buttons you can click on:
(More docs and walkthrough video to come!)
When you run the rclone rcd --rc-web-gui
this is what happens
login_token
so it can log straight in.The rclone rcd
may use any of the flags documented on the rc page.
The flag --rc-web-gui
is shorthand for
--rc-user gui
--rc-pass <random password>
--rc-serve
These flags can be overridden as desired.
See also the rclone rcd documentation.
For example the GUI could be served on a public port over SSL using an htpasswd file using the following flags:
--rc-web-gui
--rc-addr :443
--rc-htpasswd /path/to/htpasswd
--rc-cert /path/to/ssl.crt
--rc-key /path/to/ssl.key
If you want to run the GUI behind a proxy at /rclone
you could use these flags:
--rc-web-gui
--rc-baseurl rclone
--rc-htpasswd /path/to/htpasswd
Or instead of htpasswd if you just want a single user and password:
--rc-user me
--rc-pass mypassword
The GUI is being developed in the: rclone/rclone-webui-react repository.
Bug reports and contributions are very welcome :-)
If you have questions then please ask them on the rclone forum.
If rclone is run with the --rc
flag then it starts an HTTP server which can be used to remote control rclone using its API.
You can either use the rclone rc command to access the API or use HTTP directly.
If you just want to run a remote control then see the rcd command.
Flag to start the http server listen on remote requests
IPaddress:Port or :Port to bind server to. (default "localhost:5572")
SSL PEM key (concatenation of certificate and CA certificate)
Client certificate authority to verify clients with
htpasswd file - if not provided no authentication is done
SSL PEM Private key
Maximum size of request header (default 4096)
User name for authentication.
Password for authentication.
Realm for authentication (default "rclone")
Timeout for server reading data (default 1h0m0s)
Timeout for server writing data (default 1h0m0s)
Enable the serving of remote objects via the HTTP interface. This means objects will be accessible at http://127.0.0.1:5572/ by default, so you can browse to http://127.0.0.1:5572/ or http://127.0.0.1:5572/* to see a listing of the remotes. Objects may be requested from remotes using this syntax http://127.0.0.1:5572/[remote:path]/path/to/object
Default Off.
Path to local files to serve on the HTTP server.
If this is set then rclone will serve the files in that directory. It will also open the root in the web browser if specified. This is for implementing browser based GUIs for rclone functions.
If --rc-user
or --rc-pass
is set then the URL that is opened will have the authorization in the URL in the http://user:pass@localhost/
style.
Default Off.
Enable OpenMetrics/Prometheus compatible endpoint at /metrics
.
Default Off.
Set this flag to serve the default web gui on the same port as rclone.
Default Off.
Set the allowed Access-Control-Allow-Origin for rc requests.
Can be used with --rc-web-gui if the rclone is running on different IP than the web-gui.
Default is IP address on which rc is running.
Set the URL to fetch the rclone-web-gui files from.
Default https://api.github.com/repos/rclone/rclone-webui-react/releases/latest.
Set this flag to check and update rclone-webui-react from the rc-web-fetch-url.
Default Off.
Set this flag to force update rclone-webui-react from the rc-web-fetch-url.
Default Off.
Set this flag to disable opening browser automatically when using web-gui.
Default Off.
Expire finished async jobs older than DURATION (default 60s).
Interval duration to check for expired async jobs (default 10s).
By default rclone will require authorisation to have been set up on the rc interface in order to use any methods which access any rclone remotes. Eg operations/list
is denied as it involved creating a remote as is sync/copy
.
If this is set then no authorisation will be required on the server to use these methods. The alternative is to use --rc-user
and --rc-pass
and use these credentials in the request.
Default Off.
Rclone itself implements the remote control protocol in its rclone rc
command.
You can use it like this
$ rclone rc rc/noop param1=one param2=two
{
"param1": "one",
"param2": "two"
}
Run rclone rc
on its own to see the help for the installed remote control commands.
rclone rc
also supports a --json
flag which can be used to send more complicated input parameters.
$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 } }' rc/noop
{
"p1": [
1,
"2",
null,
4
],
"p2": {
"a": 1,
"b": 2
}
}
If the parameter being passed is an object then it can be passed as a JSON string rather than using the --json
flag which simplifies the command line.
rclone rc operations/list fs=/tmp remote=test opt='{"showHash": true}'
Rather than
rclone rc operations/list --json '{"fs": "/tmp", "remote": "test", "opt": {"showHash": true}}'
The rc interface supports some special parameters which apply to all commands. These start with _
to show they are different.
Each rc call is classified as a job and it is assigned its own id. By default jobs are executed immediately as they are created or synchronously.
If _async
has a true value when supplied to an rc call then it will return immediately with a job id and the task will be run in the background. The job/status
call can be used to get information of the background job. The job can be queried for up to 1 minute after it has finished.
It is recommended that potentially long running jobs, e.g. sync/sync
, sync/copy
, sync/move
, operations/purge
are run with the _async
flag to avoid any potential problems with the HTTP request and response timing out.
Starting a job with the _async
flag:
$ rclone rc --json '{ "p1": [1,"2",null,4], "p2": { "a":1, "b":2 }, "_async": true }' rc/noop
{
"jobid": 2
}
Query the status to see if the job has finished. For more information on the meaning of these return parameters see the job/status
call.
$ rclone rc --json '{ "jobid":2 }' job/status
{
"duration": 0.000124163,
"endTime": "2018-10-27T11:38:07.911245881+01:00",
"error": "",
"finished": true,
"id": 2,
"output": {
"_async": true,
"p1": [
1,
"2",
null,
4
],
"p2": {
"a": 1,
"b": 2
}
},
"startTime": "2018-10-27T11:38:07.911121728+01:00",
"success": true
}
job/list
can be used to show the running or recently completed jobs
$ rclone rc job/list
{
"jobids": [
2
]
}
If you wish to set config (the equivalent of the global flags) for the duration of an rc call only then pass in the _config
parameter.
This should be in the same format as the config
key returned by options/get.
For example, if you wished to run a sync with the --checksum
parameter, you would pass this parameter in your JSON blob.
"_config":{"CheckSum": true}
If using rclone rc
this could be passed as
rclone rc operations/sync ... _config='{"CheckSum": true}'
Any config parameters you don't set will inherit the global defaults which were set with command line flags or environment variables.
Note that it is possible to set some values as strings or integers - see data types for more info. Here is an example setting the equivalent of --buffer-size
in string or integer format.
"_config":{"BufferSize": "42M"}
"_config":{"BufferSize": 44040192}
If you wish to check the _config
assignment has worked properly then calling options/local
will show what the value got set to.
If you wish to set filters for the duration of an rc call only then pass in the _filter
parameter.
This should be in the same format as the filter
key returned by options/get.
For example, if you wished to run a sync with these flags
--max-size 1M --max-age 42s --include "a" --include "b"
you would pass this parameter in your JSON blob.
"_filter":{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}
If using rclone rc
this could be passed as
rclone rc ... _filter='{"MaxSize":"1M", "IncludeRule":["a","b"], "MaxAge":"42s"}'
Any filter parameters you don't set will inherit the global defaults which were set with command line flags or environment variables.
Note that it is possible to set some values as strings or integers - see data types for more info. Here is an example setting the equivalent of --buffer-size
in string or integer format.
"_filter":{"MinSize": "42M"}
"_filter":{"MinSize": 44040192}
If you wish to check the _filter
assignment has worked properly then calling options/local
will show what the value got set to.
Each rc call has its own stats group for tracking its metrics. By default grouping is done by the composite group name from prefix job/
and id of the job like so job/1
.
If _group
has a value then stats for that request will be grouped under that value. This allows caller to group stats under their own name.
Stats for specific group can be accessed by passing group
to core/stats
:
$ rclone rc --json '{ "group": "job/1" }' core/stats
{
"speed": 12345
...
}
When the API returns types, these will mostly be straight forward integer, string or boolean types.
However some of the types returned by the options/get call and taken by the options/set calls as well as the vfsOpt
, mountOpt
and the _config
parameters.
Duration
- these are returned as an integer duration in nanoseconds. They may be set as an integer, or they may be set with time string, eg "5s". See the options section for more info.Size
- these are returned as an integer number of bytes. They may be set as an integer or they may be set with a size suffix string, eg "10M". See the options section for more info.CutoffMode
, DumpFlags
, LogLevel
, VfsCacheMode
- these will be returned as an integer and may be set as an integer but more conveniently they can be set as a string, eg "HARD" for CutoffMode
or DEBUG
for LogLevel
.BandwidthSpec
- this will be set and returned as a string, eg "1M".Remotes are specified with the fs=
, srcFs=
, dstFs=
parameters depending on the command being used.
The parameters can be a string as per the rest of rclone, eg s3:bucket/path
or :sftp:/my/dir
. They can also be specified as JSON blobs.
If specifyng a JSON blob it should be a object mapping strings to strings. These values will be used to configure the remote. There are 3 special values which may be set:
type
- set to type
to specify a remote called :type:
_name
- set to name
to specify a remote called name:
_root
- sets the root of the remote - may be emptyOne of _name
or type
should normally be set. If the local
backend is desired then type
should be set to local
. If _root
isn't specified then it defaults to the root of the remote.
For example this JSON is equivalent to remote:/tmp
{
"_name": "remote",
"_path": "/tmp"
}
And this is equivalent to :sftp,host='example.com':/tmp
{
"type": "sftp",
"host": "example.com",
"_path": "/tmp"
}
And this is equivalent to /tmp/dir
{
type = "local",
_ path = "/tmp/dir"
}
This takes the following parameters
Returns
For example
rclone rc backend/command command=noop fs=. -o echo=yes -o blue -a path1 -a path2
Returns
{
"result": {
"arg": [
"path1",
"path2"
],
"name": "noop",
"opt": {
"blue": "",
"echo": "yes"
}
}
}
Note that this is the direct equivalent of using this "backend" command:
rclone backend noop . -o echo=yes -o blue path1 path2
Note that arguments must be preceded by the "-a" flag
See the backend command for more information.
Authentication is required for this call.
Purge a remote from the cache backend. Supports either a directory or a file. Params: - remote = path to remote (required) - withData = true/false to delete cached data (chunks) as well (optional)
Eg
rclone rc cache/expire remote=path/to/sub/folder/
rclone rc cache/expire remote=/ withData=true
Ensure the specified file chunks are cached on disk.
The chunks= parameter specifies the file chunks to check. It takes a comma separated list of array slice indices. The slice indices are similar to Python slices: start[:end]
start is the 0 based chunk number from the beginning of the file to fetch inclusive. end is 0 based chunk number from the beginning of the file to fetch exclusive. Both values can be negative, in which case they count from the back of the file. The value "-5:" represents the last 5 chunks of a file.
Some valid examples are: ":5,-5:" -> the first and last five chunks "0,-2" -> the first and the second last chunk "0:10" -> the first ten chunks
Any parameter with a key that starts with "file" can be used to specify files to fetch, e.g.
rclone rc cache/fetch chunks=0 file=hello file2=home/goodbye
File names will automatically be encrypted when the a crypt remote is used on top of the cache.
Show statistics for the cache remote.
This takes the following parameters
See the config create command command for more information on the above.
Authentication is required for this call.
Parameters:
See the config delete command command for more information on the above.
Authentication is required for this call.
Returns a JSON object: - key: value
Where keys are remote names and values are the config parameters.
See the config dump command command for more information on the above.
Authentication is required for this call.
Parameters:
See the config dump command command for more information on the above.
Authentication is required for this call.
Returns - remotes - array of remote names
See the listremotes command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the config password command command for more information on the above.
Authentication is required for this call.
Returns a JSON object: - providers - array of objects
See the config providers command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the config update command command for more information on the above.
Authentication is required for this call.
This sets the bandwidth limit to the string passed in. This should be a single bandwidth limit entry or a pair of upload:download bandwidth.
Eg
rclone rc core/bwlimit rate=off
{
"bytesPerSecond": -1,
"bytesPerSecondTx": -1,
"bytesPerSecondRx": -1,
"rate": "off"
}
rclone rc core/bwlimit rate=1M
{
"bytesPerSecond": 1048576,
"bytesPerSecondTx": 1048576,
"bytesPerSecondRx": 1048576,
"rate": "1M"
}
rclone rc core/bwlimit rate=1M:100k
{
"bytesPerSecond": 1048576,
"bytesPerSecondTx": 1048576,
"bytesPerSecondRx": 131072,
"rate": "1M"
}
If the rate parameter is not supplied then the bandwidth is queried
rclone rc core/bwlimit
{
"bytesPerSecond": 1048576,
"bytesPerSecondTx": 1048576,
"bytesPerSecondRx": 1048576,
"rate": "1M"
}
The format of the parameter is exactly the same as passed to --bwlimit except only one bandwidth may be specified.
In either case "rate" is returned as a human readable string, and "bytesPerSecond" is returned as a number.
This takes the following parameters
Returns
For example
rclone rc core/command command=ls -a mydrive:/ -o max-depth=1
rclone rc core/command -a ls -a mydrive:/ -o max-depth=1
Returns
{
"error": false,
"result": "<Raw command line output>"
}
OR
{
"error": true,
"result": "<Raw command line output>"
}
Authentication is required for this call.
This tells the go runtime to do a garbage collection run. It isn't necessary to call this normally, but it can be useful for debugging memory problems.
This returns list of stats groups currently in memory.
Returns the following values:
{
"groups": an array of group names:
[
"group1",
"group2",
...
]
}
This returns the memory statistics of the running program. What the values mean are explained in the go docs: https://golang.org/pkg/runtime/#MemStats
The most interesting values for most people are:
Pass a clear string and rclone will obscure it for the config file: - clear - string
Returns - obscured - string
This returns PID of current process. Useful for stopping rclone process.
(optional) Pass an exit code to be used for terminating the app: - exitCode - int
This returns all available stats:
rclone rc core/stats
If group is not provided then summed up stats for all groups will be returned.
Parameters
Returns the following values:
{
"bytes": total transferred bytes since the start of the group,
"checks": number of files checked,
"deletes" : number of files deleted,
"elapsedTime": time in floating point seconds since rclone was started,
"errors": number of errors,
"eta": estimated time in seconds until the group completes,
"fatalError": boolean whether there has been at least one fatal error,
"lastError": last error string,
"renames" : number of files renamed,
"retryError": boolean showing whether there has been at least one non-NoRetryError,
"speed": average speed in bytes per second since start of the group,
"totalBytes": total number of bytes in the group,
"totalChecks": total number of checks in the group,
"totalTransfers": total number of transfers in the group,
"transferTime" : total time spent on running jobs,
"transfers": number of transferred files,
"transferring": an array of currently active file transfers:
[
{
"bytes": total transferred bytes for this file,
"eta": estimated time in seconds until file transfer completion
"name": name of the file,
"percentage": progress of the file transfer in percent,
"speed": average speed over the whole transfer in bytes per second,
"speedAvg": current speed in bytes per second as an exponentially weighted moving average,
"size": size of the file in bytes
}
],
"checking": an array of names of currently active file checks
[]
}
Values for "transferring", "checking" and "lastError" are only assigned if data is available. The value for "eta" is null if an eta cannot be determined.
This deletes entire stats group
Parameters
This clears counters, errors and finished transfers for all stats or specific stats group if group is provided.
Parameters
This returns stats about completed transfers:
rclone rc core/transferred
If group is not provided then completed transfers for all groups will be returned.
Note only the last 100 completed transfers are returned.
Parameters
Returns the following values:
{
"transferred": an array of completed transfers (including failed ones):
[
{
"name": name of the file,
"size": size of the file in bytes,
"bytes": total transferred bytes for this file,
"checked": if the transfer is only checked (skipped, deleted),
"timestamp": integer representing millisecond unix epoch,
"error": string description of the error (empty if successful),
"jobid": id of the job that this transfer belongs to
}
]
}
This shows the current version of go and the go runtime
SetBlockProfileRate controls the fraction of goroutine blocking events that are reported in the blocking profile. The profiler aims to sample an average of one blocking event per rate nanoseconds spent blocked.
To include every blocking event in the profile, pass rate = 1. To turn off profiling entirely, pass rate <= 0.
After calling this you can use this to see the blocking profile:
go tool pprof http://localhost:5572/debug/pprof/block
Parameters
SetMutexProfileFraction controls the fraction of mutex contention events that are reported in the mutex profile. On average 1/rate events are reported. The previous rate is returned.
To turn off profiling entirely, pass rate 0. To just read the current rate, pass rate < 0. (For n>1 the details of sampling may change.)
Once this is set you can look use this to profile the mutex contention:
go tool pprof http://localhost:5572/debug/pprof/mutex
Parameters
Results
This clears the fs cache. This is where remotes created from backends are cached for a short while to make repeated rc calls more efficient.
If you change the parameters of a backend then you may want to call this to clear an existing remote out of the cache before re-creating it.
Authentication is required for this call.
This returns the number of entries in the fs cache.
Returns - entries - number of items in the cache
Authentication is required for this call.
Parameters - None
Results
Parameters
Results
Parameters
This shows currently mounted points, which can be used for performing an unmount
This takes no parameters and returns
Eg
rclone rc mount/listmounts
Authentication is required for this call.
rclone allows Linux, FreeBSD, macOS and Windows to mount any of Rclone's cloud storage systems as a file system with FUSE.
If no mountType is provided, the priority is given as follows: 1. mount 2.cmount 3.mount2
This takes the following parameters
Eg
rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint
rclone rc mount/mount fs=mydrive: mountPoint=/home/<user>/mountPoint mountType=mount
rclone rc mount/mount fs=TestDrive: mountPoint=/mnt/tmp vfsOpt='{"CacheMode": 2}' mountOpt='{"AllowOther": true}'
The vfsOpt are as described in options/get and can be seen in the the "vfs" section when running and the mountOpt can be seen in the "mount" section.
rclone rc options/get
Authentication is required for this call.
This shows all possible mount types and returns them as a list.
This takes no parameters and returns
The mount types are strings like "mount", "mount2", "cmount" and can be passed to mount/mount as the mountType parameter.
Eg
rclone rc mount/types
Authentication is required for this call.
rclone allows Linux, FreeBSD, macOS and Windows to mount any of Rclone's cloud storage systems as a file system with FUSE.
This takes the following parameters
Eg
rclone rc mount/unmount mountPoint=/home/<user>/mountPoint
Authentication is required for this call.
This shows currently mounted points, which can be used for performing an unmount
This takes no parameters and returns error if unmount does not succeed.
Eg
rclone rc mount/unmountall
Authentication is required for this call.
This takes the following parameters
The result is as returned from rclone about --json
See the about command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the cleanup command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
Authentication is required for this call.
This takes the following parameters
Authentication is required for this call.
This takes the following parameters
See the delete command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the deletefile command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
This returns info about the remote passed in;
{
// optional features and whether they are available or not
"Features": {
"About": true,
"BucketBased": false,
"CanHaveEmptyDirectories": true,
"CaseInsensitive": false,
"ChangeNotify": false,
"CleanUp": false,
"Copy": false,
"DirCacheFlush": false,
"DirMove": true,
"DuplicateFiles": false,
"GetTier": false,
"ListR": false,
"MergeDirs": false,
"Move": true,
"OpenWriterAt": true,
"PublicLink": false,
"Purge": true,
"PutStream": true,
"PutUnchecked": false,
"ReadMimeType": false,
"ServerSideAcrossConfigs": false,
"SetTier": false,
"SetWrapper": false,
"UnWrap": false,
"WrapFs": false,
"WriteMimeType": false
},
// Names of hashes available
"Hashes": [
"MD5",
"SHA-1",
"DropboxHash",
"QuickXorHash"
],
"Name": "local", // Name as created
"Precision": 1, // Precision of timestamps in ns
"Root": "/", // Path as created
"String": "Local file system at /" // how the remote will appear in logs
}
This command does not have a command line equivalent so use this instead:
rclone rc --loopback operations/fsinfo fs=remote:
This takes the following parameters
The result is
See the lsjson command for more information on the above and examples.
Authentication is required for this call.
This takes the following parameters
See the mkdir command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
Authentication is required for this call.
This takes the following parameters
Returns
See the link command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the purge command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the rmdir command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the rmdirs command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
Returns
See the size command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
Authentication is required for this call.
Returns - options - a list of the options block names
Returns an object where keys are option block names and values are an object with the current option values in.
Note that these are the global options which are unaffected by use of the _config and _filter parameters. If you wish to read the parameters set in _config then use options/config and for _filter use options/filter.
This shows the internal names of the option within rclone which should map to the external options very easily with a few exceptions.
Returns an object with the keys "config" and "filter". The "config" key contains the local config and the "filter" key contains the local filters.
Note that these are the local options specific to this rc call. If _config was not supplied then they will be the global options. Likewise with "_filter".
This call is mostly useful for seeing if _config and _filter passing is working.
This shows the internal names of the option within rclone which should map to the external options very easily with a few exceptions.
Parameters
Repeated as often as required.
Only supply the options you wish to change. If an option is unknown it will be silently ignored. Not all options will have an effect when changed like this.
For example:
This sets DEBUG level logs (-vv) (these can be set by number or string)
rclone rc options/set --json '{"main": {"LogLevel": "DEBUG"}}'
rclone rc options/set --json '{"main": {"LogLevel": 8}}'
And this sets INFO level logs (-v)
rclone rc options/set --json '{"main": {"LogLevel": "INFO"}}'
And this sets NOTICE level logs (normal without -v)
rclone rc options/set --json '{"main": {"LogLevel": "NOTICE"}}'
used for adding a plugin to the webgui
This takes the following parameters
Eg
rclone rc pluginsctl/addPlugin
Authentication is required for this call.
This shows all possible plugins by a mime type
This takes the following parameters
and returns
Eg
rclone rc pluginsctl/getPluginsForType type=video/mp4
Authentication is required for this call.
This allows you to get the currently enabled plugins and their details.
This takes no parameters and returns
Eg
rclone rc pluginsctl/listPlugins
Authentication is required for this call.
allows listing of test plugins with the rclone.test set to true in package.json of the plugin
This takes no parameters and returns
Eg
rclone rc pluginsctl/listTestPlugins
Authentication is required for this call.
This allows you to remove a plugin using it's name
This takes parameters
author
/plugin_name
Eg
rclone rc pluginsctl/removePlugin name=rclone/video-plugin
Authentication is required for this call.
This allows you to remove a plugin using it's name
This takes the following parameters
author
/plugin_name
Eg
rclone rc pluginsctl/removeTestPlugin name=rclone/rclone-webui-react
Authentication is required for this call.
This returns an error with the input as part of its error string. Useful for testing error handling.
This lists all the registered remote control commands as a JSON map in the commands response.
This echoes the input parameters to the output parameters for testing purposes. It can be used to check that rclone is still alive and to check that parameter passing is working properly.
This echoes the input parameters to the output parameters for testing purposes. It can be used to check that rclone is still alive and to check that parameter passing is working properly.
Authentication is required for this call.
This takes the following parameters
See the copy command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the move command command for more information on the above.
Authentication is required for this call.
This takes the following parameters
See the sync command command for more information on the above.
Authentication is required for this call.
This forgets the paths in the directory cache causing them to be re-read from the remote when needed.
If no paths are passed in then it will forget all the paths in the directory cache.
rclone rc vfs/forget
Otherwise pass files or dirs in as file=path or dir=path. Any parameter key starting with file will forget that file and any starting with dir will forget that dir, e.g.
rclone rc vfs/forget file=hello file2=goodbye dir=home/junk
This command takes an "fs" parameter. If this parameter is not supplied and if there is only one VFS in use then that VFS will be used. If there is more than one VFS in use then the "fs" parameter must be supplied.
This lists the active VFSes.
It returns a list under the key "vfses" where the values are the VFS names that could be passed to the other VFS commands in the "fs" parameter.
Without any parameter given this returns the current status of the poll-interval setting.
When the interval=duration parameter is set, the poll-interval value is updated and the polling function is notified. Setting interval=0 disables poll-interval.
rclone rc vfs/poll-interval interval=5m
The timeout=duration parameter can be used to specify a time to wait for the current poll function to apply the new value. If timeout is less or equal 0, which is the default, wait indefinitely.
The new poll-interval value will only be active when the timeout is not reached.
If poll-interval is updated or disabled temporarily, some changes might not get picked up by the polling function, depending on the used remote.
This command takes an "fs" parameter. If this parameter is not supplied and if there is only one VFS in use then that VFS will be used. If there is more than one VFS in use then the "fs" parameter must be supplied.
This reads the directories for the specified paths and freshens the directory cache.
If no paths are passed in then it will refresh the root directory.
rclone rc vfs/refresh
Otherwise pass directories in as dir=path. Any parameter key starting with dir will refresh that directory, e.g.
rclone rc vfs/refresh dir=home/junk dir2=data/misc
If the parameter recursive=true is given the whole directory tree will get refreshed. This refresh will use --fast-list if enabled.
This command takes an "fs" parameter. If this parameter is not supplied and if there is only one VFS in use then that VFS will be used. If there is more than one VFS in use then the "fs" parameter must be supplied.
Rclone implements a simple HTTP based protocol.
Each endpoint takes an JSON object and returns a JSON object or an error. The JSON objects are essentially a map of string names to values.
All calls must made using POST.
The input objects can be supplied using URL parameters, POST parameters or by supplying "Content-Type: application/json" and a JSON blob in the body. There are examples of these below using curl
.
The response will be a JSON blob in the body of the response. This is formatted to be reasonably human readable.
If an error occurs then there will be an HTTP error status (e.g. 500) and the body of the response will contain a JSON encoded error object, e.g.
{
"error": "Expecting string value for key \"remote\" (was float64)",
"input": {
"fs": "/tmp",
"remote": 3
},
"status": 400
"path": "operations/rmdir",
}
The keys in the error response are - error - error string - input - the input parameters to the call - status - the HTTP status code - path - the path of the call
The sever implements basic CORS support and allows all origins for that. The response to a preflight OPTIONS request will echo the requested "Access-Control-Request-Headers" back.
curl -X POST 'http://localhost:5572/rc/noop?potato=1&sausage=2'
Response
{
"potato": "1",
"sausage": "2"
}
Here is what an error response looks like:
curl -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
{
"error": "arbitrary error on input map[potato:1 sausage:2]",
"input": {
"potato": "1",
"sausage": "2"
}
}
Note that curl doesn't return errors to the shell unless you use the -f
option
$ curl -f -X POST 'http://localhost:5572/rc/error?potato=1&sausage=2'
curl: (22) The requested URL returned error: 400 Bad Request
$ echo $?
22
curl --data "potato=1" --data "sausage=2" http://localhost:5572/rc/noop
Response
{
"potato": "1",
"sausage": "2"
}
Note that you can combine these with URL parameters too with the POST parameters taking precedence.
curl --data "potato=1" --data "sausage=2" "http://localhost:5572/rc/noop?rutabaga=3&sausage=4"
Response
{
"potato": "1",
"rutabaga": "3",
"sausage": "4"
}
curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' http://localhost:5572/rc/noop
response
{
"password": "xyz",
"username": "xyz"
}
This can be combined with URL parameters too if required. The JSON blob takes precedence.
curl -H "Content-Type: application/json" -X POST -d '{"potato":2,"sausage":1}' 'http://localhost:5572/rc/noop?rutabaga=3&potato=4'
{
"potato": 2,
"rutabaga": "3",
"sausage": 1
}
If you use the --rc
flag this will also enable the use of the go profiling tools on the same port.
To use these, first install go.
To profile rclone's memory use you can run:
go tool pprof -web http://localhost:5572/debug/pprof/heap
This should open a page in your browser showing what is using what memory.
You can also use the -text
flag to produce a textual summary
$ go tool pprof -text http://localhost:5572/debug/pprof/heap
Showing nodes accounting for 1537.03kB, 100% of 1537.03kB total
flat flat% sum% cum cum%
1024.03kB 66.62% 66.62% 1024.03kB 66.62% github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.addDecoderNode
513kB 33.38% 100% 513kB 33.38% net/http.newBufioWriterSize
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/cmd/all.init
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/cmd/serve.init
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/cmd/serve/restic.init
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/vendor/golang.org/x/net/http2.init
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init
0 0% 100% 1024.03kB 66.62% github.com/rclone/rclone/vendor/golang.org/x/net/http2/hpack.init.0
0 0% 100% 1024.03kB 66.62% main.init
0 0% 100% 513kB 33.38% net/http.(*conn).readRequest
0 0% 100% 513kB 33.38% net/http.(*conn).serve
0 0% 100% 1024.03kB 66.62% runtime.main
Memory leaks are most often caused by go routine leaks keeping memory alive which should have been garbage collected.
See all active go routines using
curl http://localhost:5572/debug/pprof/goroutine?debug=1
Or go to http://localhost:5572/debug/pprof/goroutine?debug=1 in your browser.
You can see a summary of profiles available at http://localhost:5572/debug/pprof/
Here is how to use some of them:
go tool pprof http://localhost:5572/debug/pprof/heap
curl http://localhost:5572/debug/pprof/goroutine?debug=1
go tool pprof http://localhost:5572/debug/pprof/profile
wget http://localhost:5572/debug/pprof/trace?seconds=5
rclone rc debug/set-block-profile-rate rate=1
(docs)go tool pprof http://localhost:5572/debug/pprof/block
rclone rc debug/set-mutex-profile-fraction rate=1
(docs)go tool pprof http://localhost:5572/debug/pprof/mutex
See the net/http/pprof docs for more info on how to use the profiling and for a general overview see the Go team's blog post on profiling go programs.
The profiling hook is zero overhead unless it is used.
Each cloud storage system is slightly different. Rclone attempts to provide a unified interface to them, but some underlying differences show through.
Here is an overview of the major features of each cloud storage system.
Name | Hash | ModTime | Case Insensitive | Duplicate Files | MIME Type |
---|---|---|---|---|---|
1Fichier | Whirlpool | No | No | Yes | R |
Amazon Drive | MD5 | No | Yes | No | R |
Amazon S3 | MD5 | Yes | No | No | R/W |
Backblaze B2 | SHA1 | Yes | No | No | R/W |
Box | SHA1 | Yes | Yes | No | - |
Citrix ShareFile | MD5 | Yes | Yes | No | - |
Dropbox | DBHASH ¹ | Yes | Yes | No | - |
Enterprise File Fabric | - | Yes | Yes | No | R/W |
FTP | - | No | No | No | - |
Google Cloud Storage | MD5 | Yes | No | No | R/W |
Google Drive | MD5 | Yes | No | Yes | R/W |
Google Photos | - | No | No | Yes | R |
HDFS | - | Yes | No | No | - |
HTTP | - | No | No | No | R |
Hubic | MD5 | Yes | No | No | R/W |
Jottacloud | MD5 | Yes | Yes | No | R |
Koofr | MD5 | No | Yes | No | - |
Mail.ru Cloud | Mailru ⁶ | Yes | Yes | No | - |
Mega | - | No | No | Yes | - |
Memory | MD5 | Yes | No | No | - |
Microsoft Azure Blob Storage | MD5 | Yes | No | No | R/W |
Microsoft OneDrive | SHA1 ⁵ | Yes | Yes | No | R |
OpenDrive | MD5 | Yes | Yes | Partial ⁸ | - |
OpenStack Swift | MD5 | Yes | No | No | R/W |
pCloud | MD5, SHA1 ⁷ | Yes | No | No | W |
premiumize.me | - | No | Yes | No | R |
put.io | CRC-32 | Yes | No | Yes | R |
QingStor | MD5 | No | No | No | R/W |
Seafile | - | No | No | No | - |
SFTP | MD5, SHA1 ² | Yes | Depends | No | - |
SugarSync | - | No | No | No | - |
Tardigrade | - | Yes | No | No | - |
Uptobox | - | No | No | Yes | - |
WebDAV | MD5, SHA1 ³ | Yes ⁴ | Depends | No | - |
Yandex Disk | MD5 | Yes | No | No | R |
Zoho WorkDrive | - | No | No | No | - |
The local filesystem | All | Yes | Depends | No | - |
¹ Dropbox supports its own custom hash. This is an SHA256 sum of all the 4 MiB block SHA256s.
² SFTP supports checksums if the same login has shell access and md5sum
or sha1sum
as well as echo
are in the remote's PATH.
³ WebDAV supports hashes when used with Owncloud and Nextcloud only.
⁴ WebDAV supports modtimes when used with Owncloud and Nextcloud only.
⁵ Microsoft OneDrive Personal supports SHA1 hashes, whereas OneDrive for business and SharePoint server support Microsoft's own QuickXorHash.
⁶ Mail.ru uses its own modified SHA1 hash
⁷ pCloud only supports SHA1 (not MD5) in its EU region
⁸ Opendrive does not support creation of duplicate files using their web client interface or other stock clients, but the underlying storage platform has been determined to allow duplicate files, and it is possible to create them with rclone
. It may be that this is a mistake or an unsupported feature.
The cloud storage system supports various hash types of the objects. The hashes are used when transferring data as an integrity check and can be specifically used with the --checksum
flag in syncs and in the check
command.
To use the verify checksums when transferring between cloud storage systems they must support a common hash type.
The cloud storage system supports setting modification times on objects. If it does then this enables a using the modification times as part of the sync. If not then only the size will be checked by default, though the MD5SUM can be checked with the --checksum
flag.
All cloud storage systems support some kind of date on the object and these will be set when transferring from the cloud storage system.
If a cloud storage systems is case sensitive then it is possible to have two files which differ only in case, e.g. file.txt
and FILE.txt
. If a cloud storage system is case insensitive then that isn't possible.
This can cause problems when syncing between a case insensitive system and a case sensitive system. The symptom of this is that no matter how many times you run the sync it never completes fully.
The local filesystem and SFTP may or may not be case sensitive depending on OS.
Most of the time this doesn't cause any problems as people tend to avoid files whose name differs only by case even on case sensitive systems.
If a cloud storage system allows duplicate files then it can have two objects with the same name.
This confuses rclone greatly when syncing - use the rclone dedupe
command to rename or remove duplicates.
Some cloud storage systems might have restrictions on the characters that are usable in file or directory names. When rclone
detects such a name during a file upload, it will transparently replace the restricted characters with similar looking Unicode characters.
This process is designed to avoid ambiguous file names as much as possible and allow to move files between many cloud storage systems transparently.
The name shown by rclone
to the user or during log output will only contain a minimal set of replaced characters to ensure correct formatting and not necessarily the actual name used on the cloud storage.
This transformation is reversed when downloading a file or parsing rclone
arguments. For example, when uploading a file named my file?.txt
to Onedrive will be displayed as my file?.txt
on the console, but stored as my file?.txt
(the ?
gets replaced by the similar looking ?
character) to Onedrive. The reverse transformation allows to read a fileunusual/name.txt
from Google Drive, by passing the name unusual/name.txt
(the /
needs to be replaced by the similar looking /
character) on the command line.
The table below shows the characters that are replaced by default.
When a replacement character is found in a filename, this character will be escaped with the ‛
character to avoid ambiguous file names. (e.g. a file named ␀.txt
would shown as ‛␀.txt
)
Each cloud storage backend can use a different set of characters, which will be specified in the documentation for each backend.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
SOH | 0x01 | ␁ |
STX | 0x02 | ␂ |
ETX | 0x03 | ␃ |
EOT | 0x04 | ␄ |
ENQ | 0x05 | ␅ |
ACK | 0x06 | ␆ |
BEL | 0x07 | ␇ |
BS | 0x08 | ␈ |
HT | 0x09 | ␉ |
LF | 0x0A | ␊ |
VT | 0x0B | ␋ |
FF | 0x0C | ␌ |
CR | 0x0D | ␍ |
SO | 0x0E | ␎ |
SI | 0x0F | ␏ |
DLE | 0x10 | ␐ |
DC1 | 0x11 | ␑ |
DC2 | 0x12 | ␒ |
DC3 | 0x13 | ␓ |
DC4 | 0x14 | ␔ |
NAK | 0x15 | ␕ |
SYN | 0x16 | ␖ |
ETB | 0x17 | ␗ |
CAN | 0x18 | ␘ |
EM | 0x19 | ␙ |
SUB | 0x1A | ␚ |
ESC | 0x1B | ␛ |
FS | 0x1C | ␜ |
GS | 0x1D | ␝ |
RS | 0x1E | ␞ |
US | 0x1F | ␟ |
/ | 0x2F | / |
DEL | 0x7F | ␡ |
The default encoding will also encode these file names as they are problematic with many cloud storage systems.
File name | Replacement |
---|---|
. | . |
.. | .. |
Some backends only support a sequence of well formed UTF-8 bytes as file or directory names.
In this case all invalid UTF-8 bytes will be replaced with a quoted representation of the byte value to allow uploading a file to such a backend. For example, the invalid byte 0xFE
will be encoded as ‛FE
.
A common source of invalid UTF-8 bytes are local filesystems, that store names in a different encoding than UTF-8 or UTF-16, like latin1. See the local filenames section for details.
Most backends have an encoding options, specified as a flag --backend-encoding
where backend
is the name of the backend, or as a config parameter encoding
(you'll need to select the Advanced config in rclone config
to see it).
This will have default value which encodes and decodes characters in such a way as to preserve the maximum number of characters (see above).
However this can be incorrect in some scenarios, for example if you have a Windows file system with characters such as *
and ?
that you want to remain as those characters on the remote rather than being translated to *
and ?
.
The --backend-encoding
flags allow you to change that. You can disable the encoding completely with --backend-encoding None
or set encoding = None
in the config file.
Encoding takes a comma separated list of encodings. You can see the list of all available characters by passing an invalid value to this flag, e.g. --local-encoding "help"
and rclone help flags encoding
will show you the defaults for the backends.
Encoding | Characters |
---|---|
Asterisk | * |
BackQuote | ` |
BackSlash | \ |
Colon | : |
CrLf | CR 0x0D, LF 0x0A |
Ctl | All control characters 0x00-0x1F |
Del | DEL 0x7F |
Dollar | $ |
Dot | . |
DoubleQuote | " |
Hash | # |
InvalidUtf8 | An invalid UTF-8 character (e.g. latin1) |
LeftCrLfHtVt | CR 0x0D, LF 0x0A,HT 0x09, VT 0x0B on the left of a string |
LeftPeriod | . on the left of a string |
LeftSpace | SPACE on the left of a string |
LeftTilde | ~ on the left of a string |
LtGt | < , > |
None | No characters are encoded |
Percent | % |
Pipe | | |
Question | ? |
RightCrLfHtVt | CR 0x0D, LF 0x0A, HT 0x09, VT 0x0B on the right of a string |
RightPeriod | . on the right of a string |
RightSpace | SPACE on the right of a string |
SingleQuote | ' |
Slash | / |
To take a specific example, the FTP backend's default encoding is
--ftp-encoding "Slash,Del,Ctl,RightSpace,Dot"
However, let's say the FTP server is running on Windows and can't have any of the invalid Windows characters in file names. You are backing up Linux servers to this FTP server which do have those characters in file names. So you would add the Windows set which are
Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
to the existing ones, giving:
Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot,Del,RightSpace
This can be specified using the --ftp-encoding
flag or using an encoding
parameter in the config file.
Or let's say you have a Windows server but you want to preserve *
and ?
, you would then have this as the encoding (the Windows encoding minus Asterisk
and Question
).
Slash,LtGt,DoubleQuote,Colon,Pipe,BackSlash,Ctl,RightSpace,RightPeriod,InvalidUtf8,Dot
This can be specified using the --local-encoding
flag or using an encoding
parameter in the config file.
MIME types (also known as media types) classify types of documents using a simple text classification, e.g. text/html
or application/pdf
.
Some cloud storage systems support reading (R
) the MIME type of objects and some support writing (W
) the MIME type of objects.
The MIME type can be important if you are serving files directly to HTTP from the storage system.
If you are copying from a remote which supports reading (R
) to a remote which supports writing (W
) then rclone will preserve the MIME types. Otherwise they will be guessed from the extension, or the remote itself may assign the MIME type.
All rclone remotes support a base command set. Other features depend upon backend specific capabilities.
Name | Purge | Copy | Move | DirMove | CleanUp | ListR | StreamUpload | LinkSharing | About | EmptyDir |
---|---|---|---|---|---|---|---|---|---|---|
1Fichier | No | Yes | Yes | No | No | No | No | Yes | No | Yes |
Amazon Drive | Yes | No | Yes | Yes | No | No | No | No | No | Yes |
Amazon S3 | No | Yes | No | No | Yes | Yes | Yes | Yes | No | No |
Backblaze B2 | No | Yes | No | No | Yes | Yes | Yes | Yes | No | No |
Box | Yes | Yes | Yes | Yes | Yes ‡‡ | No | Yes | Yes | Yes | Yes |
Citrix ShareFile | Yes | Yes | Yes | Yes | No | No | Yes | No | No | Yes |
Dropbox | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes |
Enterprise File Fabric | Yes | Yes | Yes | Yes | Yes | No | No | No | No | Yes |
FTP | No | No | Yes | Yes | No | No | Yes | No | No | Yes |
Google Cloud Storage | Yes | Yes | No | No | No | Yes | Yes | No | No | No |
Google Drive | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Google Photos | No | No | No | No | No | No | No | No | No | No |
HDFS | Yes | No | No | No | No | No | Yes | No | Yes | Yes |
HTTP | No | No | No | No | No | No | No | No | No | Yes |
Hubic | Yes † | Yes | No | No | No | Yes | Yes | No | Yes | No |
Jottacloud | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes |
Mail.ru Cloud | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes |
Mega | Yes | No | Yes | Yes | Yes | No | No | Yes | Yes | Yes |
Memory | No | Yes | No | No | No | Yes | Yes | No | No | No |
Microsoft Azure Blob Storage | Yes | Yes | No | No | No | Yes | Yes | No | No | No |
Microsoft OneDrive | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes |
OpenDrive | Yes | Yes | Yes | Yes | No | No | No | No | No | Yes |
OpenStack Swift | Yes † | Yes | No | No | No | Yes | Yes | No | Yes | No |
pCloud | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes |
premiumize.me | Yes | No | Yes | Yes | No | No | No | Yes | Yes | Yes |
put.io | Yes | No | Yes | Yes | Yes | No | Yes | No | Yes | Yes |
QingStor | No | Yes | No | No | Yes | Yes | No | No | No | No |
Seafile | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
SFTP | No | No | Yes | Yes | No | No | Yes | No | Yes | Yes |
SugarSync | Yes | Yes | Yes | Yes | No | No | Yes | Yes | No | Yes |
Tardigrade | Yes † | No | No | No | No | Yes | Yes | No | No | No |
Uptobox | No | Yes | Yes | Yes | No | No | No | No | No | No |
WebDAV | Yes | Yes | Yes | Yes | No | No | Yes ‡ | No | Yes | Yes |
Yandex Disk | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes |
Zoho WorkDrive | Yes | Yes | Yes | Yes | No | No | No | No | Yes | Yes |
The local filesystem | Yes | No | Yes | Yes | No | No | Yes | No | Yes | Yes |
This deletes a directory quicker than just deleting all the files in the directory.
† Note Swift, Hubic, and Tardigrade implement this in order to delete directory markers but they don't actually have a quicker way of deleting files other than deleting them individually.
‡ StreamUpload is not supported with Nextcloud
Used when copying an object to and from the same remote. This known as a server-side copy so you can copy a file without downloading it and uploading it again. It is used if you use rclone copy
or rclone move
if the remote doesn't support Move
directly.
If the server doesn't support Copy
directly then for copy operations the file is downloaded then re-uploaded.
Used when moving/renaming an object on the same remote. This is known as a server-side move of a file. This is used in rclone move
if the server doesn't support DirMove
.
If the server isn't capable of Move
then rclone simulates it with Copy
then delete. If the server doesn't support Copy
then rclone will download the file and re-upload it.
This is used to implement rclone move
to move a directory if possible. If it isn't then it will use Move
on each file (which falls back to Copy
then download and upload - see Move
section).
This is used for emptying the trash for a remote by rclone cleanup
.
If the server can't do CleanUp
then rclone cleanup
will return an error.
‡‡ Note that while Box implements this it has to delete every file individually so it will be slower than emptying the trash via the WebUI
The remote supports a recursive list to list all the contents beneath a directory quickly. This enables the --fast-list
flag to work. See the rclone docs for more details.
Some remotes allow files to be uploaded without knowing the file size in advance. This allows certain operations to work without spooling the file to local disk first, e.g. rclone rcat
.
Sets the necessary permissions on a file or folder and prints a link that allows others to access them, even if they don't have an account on the particular cloud provider.
Rclone about
prints quota information for a remote. Typical output includes bytes used, free, quota and in trash.
If a remote lacks about capability rclone about remote:
returns an error.
Backends without about capability cannot determine free space for an rclone mount, or use policy mfs
(most free space) as a member of an rclone union remote.
The remote supports empty directories. See Limitations for details. Most Object/Bucket based remotes do not support this.
This describes the global flags available to every rclone command split into two groups, non backend and backend flags.
These flags are available for every command.
--ask-password Allow prompt for password for encrypted configuration. (default true)
--auto-confirm If enabled, do not request console confirmation.
--backup-dir string Make backups into hierarchy based in DIR.
--bind string Local address to bind to for outgoing connections, IPv4, IPv6 or name.
--buffer-size SizeSuffix In memory buffer size when reading files for each --transfer. (default 16Mi)
--bwlimit BwTimetable Bandwidth limit in KiByte/s, or use suffix B|K|M|G|T|P or a full timetable.
--bwlimit-file BwTimetable Bandwidth limit per file in KiByte/s, or use suffix B|K|M|G|T|P or a full timetable.
--ca-cert string CA certificate used to verify servers
--cache-dir string Directory rclone will use for caching. (default "$HOME/.cache/rclone")
--check-first Do all the checks before starting transfers.
--checkers int Number of checkers to run in parallel. (default 8)
-c, --checksum Skip based on checksum (if available) & size, not mod-time & size
--client-cert string Client SSL certificate (PEM) for mutual TLS auth
--client-key string Client SSL private key (PEM) for mutual TLS auth
--compare-dest stringArray Include additional comma separated server-side paths during comparison.
--config string Config file. (default "$HOME/.config/rclone/rclone.conf")
--contimeout duration Connect timeout (default 1m0s)
--copy-dest stringArray Implies --compare-dest but also copies files from paths into destination.
--cpuprofile string Write cpu profile to file
--cutoff-mode string Mode to stop transfers when reaching the max transfer limit HARD|SOFT|CAUTIOUS (default "HARD")
--delete-after When synchronizing, delete files on destination after transferring (default)
--delete-before When synchronizing, delete files on destination before transferring
--delete-during When synchronizing, delete files during transfer
--delete-excluded Delete files on dest excluded from sync
--disable string Disable a comma separated list of features. Use --disable help to see a list.
--disable-http2 Disable HTTP/2 in the global transport.
-n, --dry-run Do a trial run with no permanent changes
--dscp string Set DSCP value to connections. Can be value or names, eg. CS1, LE, DF, AF21.
--dump DumpFlags List of items to dump from: headers,bodies,requests,responses,auth,filters,goroutines,openfiles
--dump-bodies Dump HTTP headers and bodies - may contain sensitive info
--dump-headers Dump HTTP headers - may contain sensitive info
--error-on-no-transfer Sets exit code 9 if no files are transferred, useful in scripts
--exclude stringArray Exclude files matching pattern
--exclude-from stringArray Read exclude patterns from file (use - to read from stdin)
--exclude-if-present string Exclude directories if filename is present
--expect-continue-timeout duration Timeout when using expect / 100-continue in HTTP (default 1s)
--fast-list Use recursive list if available. Uses more memory but fewer transactions.
--files-from stringArray Read list of source-file names from file (use - to read from stdin)
--files-from-raw stringArray Read list of source-file names from file without any processing of lines (use - to read from stdin)
-f, --filter stringArray Add a file-filtering rule
--filter-from stringArray Read filtering patterns from a file (use - to read from stdin)
--fs-cache-expire-duration duration cache remotes for this long (0 to disable caching) (default 5m0s)
--fs-cache-expire-interval duration interval to check for expired remotes (default 1m0s)
--header stringArray Set HTTP header for all transactions
--header-download stringArray Set HTTP header for download transactions
--header-upload stringArray Set HTTP header for upload transactions
--ignore-case Ignore case in filters (case insensitive)
--ignore-case-sync Ignore case when synchronizing
--ignore-checksum Skip post copy check of checksums.
--ignore-errors delete even if there are I/O errors
--ignore-existing Skip all files that exist on destination
--ignore-size Ignore size when skipping use mod-time or checksum.
-I, --ignore-times Don't skip files that match size and time - transfer all files
--immutable Do not modify files. Fail if existing files have been modified.
--include stringArray Include files matching pattern
--include-from stringArray Read include patterns from file (use - to read from stdin)
-i, --interactive Enable interactive mode
--log-file string Log everything to this file
--log-format string Comma separated list of log format options (default "date,time")
--log-level string Log level DEBUG|INFO|NOTICE|ERROR (default "NOTICE")
--log-systemd Activate systemd integration for the logger.
--low-level-retries int Number of low level retries to do. (default 10)
--max-age Duration Only transfer files younger than this in s or suffix ms|s|m|h|d|w|M|y (default off)
--max-backlog int Maximum number of objects in sync or check backlog. (default 10000)
--max-delete int When synchronizing, limit the number of deletes (default -1)
--max-depth int If set limits the recursion depth to this. (default -1)
--max-duration duration Maximum duration rclone will transfer data for.
--max-size SizeSuffix Only transfer files smaller than this in KiB or suffix B|K|M|G|T|P (default off)
--max-stats-groups int Maximum number of stats groups to keep in memory. On max oldest is discarded. (default 1000)
--max-transfer SizeSuffix Maximum size of data to transfer. (default off)
--memprofile string Write memory profile to file
--min-age Duration Only transfer files older than this in s or suffix ms|s|m|h|d|w|M|y (default off)
--min-size SizeSuffix Only transfer files bigger than this in KiB or suffix B|K|M|G|T|P (default off)
--modify-window duration Max time diff to be considered the same (default 1ns)
--multi-thread-cutoff SizeSuffix Use multi-thread downloads for files above this size. (default 250Mi)
--multi-thread-streams int Max number of streams to use for multi-thread downloads. (default 4)
--no-check-certificate Do not verify the server SSL certificate. Insecure.
--no-check-dest Don't check the destination, copy regardless.
--no-console Hide console window. Supported on Windows only.
--no-gzip-encoding Don't set Accept-Encoding: gzip.
--no-traverse Don't traverse destination file system on copy.
--no-unicode-normalization Don't normalize unicode characters in filenames.
--no-update-modtime Don't update destination mod-time if files identical.
--order-by string Instructions on how to order the transfers, e.g. 'size,descending'
--password-command SpaceSepList Command for supplying password for encrypted configuration.
-P, --progress Show progress during transfer.
--progress-terminal-title Show progress on the terminal title. Requires -P/--progress.
-q, --quiet Print as little stuff as possible
--rc Enable the remote control server.
--rc-addr string IPaddress:Port or :Port to bind server to. (default "localhost:5572")
--rc-allow-origin string Set the allowed origin for CORS.
--rc-baseurl string Prefix for URLs - leave blank for root.
--rc-cert string SSL PEM key (concatenation of certificate and CA certificate)
--rc-client-ca string Client certificate authority to verify clients with
--rc-enable-metrics Enable prometheus metrics on /metrics
--rc-files string Path to local files to serve on the HTTP server.
--rc-htpasswd string htpasswd file - if not provided no authentication is done
--rc-job-expire-duration duration expire finished async jobs older than this value (default 1m0s)
--rc-job-expire-interval duration interval to check for expired async jobs (default 10s)
--rc-key string SSL PEM Private key
--rc-max-header-bytes int Maximum size of request header (default 4096)
--rc-no-auth Don't require auth for certain methods.
--rc-pass string Password for authentication.
--rc-realm string realm for authentication (default "rclone")
--rc-serve Enable the serving of remote objects.
--rc-server-read-timeout duration Timeout for server reading data (default 1h0m0s)
--rc-server-write-timeout duration Timeout for server writing data (default 1h0m0s)
--rc-template string User Specified Template.
--rc-user string User name for authentication.
--rc-web-fetch-url string URL to fetch the releases for webgui. (default "https://api.github.com/repos/rclone/rclone-webui-react/releases/latest")
--rc-web-gui Launch WebGUI on localhost
--rc-web-gui-force-update Force update to latest version of web gui
--rc-web-gui-no-open-browser Don't open the browser automatically
--rc-web-gui-update Check and update to latest version of web gui
--refresh-times Refresh the modtime of remote files.
--retries int Retry operations this many times if they fail (default 3)
--retries-sleep duration Interval between retrying operations if they fail, e.g 500ms, 60s, 5m. (0 to disable)
--size-only Skip based on size only, not mod-time or checksum
--stats duration Interval between printing stats, e.g 500ms, 60s, 5m. (0 to disable) (default 1m0s)
--stats-file-name-length int Max file name length in stats. 0 for no limit (default 45)
--stats-log-level string Log level to show --stats output DEBUG|INFO|NOTICE|ERROR (default "INFO")
--stats-one-line Make the stats fit on one line.
--stats-one-line-date Enables --stats-one-line and add current date/time prefix.
--stats-one-line-date-format string Enables --stats-one-line-date and uses custom formatted date. Enclose date string in double quotes ("). See https://golang.org/pkg/time/#Time.Format
--stats-unit string Show data rate in stats as either 'bits' or 'bytes' per second (default "bytes")
--streaming-upload-cutoff SizeSuffix Cutoff for switching to chunked upload if file size is unknown. Upload starts after reaching cutoff or when file ends. (default 100Ki)
--suffix string Suffix to add to changed files.
--suffix-keep-extension Preserve the extension when using --suffix.
--syslog Use Syslog for logging
--syslog-facility string Facility for syslog, e.g. KERN,USER,... (default "DAEMON")
--timeout duration IO idle timeout (default 5m0s)
--tpslimit float Limit HTTP transactions per second to this.
--tpslimit-burst int Max burst of transactions for --tpslimit. (default 1)
--track-renames When synchronizing, track file renames and do a server-side move if possible
--track-renames-strategy string Strategies to use when synchronizing using track-renames hash|modtime|leaf (default "hash")
--transfers int Number of file transfers to run in parallel. (default 4)
-u, --update Skip files that are newer on the destination.
--use-cookies Enable session cookiejar.
--use-json-log Use json log format.
--use-mmap Use mmap allocator (see docs).
--use-server-modtime Use server modified time instead of object metadata
--user-agent string Set the user-agent to a specified string. The default is rclone/ version (default "rclone/v1.56.0")
-v, --verbose count Print lots more stuff (repeat for more)
These flags are available for every command. They control the backends and may be set in the config file.
--acd-auth-url string Auth server URL.
--acd-client-id string OAuth Client Id
--acd-client-secret string OAuth Client Secret
--acd-encoding MultiEncoder This sets the encoding for the backend. (default Slash,InvalidUtf8,Dot)
--acd-templink-threshold SizeSuffix Files >= this size will be downloaded via their tempLink. (default 9Gi)
--acd-token string OAuth Access Token as a JSON blob.
--acd-token-url string Token server url.
--acd-upload-wait-per-gb Duration Additional time per GiB to wait after a failed complete upload to see if it appears. (default 3m0s)
--alias-remote string Remote or path to alias.
--azureblob-access-tier string Access tier of blob: hot, cool or archive.
--azureblob-account string Storage Account Name (leave blank to use SAS URL or Emulator)
--azureblob-archive-tier-delete Delete archive tier blobs before overwriting.
--azureblob-chunk-size SizeSuffix Upload chunk size (<= 100 MiB). (default 4Mi)
--azureblob-disable-checksum Don't store MD5 checksum with object metadata.
--azureblob-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,RightPeriod,InvalidUtf8)
--azureblob-endpoint string Endpoint for the service
--azureblob-key string Storage Account Key (leave blank to use SAS URL or Emulator)
--azureblob-list-chunk int Size of blob list. (default 5000)
--azureblob-memory-pool-flush-time Duration How often internal memory buffer pools will be flushed. (default 1m0s)
--azureblob-memory-pool-use-mmap Whether to use mmap buffers in internal memory pool.
--azureblob-msi-client-id string Object ID of the user-assigned MSI to use, if any. Leave blank if msi_object_id or msi_mi_res_id specified.
--azureblob-msi-mi-res-id string Azure resource ID of the user-assigned MSI to use, if any. Leave blank if msi_client_id or msi_object_id specified.
--azureblob-msi-object-id string Object ID of the user-assigned MSI to use, if any. Leave blank if msi_client_id or msi_mi_res_id specified.
--azureblob-public-access string Public access level of a container: blob, container.
--azureblob-sas-url string SAS URL for container level access only
--azureblob-service-principal-file string Path to file containing credentials for use with a service principal.
--azureblob-upload-cutoff string Cutoff for switching to chunked upload (<= 256 MiB). (Deprecated)
--azureblob-use-emulator Uses local storage emulator if provided as 'true' (leave blank if using real azure storage endpoint)
--azureblob-use-msi Use a managed service identity to authenticate (only works in Azure)
--b2-account string Account ID or Application Key ID
--b2-chunk-size SizeSuffix Upload chunk size. Must fit in memory. (default 96Mi)
--b2-copy-cutoff SizeSuffix Cutoff for switching to multipart copy (default 4Gi)
--b2-disable-checksum Disable checksums for large (> upload cutoff) files
--b2-download-auth-duration Duration Time before the authorization token will expire in s or suffix ms|s|m|h|d. (default 1w)
--b2-download-url string Custom endpoint for downloads.
--b2-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--b2-endpoint string Endpoint for the service.
--b2-hard-delete Permanently delete files on remote removal, otherwise hide files.
--b2-key string Application Key
--b2-memory-pool-flush-time Duration How often internal memory buffer pools will be flushed. (default 1m0s)
--b2-memory-pool-use-mmap Whether to use mmap buffers in internal memory pool.
--b2-test-mode string A flag string for X-Bz-Test-Mode header for debugging.
--b2-upload-cutoff SizeSuffix Cutoff for switching to chunked upload. (default 200Mi)
--b2-versions Include old versions in directory listings.
--box-access-token string Box App Primary Access Token
--box-auth-url string Auth server URL.
--box-box-config-file string Box App config.json location
--box-box-sub-type string (default "user")
--box-client-id string OAuth Client Id
--box-client-secret string OAuth Client Secret
--box-commit-retries int Max number of times to try committing a multipart file. (default 100)
--box-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,RightSpace,InvalidUtf8,Dot)
--box-root-folder-id string Fill in for rclone to use a non root folder as its starting point.
--box-token string OAuth Access Token as a JSON blob.
--box-token-url string Token server url.
--box-upload-cutoff SizeSuffix Cutoff for switching to multipart upload (>= 50 MiB). (default 50Mi)
--cache-chunk-clean-interval Duration How often should the cache perform cleanups of the chunk storage. (default 1m0s)
--cache-chunk-no-memory Disable the in-memory cache for storing chunks during streaming.
--cache-chunk-path string Directory to cache chunk files. (default "$HOME/.cache/rclone/cache-backend")
--cache-chunk-size SizeSuffix The size of a chunk (partial file data). (default 5Mi)
--cache-chunk-total-size SizeSuffix The total size that the chunks can take up on the local disk. (default 10Gi)
--cache-db-path string Directory to store file structure metadata DB. (default "$HOME/.cache/rclone/cache-backend")
--cache-db-purge Clear all the cached data for this remote on start.
--cache-db-wait-time Duration How long to wait for the DB to be available - 0 is unlimited (default 1s)
--cache-info-age Duration How long to cache file structure information (directory listings, file size, times, etc.). (default 6h0m0s)
--cache-plex-insecure string Skip all certificate verification when connecting to the Plex server
--cache-plex-password string The password of the Plex user (obscured)
--cache-plex-url string The URL of the Plex server
--cache-plex-username string The username of the Plex user
--cache-read-retries int How many times to retry a read from a cache storage. (default 10)
--cache-remote string Remote to cache.
--cache-rps int Limits the number of requests per second to the source FS (-1 to disable) (default -1)
--cache-tmp-upload-path string Directory to keep temporary files until they are uploaded.
--cache-tmp-wait-time Duration How long should files be stored in local cache before being uploaded (default 15s)
--cache-workers int How many workers should run in parallel to download chunks. (default 4)
--cache-writes Cache file data on writes through the FS
--chunker-chunk-size SizeSuffix Files larger than chunk size will be split in chunks. (default 2Gi)
--chunker-fail-hard Choose how chunker should handle files with missing or invalid chunks.
--chunker-hash-type string Choose how chunker handles hash sums. All modes but "none" require metadata. (default "md5")
--chunker-remote string Remote to chunk/unchunk.
--compress-level int GZIP compression level (-2 to 9). (default -1)
--compress-mode string Compression mode. (default "gzip")
--compress-ram-cache-limit SizeSuffix Some remotes don't allow the upload of files with unknown size. (default 20Mi)
--compress-remote string Remote to compress.
-L, --copy-links Follow symlinks and copy the pointed to item.
--crypt-directory-name-encryption Option to either encrypt directory names or leave them intact. (default true)
--crypt-filename-encryption string How to encrypt the filenames. (default "standard")
--crypt-no-data-encryption Option to either encrypt file data or leave it unencrypted.
--crypt-password string Password or pass phrase for encryption. (obscured)
--crypt-password2 string Password or pass phrase for salt. Optional but recommended. (obscured)
--crypt-remote string Remote to encrypt/decrypt.
--crypt-server-side-across-configs Allow server-side operations (e.g. copy) to work across different crypt configs.
--crypt-show-mapping For all files listed show how the names encrypt.
--drive-acknowledge-abuse Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
--drive-allow-import-name-change Allow the filetype to change when uploading Google docs (e.g. file.doc to file.docx). This will confuse sync and reupload every time.
--drive-auth-owner-only Only consider files owned by the authenticated user.
--drive-auth-url string Auth server URL.
--drive-chunk-size SizeSuffix Upload chunk size. Must a power of 2 >= 256k. (default 8Mi)
--drive-client-id string Google Application Client Id
--drive-client-secret string OAuth Client Secret
--drive-disable-http2 Disable drive using http2 (default true)
--drive-encoding MultiEncoder This sets the encoding for the backend. (default InvalidUtf8)
--drive-export-formats string Comma separated list of preferred formats for downloading Google docs. (default "docx,xlsx,pptx,svg")
--drive-formats string Deprecated: see export_formats
--drive-impersonate string Impersonate this user when using a service account.
--drive-import-formats string Comma separated list of preferred formats for uploading Google docs.
--drive-keep-revision-forever Keep new head revision of each file forever.
--drive-list-chunk int Size of listing chunk 100-1000. 0 to disable. (default 1000)
--drive-pacer-burst int Number of API calls to allow without sleeping. (default 100)
--drive-pacer-min-sleep Duration Minimum time to sleep between API calls. (default 100ms)
--drive-root-folder-id string ID of the root folder
--drive-scope string Scope that rclone should use when requesting access from drive.
--drive-server-side-across-configs Allow server-side operations (e.g. copy) to work across different drive configs.
--drive-service-account-credentials string Service Account Credentials JSON blob
--drive-service-account-file string Service Account Credentials JSON file path
--drive-shared-with-me Only show files that are shared with me.
--drive-size-as-quota Show sizes as storage quota usage, not actual size.
--drive-skip-checksum-gphotos Skip MD5 checksum on Google photos and videos only.
--drive-skip-gdocs Skip google documents in all listings.
--drive-skip-shortcuts If set skip shortcut files
--drive-starred-only Only show files that are starred.
--drive-stop-on-download-limit Make download limit errors be fatal
--drive-stop-on-upload-limit Make upload limit errors be fatal
--drive-team-drive string ID of the Shared Drive (Team Drive)
--drive-token string OAuth Access Token as a JSON blob.
--drive-token-url string Token server url.
--drive-trashed-only Only show files that are in the trash.
--drive-upload-cutoff SizeSuffix Cutoff for switching to chunked upload (default 8Mi)
--drive-use-created-date Use file created date instead of modified date.,
--drive-use-shared-date Use date file was shared instead of modified date.
--drive-use-trash Send files to the trash instead of deleting permanently. (default true)
--drive-v2-download-min-size SizeSuffix If Object's are greater, use drive v2 API to download. (default off)
--dropbox-auth-url string Auth server URL.
--dropbox-batch-mode string Upload file batching sync|async|off. (default "sync")
--dropbox-batch-size int Max number of files in upload batch.
--dropbox-batch-timeout Duration Max time to allow an idle upload batch before uploading (default 0s)
--dropbox-chunk-size SizeSuffix Upload chunk size. (< 150Mi). (default 48Mi)
--dropbox-client-id string OAuth Client Id
--dropbox-client-secret string OAuth Client Secret
--dropbox-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,RightSpace,InvalidUtf8,Dot)
--dropbox-impersonate string Impersonate this user when using a business account.
--dropbox-shared-files Instructs rclone to work on individual shared files.
--dropbox-shared-folders Instructs rclone to work on shared folders.
--dropbox-token string OAuth Access Token as a JSON blob.
--dropbox-token-url string Token server url.
--fichier-api-key string Your API Key, get it from https://1fichier.com/console/params.pl
--fichier-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,SingleQuote,BackQuote,Dollar,BackSlash,Del,Ctl,LeftSpace,RightSpace,InvalidUtf8,Dot)
--fichier-file-password string If you want to download a shared file that is password protected, add this parameter (obscured)
--fichier-folder-password string If you want to list the files in a shared folder that is password protected, add this parameter (obscured)
--fichier-shared-folder string If you want to download a shared folder, add this parameter
--filefabric-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Del,Ctl,InvalidUtf8,Dot)
--filefabric-permanent-token string Permanent Authentication Token
--filefabric-root-folder-id string ID of the root folder
--filefabric-token string Session Token
--filefabric-token-expiry string Token expiry time
--filefabric-url string URL of the Enterprise File Fabric to connect to
--filefabric-version string Version read from the file fabric
--ftp-close-timeout Duration Maximum time to wait for a response to close. (default 1m0s)
--ftp-concurrency int Maximum number of FTP simultaneous connections, 0 for unlimited
--ftp-disable-epsv Disable using EPSV even if server advertises support
--ftp-disable-mlsd Disable using MLSD even if server advertises support
--ftp-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Del,Ctl,RightSpace,Dot)
--ftp-explicit-tls Use Explicit FTPS (FTP over TLS)
--ftp-host string FTP host to connect to
--ftp-idle-timeout Duration Max time before closing idle connections (default 1m0s)
--ftp-no-check-certificate Do not verify the TLS certificate of the server
--ftp-pass string FTP password (obscured)
--ftp-port string FTP port, leave blank to use default (21)
--ftp-tls Use Implicit FTPS (FTP over TLS)
--ftp-user string FTP username, leave blank for current username, $USER
--gcs-anonymous Access public buckets and objects without credentials
--gcs-auth-url string Auth server URL.
--gcs-bucket-acl string Access Control List for new buckets.
--gcs-bucket-policy-only Access checks should use bucket-level IAM policies.
--gcs-client-id string OAuth Client Id
--gcs-client-secret string OAuth Client Secret
--gcs-encoding MultiEncoder This sets the encoding for the backend. (default Slash,CrLf,InvalidUtf8,Dot)
--gcs-location string Location for the newly created buckets.
--gcs-object-acl string Access Control List for new objects.
--gcs-project-number string Project number.
--gcs-service-account-file string Service Account Credentials JSON file path
--gcs-storage-class string The storage class to use when storing objects in Google Cloud Storage.
--gcs-token string OAuth Access Token as a JSON blob.
--gcs-token-url string Token server url.
--gphotos-auth-url string Auth server URL.
--gphotos-client-id string OAuth Client Id
--gphotos-client-secret string OAuth Client Secret
--gphotos-include-archived Also view and download archived media.
--gphotos-read-only Set to make the Google Photos backend read only.
--gphotos-read-size Set to read the size of media items.
--gphotos-start-year int Year limits the photos to be downloaded to those which are uploaded after the given year (default 2000)
--gphotos-token string OAuth Access Token as a JSON blob.
--gphotos-token-url string Token server url.
--hdfs-data-transfer-protection string Kerberos data transfer protection: authentication|integrity|privacy
--hdfs-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Colon,Del,Ctl,InvalidUtf8,Dot)
--hdfs-namenode string hadoop name node and port
--hdfs-service-principal-name string Kerberos service principal name for the namenode
--hdfs-username string hadoop user name
--http-headers CommaSepList Set HTTP headers for all transactions
--http-no-head Don't use HEAD requests to find file sizes in dir listing
--http-no-slash Set this if the site doesn't end directories with /
--http-url string URL of http host to connect to
--hubic-auth-url string Auth server URL.
--hubic-chunk-size SizeSuffix Above this size files will be chunked into a _segments container. (default 5Gi)
--hubic-client-id string OAuth Client Id
--hubic-client-secret string OAuth Client Secret
--hubic-encoding MultiEncoder This sets the encoding for the backend. (default Slash,InvalidUtf8)
--hubic-no-chunk Don't chunk files during streaming upload.
--hubic-token string OAuth Access Token as a JSON blob.
--hubic-token-url string Token server url.
--jottacloud-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Del,Ctl,InvalidUtf8,Dot)
--jottacloud-hard-delete Delete files permanently rather than putting them into the trash.
--jottacloud-md5-memory-limit SizeSuffix Files bigger than this will be cached on disk to calculate the MD5 if required. (default 10Mi)
--jottacloud-no-versions Avoid server side versioning by deleting files and recreating files instead of overwriting them.
--jottacloud-trashed-only Only show files that are in the trash.
--jottacloud-upload-resume-limit SizeSuffix Files bigger than this can be resumed if the upload fail's. (default 10Mi)
--koofr-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--koofr-endpoint string The Koofr API endpoint to use (default "https://app.koofr.net")
--koofr-mountid string Mount ID of the mount to use. If omitted, the primary mount is used.
--koofr-password string Your Koofr password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password) (obscured)
--koofr-setmtime Does the backend support setting modification time. Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend. (default true)
--koofr-user string Your Koofr user name
-l, --links Translate symlinks to/from regular files with a '.rclonelink' extension
--local-case-insensitive Force the filesystem to report itself as case insensitive
--local-case-sensitive Force the filesystem to report itself as case sensitive.
--local-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Dot)
--local-no-check-updated Don't check to see if the files change during upload
--local-no-preallocate Disable preallocation of disk space for transferred files
--local-no-set-modtime Disable setting modtime
--local-no-sparse Disable sparse files for multi-thread downloads
--local-nounc string Disable UNC (long path names) conversion on Windows
--local-unicode-normalization Apply unicode NFC normalization to paths and filenames
--local-zero-size-links Assume the Stat size of links is zero (and read them instead) (Deprecated)
--mailru-check-hash What should copy do if file checksum is mismatched or invalid (default true)
--mailru-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--mailru-pass string Password (obscured)
--mailru-speedup-enable Skip full upload if there is another file with same data hash. (default true)
--mailru-speedup-file-patterns string Comma separated list of file name patterns eligible for speedup (put by hash). (default "*.mkv,*.avi,*.mp4,*.mp3,*.zip,*.gz,*.rar,*.pdf")
--mailru-speedup-max-disk SizeSuffix This option allows you to disable speedup (put by hash) for large files (default 3Gi)
--mailru-speedup-max-memory SizeSuffix Files larger than the size given below will always be hashed on disk. (default 32Mi)
--mailru-user string User name (usually email)
--mega-debug Output more debug from Mega.
--mega-encoding MultiEncoder This sets the encoding for the backend. (default Slash,InvalidUtf8,Dot)
--mega-hard-delete Delete files permanently rather than putting them into the trash.
--mega-pass string Password. (obscured)
--mega-user string User name
-x, --one-file-system Don't cross filesystem boundaries (unix/macOS only).
--onedrive-auth-url string Auth server URL.
--onedrive-chunk-size SizeSuffix Chunk size to upload files with - must be multiple of 320k (327,680 bytes). (default 10Mi)
--onedrive-client-id string OAuth Client Id
--onedrive-client-secret string OAuth Client Secret
--onedrive-drive-id string The ID of the drive to use
--onedrive-drive-type string The type of the drive ( personal | business | documentLibrary )
--onedrive-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8,Dot)
--onedrive-expose-onenote-files Set to make OneNote files show up in directory listings.
--onedrive-link-password string Set the password for links created by the link command.
--onedrive-link-scope string Set the scope of the links created by the link command. (default "anonymous")
--onedrive-link-type string Set the type of the links created by the link command. (default "view")
--onedrive-list-chunk int Size of listing chunk. (default 1000)
--onedrive-no-versions Remove all versions on modifying operations
--onedrive-region string Choose national cloud region for OneDrive. (default "global")
--onedrive-server-side-across-configs Allow server-side operations (e.g. copy) to work across different onedrive configs.
--onedrive-token string OAuth Access Token as a JSON blob.
--onedrive-token-url string Token server url.
--opendrive-chunk-size SizeSuffix Files will be uploaded in chunks this size. (default 10Mi)
--opendrive-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,LeftSpace,LeftCrLfHtVt,RightSpace,RightCrLfHtVt,InvalidUtf8,Dot)
--opendrive-password string Password. (obscured)
--opendrive-username string Username
--pcloud-auth-url string Auth server URL.
--pcloud-client-id string OAuth Client Id
--pcloud-client-secret string OAuth Client Secret
--pcloud-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--pcloud-hostname string Hostname to connect to. (default "api.pcloud.com")
--pcloud-root-folder-id string Fill in for rclone to use a non root folder as its starting point. (default "d0")
--pcloud-token string OAuth Access Token as a JSON blob.
--pcloud-token-url string Token server url.
--premiumizeme-encoding MultiEncoder This sets the encoding for the backend. (default Slash,DoubleQuote,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--putio-encoding MultiEncoder This sets the encoding for the backend. (default Slash,BackSlash,Del,Ctl,InvalidUtf8,Dot)
--qingstor-access-key-id string QingStor Access Key ID
--qingstor-chunk-size SizeSuffix Chunk size to use for uploading. (default 4Mi)
--qingstor-connection-retries int Number of connection retries. (default 3)
--qingstor-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Ctl,InvalidUtf8)
--qingstor-endpoint string Enter an endpoint URL to connection QingStor API.
--qingstor-env-auth Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
--qingstor-secret-access-key string QingStor Secret Access Key (password)
--qingstor-upload-concurrency int Concurrency for multipart uploads. (default 1)
--qingstor-upload-cutoff SizeSuffix Cutoff for switching to chunked upload (default 200Mi)
--qingstor-zone string Zone to connect to.
--s3-access-key-id string AWS Access Key ID.
--s3-acl string Canned ACL used when creating buckets and storing or copying objects.
--s3-bucket-acl string Canned ACL used when creating buckets.
--s3-chunk-size SizeSuffix Chunk size to use for uploading. (default 5Mi)
--s3-copy-cutoff SizeSuffix Cutoff for switching to multipart copy (default 4.656Gi)
--s3-disable-checksum Don't store MD5 checksum with object metadata
--s3-disable-http2 Disable usage of http2 for S3 backends
--s3-encoding MultiEncoder This sets the encoding for the backend. (default Slash,InvalidUtf8,Dot)
--s3-endpoint string Endpoint for S3 API.
--s3-env-auth Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
--s3-force-path-style If true use path style access if false use virtual hosted style. (default true)
--s3-leave-parts-on-error If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
--s3-list-chunk int Size of listing chunk (response list for each ListObject S3 request). (default 1000)
--s3-location-constraint string Location constraint - must be set to match the Region.
--s3-max-upload-parts int Maximum number of parts in a multipart upload. (default 10000)
--s3-memory-pool-flush-time Duration How often internal memory buffer pools will be flushed. (default 1m0s)
--s3-memory-pool-use-mmap Whether to use mmap buffers in internal memory pool.
--s3-no-check-bucket If set, don't attempt to check the bucket exists or create it
--s3-no-head If set, don't HEAD uploaded objects to check integrity
--s3-no-head-object If set, don't HEAD objects
--s3-profile string Profile to use in the shared credentials file
--s3-provider string Choose your S3 provider.
--s3-region string Region to connect to.
--s3-requester-pays Enables requester pays option when interacting with S3 bucket.
--s3-secret-access-key string AWS Secret Access Key (password)
--s3-server-side-encryption string The server-side encryption algorithm used when storing this object in S3.
--s3-session-token string An AWS session token
--s3-shared-credentials-file string Path to the shared credentials file
--s3-sse-customer-algorithm string If using SSE-C, the server-side encryption algorithm used when storing this object in S3.
--s3-sse-customer-key string If using SSE-C you must provide the secret encryption key used to encrypt/decrypt your data.
--s3-sse-customer-key-md5 string If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
--s3-sse-kms-key-id string If using KMS ID you must provide the ARN of Key.
--s3-storage-class string The storage class to use when storing new objects in S3.
--s3-upload-concurrency int Concurrency for multipart uploads. (default 4)
--s3-upload-cutoff SizeSuffix Cutoff for switching to chunked upload (default 200Mi)
--s3-use-accelerate-endpoint If true use the AWS S3 accelerated endpoint.
--s3-v2-auth If true use v2 authentication.
--seafile-2fa Two-factor authentication ('true' if the account has 2FA enabled)
--seafile-create-library Should rclone create a library if it doesn't exist
--seafile-encoding MultiEncoder This sets the encoding for the backend. (default Slash,DoubleQuote,BackSlash,Ctl,InvalidUtf8)
--seafile-library string Name of the library. Leave blank to access all non-encrypted libraries.
--seafile-library-key string Library password (for encrypted libraries only). Leave blank if you pass it through the command line. (obscured)
--seafile-pass string Password (obscured)
--seafile-url string URL of seafile host to connect to
--seafile-user string User name (usually email address)
--sftp-ask-password Allow asking for SFTP password when needed.
--sftp-disable-concurrent-reads If set don't use concurrent reads
--sftp-disable-concurrent-writes If set don't use concurrent writes
--sftp-disable-hashcheck Disable the execution of SSH commands to determine if remote file hashing is available.
--sftp-host string SSH host to connect to
--sftp-idle-timeout Duration Max time before closing idle connections (default 1m0s)
--sftp-key-file string Path to PEM-encoded private key file, leave blank or set key-use-agent to use ssh-agent.
--sftp-key-file-pass string The passphrase to decrypt the PEM-encoded private key file. (obscured)
--sftp-key-pem string Raw PEM-encoded private key, If specified, will override key_file parameter.
--sftp-key-use-agent When set forces the usage of the ssh-agent.
--sftp-known-hosts-file string Optional path to known_hosts file.
--sftp-md5sum-command string The command used to read md5 hashes. Leave blank for autodetect.
--sftp-pass string SSH password, leave blank to use ssh-agent. (obscured)
--sftp-path-override string Override path used by SSH connection.
--sftp-port string SSH port, leave blank to use default (22)
--sftp-pubkey-file string Optional path to public key file.
--sftp-server-command string Specifies the path or command to run a sftp server on the remote host.
--sftp-set-modtime Set the modified time on the remote if set. (default true)
--sftp-sha1sum-command string The command used to read sha1 hashes. Leave blank for autodetect.
--sftp-skip-links Set to skip any symlinks and any other non regular files.
--sftp-subsystem string Specifies the SSH2 subsystem on the remote host. (default "sftp")
--sftp-use-fstat If set use fstat instead of stat
--sftp-use-insecure-cipher Enable the use of insecure ciphers and key exchange methods.
--sftp-user string SSH username, leave blank for current username, $USER
--sharefile-chunk-size SizeSuffix Upload chunk size. Must a power of 2 >= 256k. (default 64Mi)
--sharefile-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,BackSlash,Ctl,LeftSpace,LeftPeriod,RightSpace,RightPeriod,InvalidUtf8,Dot)
--sharefile-endpoint string Endpoint for API calls.
--sharefile-root-folder-id string ID of the root folder
--sharefile-upload-cutoff SizeSuffix Cutoff for switching to multipart upload. (default 128Mi)
--skip-links Don't warn about skipped symlinks.
--sugarsync-access-key-id string Sugarsync Access Key ID.
--sugarsync-app-id string Sugarsync App ID.
--sugarsync-authorization string Sugarsync authorization
--sugarsync-authorization-expiry string Sugarsync authorization expiry
--sugarsync-deleted-id string Sugarsync deleted folder id
--sugarsync-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Ctl,InvalidUtf8,Dot)
--sugarsync-hard-delete Permanently delete files if true
--sugarsync-private-access-key string Sugarsync Private Access Key
--sugarsync-refresh-token string Sugarsync refresh token
--sugarsync-root-id string Sugarsync root id
--sugarsync-user string Sugarsync user
--swift-application-credential-id string Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
--swift-application-credential-name string Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
--swift-application-credential-secret string Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
--swift-auth string Authentication URL for server (OS_AUTH_URL).
--swift-auth-token string Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
--swift-auth-version int AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
--swift-chunk-size SizeSuffix Above this size files will be chunked into a _segments container. (default 5Gi)
--swift-domain string User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
--swift-encoding MultiEncoder This sets the encoding for the backend. (default Slash,InvalidUtf8)
--swift-endpoint-type string Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE) (default "public")
--swift-env-auth Get swift credentials from environment variables in standard OpenStack form.
--swift-key string API key or password (OS_PASSWORD).
--swift-leave-parts-on-error If true avoid calling abort upload on a failure. It should be set to true for resuming uploads across different sessions.
--swift-no-chunk Don't chunk files during streaming upload.
--swift-region string Region name - optional (OS_REGION_NAME)
--swift-storage-policy string The storage policy to use when creating a new container
--swift-storage-url string Storage URL - optional (OS_STORAGE_URL)
--swift-tenant string Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
--swift-tenant-domain string Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
--swift-tenant-id string Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
--swift-user string User name to log in (OS_USERNAME).
--swift-user-id string User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
--tardigrade-access-grant string Access Grant.
--tardigrade-api-key string API Key.
--tardigrade-passphrase string Encryption Passphrase. To access existing objects enter passphrase used for uploading.
--tardigrade-provider string Choose an authentication method. (default "existing")
--tardigrade-satellite-address <nodeid>@<address>:<port> Satellite Address. Custom satellite address should match the format: <nodeid>@<address>:<port>. (default "us-central-1.tardigrade.io")
--union-action-policy string Policy to choose upstream on ACTION category. (default "epall")
--union-cache-time int Cache time of usage and free space (in seconds). This option is only useful when a path preserving policy is used. (default 120)
--union-create-policy string Policy to choose upstream on CREATE category. (default "epmfs")
--union-search-policy string Policy to choose upstream on SEARCH category. (default "ff")
--union-upstreams string List of space separated upstreams.
--uptobox-access-token string Your access Token, get it from https://uptobox.com/my_account
--uptobox-encoding MultiEncoder This sets the encoding for the backend. (default Slash,LtGt,DoubleQuote,BackQuote,Del,Ctl,LeftSpace,InvalidUtf8,Dot)
--webdav-bearer-token string Bearer token instead of user/pass (e.g. a Macaroon)
--webdav-bearer-token-command string Command to run to get a bearer token
--webdav-encoding string This sets the encoding for the backend.
--webdav-headers CommaSepList Set HTTP headers for all transactions
--webdav-pass string Password. (obscured)
--webdav-url string URL of http host to connect to
--webdav-user string User name. In case NTLM authentication is used, the username should be in the format 'Domain\User'.
--webdav-vendor string Name of the Webdav site/service/software you are using
--yandex-auth-url string Auth server URL.
--yandex-client-id string OAuth Client Id
--yandex-client-secret string OAuth Client Secret
--yandex-encoding MultiEncoder This sets the encoding for the backend. (default Slash,Del,Ctl,InvalidUtf8,Dot)
--yandex-token string OAuth Access Token as a JSON blob.
--yandex-token-url string Token server url.
--zoho-auth-url string Auth server URL.
--zoho-client-id string OAuth Client Id
--zoho-client-secret string OAuth Client Secret
--zoho-encoding MultiEncoder This sets the encoding for the backend. (default Del,Ctl,InvalidUtf8)
--zoho-region string Zoho region to connect to.
--zoho-token string OAuth Access Token as a JSON blob.
--zoho-token-url string Token server url.
Docker 1.9 has added support for creating named volumes via command-line interface and mounting them in containers as a way to share data between them. Since Docker 1.10 you can create named volumes with Docker Compose by descriptions in docker-compose.yml files for use by container groups on a single host. As of Docker 1.12 volumes are supported by Docker Swarm included with Docker Engine and created from descriptions in swarm compose v3 files for use with swarm stacks across multiple cluster nodes.
Docker Volume Plugins augment the default local
volume driver included in Docker with stateful volumes shared across containers and hosts. Unlike local volumes, your data will not be deleted when such volume is removed. Plugins can run managed by the docker daemon, as a native system service (under systemd, sysv or upstart) or as a standalone executable. Rclone can run as docker volume plugin in all these modes. It interacts with the local docker daemon via plugin API and handles mounting of remote file systems into docker containers so it must run on the same host as the docker daemon or on every Swarm node.
In the first example we will use the SFTP rclone volume with Docker engine on a standalone Ubuntu machine.
Start from installing Docker on the host.
The FUSE driver is a prerequisite for rclone mounting and should be installed on host:
sudo apt-get -y install fuse
Create two directories required by rclone docker plugin:
sudo mkdir -p /var/lib/docker-plugins/rclone/config
sudo mkdir -p /var/lib/docker-plugins/rclone/cache
Install the managed rclone docker plugin:
docker plugin install rclone/docker-volume-rclone args="-v" --alias rclone --grant-all-permissions
docker plugin list
Create your SFTP volume:
docker volume create firstvolume -d rclone -o type=sftp -o sftp-host=_hostname_ -o sftp-user=_username_ -o sftp-pass=_password_ -o allow-other=true
Note that since all options are static, you don't even have to run rclone config
or create the rclone.conf
file (but the config
directory should still be present). In the simplest case you can use localhost
as hostname and your SSH credentials as username and password. You can also change the remote path to your home directory on the host, for example -o path=/home/username
.
Time to create a test container and mount the volume into it:
docker run --rm -it -v firstvolume:/mnt --workdir /mnt ubuntu:latest bash
If all goes well, you will enter the new container and change right to the mounted SFTP remote. You can type ls
to list the mounted directory or otherwise play with it. Type exit
when you are done. The container will stop but the volume will stay, ready to be reused. When it's not needed anymore, remove it:
docker volume list
docker volume remove firstvolume
Now let us try something more elaborate: Google Drive volume on multi-node Docker Swarm.
You should start from installing Docker and FUSE, creating plugin directories and installing rclone plugin on every swarm node. Then setup the Swarm.
Google Drive volumes need an access token which can be setup via web browser and will be periodically renewed by rclone. The managed plugin cannot run a browser so we will use a technique similar to the rclone setup on a headless box.
Run rclone config on another machine equipped with web browser and graphical user interface. Create the Google Drive remote. When done, transfer the resulting rclone.conf
to the Swarm cluster and save as /var/lib/docker-plugins/rclone/config/rclone.conf
on every node. By default this location is accessible only to the root user so you will need appropriate privileges. The resulting config will look like this:
[gdrive]
type = drive
scope = drive
drive_id = 1234567...
root_folder_id = 0Abcd...
token = {"access_token":...}
Now create the file named example.yml
with a swarm stack description like this:
version: '3'
services:
heimdall:
image: linuxserver/heimdall:latest
ports: [8080:80]
volumes: [configdata:/config]
volumes:
configdata:
driver: rclone
driver_opts:
remote: 'gdrive:heimdall'
allow_other: 'true'
vfs_cache_mode: full
poll_interval: 0
and run the stack:
docker stack deploy example -c ./example.yml
After a few seconds docker will spread the parsed stack description over cluster, create the example_heimdall
service on port 8080, run service containers on one or more cluster nodes and request the example_configdata
volume from rclone plugins on the node hosts. You can use the following commands to confirm results:
docker service ls
docker service ps example_heimdall
docker volume ls
Point your browser to http://cluster.host.address:8080
and play with the service. Stop it with docker stack remove example
when you are done. Note that the example_configdata
volume(s) created on demand at the cluster nodes will not be automatically removed together with the stack but stay for future reuse. You can remove them manually by invoking the docker volume remove example_configdata
command on every node.
Volumes can be created with docker volume create. Here are a few examples:
docker volume create vol1 -d rclone -o remote=storj: -o vfs-cache-mode=full
docker volume create vol2 -d rclone -o remote=:tardigrade,access_grant=xxx:heimdall
docker volume create vol3 -d rclone -o type=tardigrade -o path=heimdall -o tardigrade-access-grant=xxx -o poll-interval=0
Note the -d rclone
flag that tells docker to request volume from the rclone driver. This works even if you installed managed driver by its full name rclone/docker-volume-rclone
because you provided the --alias rclone
option.
Volumes can be inspected as follows:
docker volume list
docker volume inspect vol1
Rclone flags and volume options are set via the -o
flag to the docker volume create
command. They include backend-specific parameters as well as mount and VFS options. Also there are a few special -o
options: remote
, fs
, type
, path
, mount-type
and persist
.
remote
determines an existing remote name from the config file, with trailing colon and optionally with a remote path. See the full syntax in the rclone documentation. This option can be aliased as fs
to prevent confusion with the remote parameter of such backends as crypt or alias.
The remote=:backend:dir/subdir
syntax can be used to create on-the-fly (config-less) remotes, while the type
and path
options provide a simpler alternative for this. Using two split options
-o type=backend -o path=dir/subdir
is equivalent to the combined syntax
-o remote=:backend:dir/subdir
but is arguably easier to parameterize in scripts. The path
part is optional.
Mount and VFS options as well as backend parameters are named like their twin command-line flags without the --
CLI prefix. Optionally you can use underscores instead of dashes in option names. For example, --vfs-cache-mode full
becomes -o vfs-cache-mode=full
or -o vfs_cache_mode=full
. Boolean CLI flags without value will gain the true
value, e.g. --allow-other
becomes -o allow-other=true
or -o allow_other=true
.
Please note that you can provide parameters only for the backend immediately referenced by the backend type of mounted remote
. If this is a wrapping backend like alias, chunker or crypt, you cannot provide options for the referred to remote or backend. This limitation is imposed by the rclone connection string parser. The only workaround is to feed plugin with rclone.conf
or configure plugin arguments (see below).
mount-type
determines the mount method and in general can be one of: mount
, cmount
, or mount2
. This can be aliased as mount_type
. It should be noted that the managed rclone docker plugin currently does not support the cmount
method and mount2
is rarely needed. This option defaults to the first found method, which is usually mount
so you generally won't need it.
persist
is a reserved boolean (true/false) option. In future it will allow to persist on-the-fly remotes in the plugin rclone.conf
file.
The remote
value can be extended with connection strings as an alternative way to supply backend parameters. This is equivalent to the -o
backend options with one syntactic difference. Inside connection string the backend prefix must be dropped from parameter names but in the -o param=value
array it must be present. For instance, compare the following option array
-o remote=:sftp:/home -o sftp-host=localhost
with equivalent connection string:
-o remote=:sftp,host=localhost:/home
This difference exists because flag options -o key=val
include not only backend parameters but also mount/VFS flags and possibly other settings. Also it allows to discriminate the remote
option from the crypt-remote
(or similarly named backend parameters) and arguably simplifies scripting due to clearer value substitution.
Both Docker Swarm and Docker Compose use YAML-formatted text files to describe groups (stacks) of containers, their properties, networks and volumes. Compose uses the compose v2 format, Swarm uses the compose v3 format. They are mostly similar, differences are explained in the docker documentation.
Volumes are described by the children of the top-level volumes:
node. Each of them should be named after its volume and have at least two elements, the self-explanatory driver: rclone
value and the driver_opts:
structure playing the same role as -o key=val
CLI flags:
volumes:
volume_name_1:
driver: rclone
driver_opts:
remote: 'gdrive:'
allow_other: 'true'
vfs_cache_mode: full
token: '{"type": "borrower", "expires": "2021-12-31"}'
poll_interval: 0
Notice a few important details: - YAML prefers _
in option names instead of -
. - YAML treats single and double quotes interchangeably. Simple strings and integers can be left unquoted. - Boolean values must be quoted like 'true'
or "false"
because these two words are reserved by YAML. - The filesystem string is keyed with remote
(or with fs
). Normally you can omit quotes here, but if the string ends with colon, you must quote it like remote: "storage_box:"
. - YAML is picky about surrounding braces in values as this is in fact another syntax for key/value mappings. For example, JSON access tokens usually contain double quotes and surrounding braces, so you must put them in single quotes.
Docker daemon can install plugins from an image registry and run them managed. We maintain the docker-volume-rclone plugin image on Docker Hub.
The plugin requires presence of two directories on the host before it can be installed. Note that plugin will not create them automatically. By default they must exist on host at the following locations (though you can tweak the paths): - /var/lib/docker-plugins/rclone/config
is reserved for the rclone.conf
config file and must exist even if it's empty and the config file is not present. - /var/lib/docker-plugins/rclone/cache
holds the plugin state file as well as optional VFS caches.
You can install managed plugin with default settings as follows:
docker plugin install rclone/docker-volume-rclone:latest --grant-all-permissions --alias rclone
Managed plugin is in fact a special container running in a namespace separate from normal docker containers. Inside it runs the rclone serve docker
command. The config and cache directories are bind-mounted into the container at start. The docker daemon connects to a unix socket created by the command inside the container. The command creates on-demand remote mounts right inside, then docker machinery propagates them through kernel mount namespaces and bind-mounts into requesting user containers.
You can tweak a few plugin settings after installation when it's disabled (not in use), for instance:
docker plugin disable rclone
docker plugin set rclone RCLONE_VERBOSE=2 config=/etc/rclone args="--vfs-cache-mode=writes --allow-other"
docker plugin enable rclone
docker plugin inspect rclone
Note that if docker refuses to disable the plugin, you should find and remove all active volumes connected with it as well as containers and swarm services that use them. This is rather tedious so please carefully plan in advance.
You can tweak the following settings: args
, config
, cache
, and RCLONE_VERBOSE
. It's your task to keep plugin settings in sync across swarm cluster nodes.
args
sets command-line arguments for the rclone serve docker
command (none by default). Arguments should be separated by space so you will normally want to put them in quotes on the docker plugin set command line. Both serve docker flags and generic rclone flags are supported, including backend parameters that will be used as defaults for volume creation. Note that plugin will fail (due to this docker bug) if the args
value is empty. Use e.g. args="-v"
as a workaround.
config=/host/dir
sets alternative host location for the config directory. Plugin will look for rclone.conf
here. It's not an error if the config file is not present but the directory must exist. Please note that plugin can periodically rewrite the config file, for example when it renews storage access tokens. Keep this in mind and try to avoid races between the plugin and other instances of rclone on the host that might try to change the config simultaneously resulting in corrupted rclone.conf
. You can also put stuff like private key files for SFTP remotes in this directory. Just note that it's bind-mounted inside the plugin container at the predefined path /data/config
. For example, if your key file is named sftp-box1.key
on the host, the corresponding volume config option should read -o sftp-key-file=/data/config/sftp-box1.key
.
cache=/host/dir
sets alternative host location for the cache directory. The plugin will keep VFS caches here. Also it will create and maintain the docker-plugin.state
file in this directory. When the plugin is restarted or reinstalled, it will look in this file to recreate any volumes that existed previously. However, they will not be re-mounted into consuming containers after restart. Usually this is not a problem as the docker daemon normally will restart affected user containers after failures, daemon restarts or host reboots.
RCLONE_VERBOSE
sets plugin verbosity from 0
(errors only, by default) to 2
(debugging). Verbosity can be also tweaked via args="-v [-v] ..."
. Since arguments are more generic, you will rarely need this setting. The plugin output by default feeds the docker daemon log on local host. Log entries are reflected as errors in the docker log but retain their actual level assigned by rclone in the encapsulated message string.
You can set custom plugin options right when you install it, in one go:
docker plugin remove rclone
docker plugin install rclone/docker-volume-rclone:latest \
--alias rclone --grant-all-permissions \
args="-v --allow-other" config=/etc/rclone
docker plugin inspect rclone
The docker plugin volume protocol doesn't provide a way for plugins to inform the docker daemon that a volume is (un-)available. As a workaround you can setup a healthcheck to verify that the mount is responding, for example:
services:
my_service:
image: my_image
healthcheck:
test: ls /path/to/rclone/mount || exit 1
interval: 1m
timeout: 15s
retries: 3
start_period: 15s
In most cases you should prefer managed mode. Moreover, MacOS and Windows do not support native Docker plugins. Please use managed mode on these systems. Proceed further only if you are on Linux.
First, install rclone. You can just run it (type rclone serve docker
and hit enter) for the test.
Install FUSE:
sudo apt-get -y install fuse
Download two systemd configuration files: docker-volume-rclone.service and docker-volume-rclone.socket.
Put them to the /etc/systemd/system/
directory:
cp docker-volume-plugin.service /etc/systemd/system/
cp docker-volume-plugin.socket /etc/systemd/system/
Please note that all commands in this section must be run as root but we omit sudo
prefix for brevity. Now create directories required by the service:
mkdir -p /var/lib/docker-volumes/rclone
mkdir -p /var/lib/docker-plugins/rclone/config
mkdir -p /var/lib/docker-plugins/rclone/cache
Run the docker plugin service in the socket activated mode:
systemctl daemon-reload
systemctl start docker-volume-rclone.service
systemctl enable docker-volume-rclone.socket
systemctl start docker-volume-rclone.socket
systemctl restart docker
Or run the service directly: - run systemctl daemon-reload
to let systemd pick up new config - run systemctl enable docker-volume-rclone.service
to make the new service start automatically when you power on your machine. - run systemctl start docker-volume-rclone.service
to start the service now. - run systemctl restart docker
to restart docker daemon and let it detect the new plugin socket. Note that this step is not needed in managed mode where docker knows about plugin state changes.
The two methods are equivalent from the user perspective, but I personally prefer socket activation.
You can see managed plugin settings with
docker plugin list
docker plugin inspect rclone
Note that docker (including latest 20.10.7) will not show actual values of args
, just the defaults.
Use journalctl --unit docker
to see managed plugin output as part of the docker daemon log. Note that docker reflects plugin lines as errors but their actual level can be seen from encapsulated message string.
You will usually install the latest version of managed plugin. Use the following commands to print the actual installed version:
PLUGID=$(docker plugin list --no-trunc | awk '/rclone/{print$1}')
sudo runc --root /run/docker/runtime-runc/plugins.moby exec $PLUGID rclone version
You can even use runc
to run shell inside the plugin container:
sudo runc --root /run/docker/runtime-runc/plugins.moby exec --tty $PLUGID bash
Also you can use curl to check the plugin socket connectivity:
docker plugin list --no-trunc
PLUGID=123abc...
sudo curl -H Content-Type:application/json -XPOST -d {} --unix-socket /run/docker/plugins/$PLUGID/rclone.sock http://localhost/Plugin.Activate
though this is rarely needed.
Finally I'd like to mention a caveat with updating volume settings. Docker CLI does not have a dedicated command like docker volume update
. It may be tempting to invoke docker volume create
with updated options on existing volume, but there is a gotcha. The command will do nothing, it won't even return an error. I hope that docker maintainers will fix this some day. In the meantime be aware that you must remove your volume before recreating it with new settings:
docker volume remove my_vol
docker volume create my_vol -d rclone -o opt1=new_val1 ...
and verify that settings did update:
docker volume list
docker volume inspect my_vol
If docker refuses to remove the volume, you should find containers or swarm services that use it and stop them first.
This is a backend for the 1fichier cloud storage service. Note that a Premium subscription is required to use the API.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for 1Fichier involves getting the API key from the website which you need to do in your browser.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / 1Fichier
\ "fichier"
[snip]
Storage> fichier
** See help for fichier backend at: https://rclone.org/fichier/ **
Your API Key, get it from https://1fichier.com/console/params.pl
Enter a string value. Press Enter for the default ("").
api_key> example_key
Edit advanced config? (y/n)
y) Yes
n) No
y/n>
Remote config
--------------------
[remote]
type = fichier
api_key = example_key
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Once configured you can then use rclone
like this,
List directories in top level of your 1Fichier account
rclone lsd remote:
List all the files in your 1Fichier account
rclone ls remote:
To copy a local directory to a 1Fichier directory called backup
rclone copy /home/source remote:backup
1Fichier does not support modification times. It supports the Whirlpool hash algorithm.
1Fichier can have two files with exactly the same name and path (unlike a normal file system).
Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
< | 0x3C | < |
> | 0x3E | > |
" | 0x22 | " |
$ | 0x24 | $ |
` | 0x60 | ` |
' | 0x27 | ' |
File names can also not start or end with the following characters. These only get replaced if they are the first or last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to fichier (1Fichier).
Your API Key, get it from https://1fichier.com/console/params.pl
Here are the advanced options specific to fichier (1Fichier).
If you want to download a shared folder, add this parameter
If you want to download a shared file that is password protected, add this parameter
NB Input to this must be obscured - see rclone obscure.
If you want to list the files in a shared folder that is password protected, add this parameter
NB Input to this must be obscured - see rclone obscure.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the 1Fichier backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
The alias
remote provides a new name for another remote.
Paths may be as deep as required or a local path, e.g. remote:directory/subdirectory
or /directory/subdirectory
.
During the initial setup with rclone config
you will specify the target remote. The target remote can either be a local path or another remote.
Subfolders can be used in target remote. Assume an alias remote named backup
with the target mydrive:private/backup
. Invoking rclone mkdir backup:desktop
is exactly the same as invoking rclone mkdir mydrive:private/backup/desktop
.
There will be no special handling of paths containing ..
segments. Invoking rclone mkdir backup:../desktop
is exactly the same as invoking rclone mkdir mydrive:private/backup/../desktop
. The empty path is not allowed as a remote. To alias the current directory use .
instead.
Here is an example of how to make an alias called remote
for local folder. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Alias for an existing remote
\ "alias"
[snip]
Storage> alias
Remote or path to alias.
Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
remote> /mnt/storage/backup
Remote config
--------------------
[remote]
remote = /mnt/storage/backup
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
remote alias
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
Once configured you can then use rclone
like this,
List directories in top level in /mnt/storage/backup
rclone lsd remote:
List all the files in /mnt/storage/backup
rclone ls remote:
Copy another local directory to the alias directory called source
rclone copy /home/source remote:source
Here are the standard options specific to alias (Alias for an existing remote).
Remote or path to alias. Can be "myremote:path/to/dir", "myremote:bucket", "myremote:" or "/local/path".
Amazon Drive, formerly known as Amazon Cloud Drive, is a cloud storage service run by Amazon for consumers.
Important: rclone supports Amazon Drive only if you have your own set of API keys. Unfortunately the Amazon Drive developer program is now closed to new entries so if you don't already have your own set of keys you will not be able to use rclone with Amazon Drive.
For the history on why rclone no longer has a set of Amazon Drive API keys see the forum.
If you happen to know anyone who works at Amazon then please ask them to re-instate rclone into the Amazon Drive developer program - thanks!
The initial setup for Amazon Drive involves getting a token from Amazon which you need to do in your browser. rclone config
walks you through it.
The configuration process for Amazon Drive may involve using an oauth proxy. This is used to keep the Amazon credentials out of the source code. The proxy runs in Google's very secure App Engine environment and doesn't store any credentials which pass through it.
Since rclone doesn't currently have its own Amazon Drive credentials so you will either need to have your own client_id
and client_secret
with Amazon Drive, or use a third party oauth proxy in which case you will need to enter client_id
, client_secret
, auth_url
and token_url
.
Note also if you are not using Amazon's auth_url
and token_url
, (ie you filled in something for those) then if setting up on a remote machine you can only use the copying the config method of configuration - rclone authorize
will not work.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
n/r/c/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Amazon Drive
\ "amazon cloud drive"
[snip]
Storage> amazon cloud drive
Amazon Application Client Id - required.
client_id> your client ID goes here
Amazon Application Client Secret - required.
client_secret> your client secret goes here
Auth server URL - leave blank to use Amazon's.
auth_url> Optional auth URL
Token server url - leave blank to use Amazon's.
token_url> Optional token URL
Remote config
Make sure your Redirect URL is set to "http://127.0.0.1:53682/" in your custom config.
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id = your client ID goes here
client_secret = your client secret goes here
auth_url = Optional auth URL
token_url = Optional token URL
token = {"access_token":"xxxxxxxxxxxxxxxxxxxxxxx","token_type":"bearer","refresh_token":"xxxxxxxxxxxxxxxxxx","expiry":"2015-09-06T16:07:39.658438471+01:00"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Amazon. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your Amazon Drive
rclone lsd remote:
List all the files in your Amazon Drive
rclone ls remote:
To copy a local directory to an Amazon Drive directory called backup
rclone copy /home/source remote:backup
Amazon Drive doesn't allow modification times to be changed via the API so these won't be accurate or used for syncing.
It does store MD5SUMs so for a more accurate sync, you can use the --checksum
flag.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Any files you delete with rclone will end up in the trash. Amazon don't provide an API to permanently delete files, nor to empty the trash, so you will have to do that with one of Amazon's apps or via the Amazon Drive website. As of November 17, 2016, files are automatically deleted by Amazon from the trash after 30 days.
.com
Amazon accountsLet's say you usually use amazon.co.uk
. When you authenticate with rclone it will take you to an amazon.com
page to log in. Your amazon.co.uk
email and password should work here just fine.
Here are the standard options specific to amazon cloud drive (Amazon Drive).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Here are the advanced options specific to amazon cloud drive (Amazon Drive).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Checkpoint for internal polling (debug).
Additional time per GiB to wait after a failed complete upload to see if it appears.
Sometimes Amazon Drive gives an error when a file has been fully uploaded but the file appears anyway after a little while. This happens sometimes for files over 1 GiB in size and nearly every time for files bigger than 10 GiB. This parameter controls the time rclone waits for the file to appear.
The default value for this parameter is 3 minutes per GiB, so by default it will wait 3 minutes for every GiB uploaded to see if the file appears.
You can disable this feature by setting it to 0. This may cause conflict errors as rclone retries the failed upload but the file will most likely appear correctly eventually.
These values were determined empirically by observing lots of uploads of big files for a range of file sizes.
Upload with the "-v" flag to see more info about what rclone is doing in this situation.
Files >= this size will be downloaded via their tempLink.
Files this size or more will be downloaded via their "tempLink". This is to work around a problem with Amazon Drive which blocks downloads of files bigger than about 10 GiB. The default for this is 9 GiB which shouldn't need to be changed.
To download files above this threshold, rclone requests a "tempLink" which downloads the file through a temporary URL directly from the underlying S3 storage.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that Amazon Drive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
Amazon Drive has rate limiting so you may notice errors in the sync (429 errors). rclone will automatically retry the sync up to 3 times by default (see --retries
flag) which should hopefully work around this problem.
Amazon Drive has an internal limit of file sizes that can be uploaded to the service. This limit is not officially published, but all files larger than this will fail.
At the time of writing (Jan 2016) is in the area of 50 GiB per file. This means that larger files are likely to fail.
Unfortunately there is no way for rclone to see that this failure is because of file size, so it will retry the operation, as any other failure. To avoid this problem, use --max-size 50000M
option to limit the maximum size of uploaded files. Note that --max-size
does not split files into segments, it only ignores files over this size.
rclone about
is not supported by the Amazon Drive backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
The S3 backend can be used with a number of different providers:
Paths are specified as remote:bucket
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir
.
Once you have made a remote (see the provider specific section above) you can use it like this:
See all buckets
rclone lsd remote:
Make a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync /home/local/directory
to the remote bucket, deleting any excess files in the bucket.
rclone sync -i /home/local/directory remote:bucket
Here is an example of making an s3 configuration. First run
rclone config
This will guide you through an interactive setup process.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Amazon S3 Compliant Storage Providers including AWS, Ceph, Dreamhost, IBM COS, Minio, and Tencent COS
\ "s3"
[snip]
Storage> s3
Choose your S3 provider.
Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
\ "AWS"
2 / Ceph Object Storage
\ "Ceph"
3 / Digital Ocean Spaces
\ "DigitalOcean"
4 / Dreamhost DreamObjects
\ "Dreamhost"
5 / IBM COS S3
\ "IBMCOS"
6 / Minio Object Storage
\ "Minio"
7 / Wasabi Object Storage
\ "Wasabi"
8 / Any other S3 compatible provider
\ "Other"
provider> 1
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own value
1 / Enter AWS credentials in the next step
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM)
\ "true"
env_auth> 1
AWS Access Key ID - leave blank for anonymous access or runtime credentials.
access_key_id> XXX
AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
secret_access_key> YYY
Region to connect to.
Choose a number from below, or type in your own value
/ The default endpoint - a good choice if you are unsure.
1 | US Region, Northern Virginia, or Pacific Northwest.
| Leave location constraint empty.
\ "us-east-1"
/ US East (Ohio) Region
2 | Needs location constraint us-east-2.
\ "us-east-2"
/ US West (Oregon) Region
3 | Needs location constraint us-west-2.
\ "us-west-2"
/ US West (Northern California) Region
4 | Needs location constraint us-west-1.
\ "us-west-1"
/ Canada (Central) Region
5 | Needs location constraint ca-central-1.
\ "ca-central-1"
/ EU (Ireland) Region
6 | Needs location constraint EU or eu-west-1.
\ "eu-west-1"
/ EU (London) Region
7 | Needs location constraint eu-west-2.
\ "eu-west-2"
/ EU (Frankfurt) Region
8 | Needs location constraint eu-central-1.
\ "eu-central-1"
/ Asia Pacific (Singapore) Region
9 | Needs location constraint ap-southeast-1.
\ "ap-southeast-1"
/ Asia Pacific (Sydney) Region
10 | Needs location constraint ap-southeast-2.
\ "ap-southeast-2"
/ Asia Pacific (Tokyo) Region
11 | Needs location constraint ap-northeast-1.
\ "ap-northeast-1"
/ Asia Pacific (Seoul)
12 | Needs location constraint ap-northeast-2.
\ "ap-northeast-2"
/ Asia Pacific (Mumbai)
13 | Needs location constraint ap-south-1.
\ "ap-south-1"
/ Asia Pacific (Hong Kong) Region
14 | Needs location constraint ap-east-1.
\ "ap-east-1"
/ South America (Sao Paulo) Region
15 | Needs location constraint sa-east-1.
\ "sa-east-1"
region> 1
Endpoint for S3 API.
Leave blank if using AWS to use the default endpoint for the region.
endpoint>
Location constraint - must be set to match the Region. Used when creating buckets only.
Choose a number from below, or type in your own value
1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
\ ""
2 / US East (Ohio) Region.
\ "us-east-2"
3 / US West (Oregon) Region.
\ "us-west-2"
4 / US West (Northern California) Region.
\ "us-west-1"
5 / Canada (Central) Region.
\ "ca-central-1"
6 / EU (Ireland) Region.
\ "eu-west-1"
7 / EU (London) Region.
\ "eu-west-2"
8 / EU Region.
\ "EU"
9 / Asia Pacific (Singapore) Region.
\ "ap-southeast-1"
10 / Asia Pacific (Sydney) Region.
\ "ap-southeast-2"
11 / Asia Pacific (Tokyo) Region.
\ "ap-northeast-1"
12 / Asia Pacific (Seoul)
\ "ap-northeast-2"
13 / Asia Pacific (Mumbai)
\ "ap-south-1"
14 / Asia Pacific (Hong Kong)
\ "ap-east-1"
15 / South America (Sao Paulo) Region.
\ "sa-east-1"
location_constraint> 1
Canned ACL used when creating buckets and/or storing objects in S3.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default).
\ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
\ "public-read"
/ Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
3 | Granting this on a bucket is generally not recommended.
\ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access.
\ "authenticated-read"
/ Object owner gets FULL_CONTROL. Bucket owner gets READ access.
5 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-read"
/ Both the object owner and the bucket owner get FULL_CONTROL over the object.
6 | If you specify this canned ACL when creating a bucket, Amazon S3 ignores it.
\ "bucket-owner-full-control"
acl> 1
The server-side encryption algorithm used when storing this object in S3.
Choose a number from below, or type in your own value
1 / None
\ ""
2 / AES256
\ "AES256"
server_side_encryption> 1
The storage class to use when storing objects in S3.
Choose a number from below, or type in your own value
1 / Default
\ ""
2 / Standard storage class
\ "STANDARD"
3 / Reduced redundancy storage class
\ "REDUCED_REDUNDANCY"
4 / Standard Infrequent Access storage class
\ "STANDARD_IA"
5 / One Zone Infrequent Access storage class
\ "ONEZONE_IA"
6 / Glacier storage class
\ "GLACIER"
7 / Glacier Deep Archive storage class
\ "DEEP_ARCHIVE"
8 / Intelligent-Tiering storage class
\ "INTELLIGENT_TIERING"
storage_class> 1
Remote config
--------------------
[remote]
type = s3
provider = AWS
env_auth = false
access_key_id = XXX
secret_access_key = YYY
region = us-east-1
endpoint =
location_constraint =
acl = private
server_side_encryption =
storage_class =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d>
The modified time is stored as metadata on the object as X-Amz-Meta-Mtime
as floating point since the epoch accurate to 1 ns.
If the modification time needs to be updated rclone will attempt to perform a server side copy to update the modification if the object can be copied in a single part. In the case the object is larger than 5Gb or is in Glacier or Glacier Deep Archive storage the object will be uploaded rather than copied.
Note that reading this from the object takes an additional HEAD
request as the metadata isn't returned in object listings.
By default rclone will use the modification time of objects stored in S3 for syncing. This is stored in object metadata which unfortunately takes an extra HEAD request to read which can be expensive (in time and money).
The modification time is used by default for all operations that require checking the time a file was last updated. It allows rclone to treat the remote more like a true filesystem, but it is inefficient on S3 because it requires an extra API call to retrieve the metadata.
The extra API calls can be avoided when syncing (using rclone sync
or rclone copy
) in a few different ways, each with its own tradeoffs.
--size-only
rclone sync --size-only /path/to/source s3:bucket
--checksum
rclone sync --checksum /path/to/source s3:bucket
--update --use-server-modtime
--update
along with --use-server-modtime
, avoids the extra API call and uploads files whose local modification time is newer than the time it was last uploaded.rclone sync --update --use-server-modtime /path/to/source s3:bucket
These flags can and should be used in combination with --fast-list
- see below.
If using rclone mount
or any command using the VFS (eg rclone serve
) commands then you might want to consider using the VFS flag --no-modtime
which will stop rclone reading the modification time for every object. You could also use --use-server-modtime
if you are happy with the modification times of the objects being the time of upload.
Rclone's default directory traversal is to process each directory individually. This takes one API call per directory. Using the --fast-list
flag will read all info about the the objects into memory first using a smaller number of API calls (one per 1000 objects). See the rclone docs for more details.
rclone sync --fast-list --checksum /path/to/source s3:bucket
--fast-list
trades off API transactions for memory use. As a rough guide rclone uses 1k of memory per object stored, so using --fast-list
on a sync of a million objects will use roughly 1 GiB of RAM.
If you are only copying a small number of files into a big repository then using --no-traverse
is a good idea. This finds objects directly instead of through directory listings. You can do a "top-up" sync very cheaply by using --max-age
and --no-traverse
to copy only recent files, eg
rclone copy --min-age 24h --no-traverse /path/to/source s3:bucket
You'd then do a full rclone sync
less often.
Note that --fast-list
isn't required in the top-up sync.
By default rclone will HEAD every object it uploads. It does this to check the object got uploaded correctly.
You can disable this with the --s3-no-head option - see there for more details.
Setting this flag increases the chance for undetected upload failures.
For small objects which weren't uploaded as multipart uploads (objects sized below --s3-upload-cutoff
if uploaded with rclone) rclone uses the ETag:
header as an MD5 checksum.
However for objects which were uploaded as multipart uploads or with server side encryption (SSE-AWS or SSE-C) the ETag
header is no longer the MD5 sum of the data, so rclone adds an additional piece of metadata X-Amz-Meta-Md5chksum
which is a base64 encoded MD5 hash (in the same format as is required for Content-MD5
).
For large objects, calculating this hash can take some time so the addition of this hash can be disabled with --s3-disable-checksum
. This will mean that these objects do not have an MD5 checksum.
Note that reading this from the object takes an additional HEAD
request as the metadata isn't returned in object listings.
If you run rclone cleanup s3:bucket
then it will remove all pending multipart uploads older than 24 hours. You can use the -i
flag to see exactly what it will do. If you want more control over the expiry date then run rclone backend cleanup s3:bucket -o max-age=1h
to expire all uploads older than one hour. You can use rclone backend list-multipart-uploads s3:bucket
to see the pending multipart uploads.
S3 allows any valid UTF-8 string as a key.
Invalid UTF-8 bytes will be replaced, as they can't be used in XML.
The following characters are replaced since these are problematic when dealing with the REST API:
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
The encoding will also encode these file names as they don't seem to work with the SDK properly:
File name | Replacement |
---|---|
. | . |
.. | .. |
rclone supports multipart uploads with S3 which means that it can upload files bigger than 5 GiB.
Note that files uploaded both with multipart upload and through crypt remotes do not have MD5 sums.
rclone switches from single part uploads to multipart uploads at the point specified by --s3-upload-cutoff
. This can be a maximum of 5 GiB and a minimum of 0 (ie always upload multipart files).
The chunk sizes used in the multipart upload are specified by --s3-chunk-size
and the number of chunks uploaded concurrently is specified by --s3-upload-concurrency
.
Multipart uploads will use --transfers
* --s3-upload-concurrency
* --s3-chunk-size
extra memory. Single part uploads to not use extra memory.
Single part transfers can be faster than multipart transfers or slower depending on your latency from S3 - the more latency, the more likely single part transfers will be faster.
Increasing --s3-upload-concurrency
will increase throughput (8 would be a sensible value) and increasing --s3-chunk-size
also increases throughput (16M would be sensible). Increasing either of these will use more memory. The default values are high enough to gain most of the possible performance without using too much memory.
With Amazon S3 you can list buckets (rclone lsd
) using any region, but you can only access the content of a bucket from the region it was created in. If you attempt to access a bucket from the wrong region, you will get an error, incorrect region, the bucket is not in 'XXX' region
.
There are a number of ways to supply rclone
with a set of AWS credentials, with and without using the environment.
The different authentication methods are tried in this order:
env_auth = false
in the config file):
access_key_id
and secret_access_key
are required.session_token
can be optionally set when using AWS STS.env_auth = true
in the config file):
rclone
:
AWS_ACCESS_KEY_ID
or AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY
or AWS_SECRET_KEY
AWS_SESSION_TOKEN
(optional)~/.aws/credentials
on unix based systems) file and the "default" profile, to change set these environment variables:
AWS_SHARED_CREDENTIALS_FILE
to control which file.AWS_PROFILE
to control which profile to use.rclone
in an ECS task with an IAM role (AWS only).rclone
on an EC2 instance with an IAM role (AWS only).rclone
in an EKS pod with an IAM role that is associated with a service account (AWS only).If none of these option actually end up providing rclone
with AWS credentials then S3 interaction will be non-authenticated (see below).
When using the sync
subcommand of rclone
the following minimum permissions are required to be available on the bucket being written to:
ListBucket
DeleteObject
GetObject
PutObject
PutObjectACL
When using the lsd
subcommand, the ListAllMyBuckets
permission is required.
Example policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::USER_SID:user/USER_NAME"
},
"Action": [
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME/*",
"arn:aws:s3:::BUCKET_NAME"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
Notes on above:
USER_NAME
has been created.For reference, here's an Ansible script that will generate one or more buckets that will work with rclone sync
.
If you are using server-side encryption with KMS then you must make sure rclone is configured with server_side_encryption = aws:kms
otherwise you will find you can't transfer small objects - these will create checksum errors.
You can upload objects using the glacier storage class or transition them to glacier using a lifecycle policy. The bucket can still be synced or copied into normally, but if rclone tries to access data from the glacier storage class you will see an error like below.
2017/09/11 19:07:43 Failed to sync: failed to open source object: Object in GLACIER, restore first: path/to/file
In this case you need to restore the object(s) in question before using rclone.
Note that rclone only speaks the S3 API it does not speak the Glacier Vault API, so rclone cannot directly access Glacier Vaults.
Here are the standard options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, SeaweedFS, and Tencent COS).
Choose your S3 provider.
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
AWS Access Key ID. Leave blank for anonymous access or runtime credentials.
AWS Secret Access Key (password) Leave blank for anonymous access or runtime credentials.
Region to connect to.
Region to connect to.
Region to connect to. Leave blank if you are using an S3 clone and you don't have a region.
Endpoint for S3 API. Leave blank if using AWS to use the default endpoint for the region.
Endpoint for IBM COS S3 API. Specify if using an IBM COS On Premise.
Endpoint for OSS API.
Endpoint for Scaleway Object Storage.
Endpoint for StackPath Object Storage.
Endpoint for Tencent COS API.
Endpoint for S3 API. Required when using an S3 clone.
Location constraint - must be set to match the Region. Used when creating buckets only.
Location constraint - must match endpoint when using IBM Cloud Public. For on-prem COS, do not make a selection from this list, hit enter
Location constraint - must be set to match the Region. Leave blank if not sure. Used when creating buckets only.
Canned ACL used when creating buckets and storing or copying objects.
This ACL is used for creating objects and if bucket_acl isn't set, for creating buckets too.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when server-side copying objects as S3 doesn't copy the ACL from the source but rather writes a fresh one.
The server-side encryption algorithm used when storing this object in S3.
If using KMS ID you must provide the ARN of Key.
The storage class to use when storing new objects in S3.
The storage class to use when storing new objects in OSS.
The storage class to use when storing new objects in Tencent COS.
The storage class to use when storing new objects in S3.
Here are the advanced options specific to s3 (Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, SeaweedFS, and Tencent COS).
Canned ACL used when creating buckets.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Note that this ACL is applied when only when creating buckets. If it isn't set then "acl" is used instead.
Enables requester pays option when interacting with S3 bucket.
If using SSE-C, the server-side encryption algorithm used when storing this object in S3.
If using SSE-C you must provide the secret encryption key used to encrypt/decrypt your data.
If using SSE-C you may provide the secret encryption key MD5 checksum (optional).
If you leave it blank, this is calculated automatically from the sse_customer_key provided.
Cutoff for switching to chunked upload
Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.
Chunk size to use for uploading.
When uploading files larger than upload_cutoff or files with unknown size (e.g. from "rclone rcat" or uploaded with "rclone mount" or google photos or google docs) they will be uploaded as multipart uploads using this chunk size.
Note that "--s3-upload-concurrency" chunks of this size are buffered in memory per transfer.
If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.
Rclone will automatically increase the chunk size when uploading a large file of known size to stay below the 10,000 chunks limit.
Files of unknown size are uploaded with the configured chunk_size. Since the default chunk size is 5 MiB and there can be at most 10,000 chunks, this means that by default the maximum size of a file you can stream upload is 48 GiB. If you wish to stream upload larger files then you will need to increase chunk_size.
Maximum number of parts in a multipart upload.
This option defines the maximum number of multipart chunks to use when doing a multipart upload.
This can be useful if a service does not support the AWS S3 specification of 10,000 chunks.
Rclone will automatically increase the chunk size when uploading a large file of a known size to stay below this number of chunks limit.
Cutoff for switching to multipart copy
Any files larger than this that need to be server-side copied will be copied in chunks of this size.
The minimum is 0 and the maximum is 5 GiB.
Don't store MD5 checksum with object metadata
Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.
Path to the shared credentials file
If env_auth = true then rclone can use a shared credentials file.
If this variable is empty rclone will look for the "AWS_SHARED_CREDENTIALS_FILE" env variable. If the env value is empty it will default to the current user's home directory.
Linux/OSX: "$HOME/.aws/credentials"
Windows: "%USERPROFILE%\.aws\credentials"
Profile to use in the shared credentials file
If env_auth = true then rclone can use a shared credentials file. This variable controls which profile is used in that file.
If empty it will default to the environment variable "AWS_PROFILE" or "default" if that environment variable is also not set.
An AWS session token
Concurrency for multipart uploads.
This is the number of chunks of the same file that are uploaded concurrently.
If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.
If true use path style access if false use virtual hosted style.
If this is true (the default) then rclone will use path style access, if false then rclone will use virtual path style. See the AWS S3 docs for more info.
Some providers (e.g. AWS, Aliyun OSS, Netease COS, or Tencent COS) require this set to false - rclone will do this automatically based on the provider setting.
If true use v2 authentication.
If this is false (the default) then rclone will use v4 authentication. If it is set then rclone will use v2 authentication.
Use this only if v4 signatures don't work, e.g. pre Jewel/v10 CEPH.
If true use the AWS S3 accelerated endpoint.
See: AWS S3 Transfer acceleration
If true avoid calling abort upload on a failure, leaving all successfully uploaded parts on S3 for manual recovery.
It should be set to true for resuming uploads across different sessions.
WARNING: Storing parts of an incomplete multipart upload counts towards space usage on S3 and will add additional costs if not cleaned up.
Size of listing chunk (response list for each ListObject S3 request).
This option is also known as "MaxKeys", "max-items", or "page-size" from the AWS S3 specification. Most services truncate the response list to 1000 objects even if requested more than that. In AWS S3 this is a global maximum and cannot be changed, see AWS S3. In Ceph, this can be increased with the "rgw list buckets max chunk" option.
If set, don't attempt to check the bucket exists or create it
This can be useful when trying to minimise the number of transactions rclone does if you know the bucket exists already.
It can also be needed if the user you are using does not have bucket creation permissions. Before v1.52.0 this would have passed silently due to a bug.
If set, don't HEAD uploaded objects to check integrity
This can be useful when trying to minimise the number of transactions rclone does.
Setting it means that if rclone receives a 200 OK message after uploading an object with PUT then it will assume that it got uploaded properly.
In particular it will assume:
It reads the following items from the response for a single part PUT:
For multipart uploads these items aren't read.
If an source object of unknown length is uploaded then rclone will do a HEAD request.
Setting this flag increases the chance for undetected upload failures, in particular an incorrect size, so it isn't recommended for normal operation. In practice the chance of an undetected upload failure is very small even with this flag.
If set, don't HEAD objects
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
How often internal memory buffer pools will be flushed. Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.
Whether to use mmap buffers in internal memory pool.
Disable usage of http2 for S3 backends
There is currently an unsolved issue with the s3 (specifically minio) backend and HTTP/2. HTTP/2 is enabled by default for the s3 backend but can be disabled here. When the issue is solved this flag will be removed.
See: https://github.com/rclone/rclone/issues/4673, https://github.com/rclone/rclone/issues/3631
Here are the commands specific to the s3 backend.
Run them with
rclone backend COMMAND remote:
The help below will explain what arguments each command takes.
See the "rclone backend" command for more info on how to pass options and arguments.
These can be run on a running backend using the rc command backend/command.
Restore objects from GLACIER to normal storage
rclone backend restore remote: [options] [<arguments>+]
This command can be used to restore one or more objects from GLACIER to normal storage.
Usage Examples:
rclone backend restore s3:bucket/path/to/object [-o priority=PRIORITY] [-o lifetime=DAYS]
rclone backend restore s3:bucket/path/to/directory [-o priority=PRIORITY] [-o lifetime=DAYS]
rclone backend restore s3:bucket [-o priority=PRIORITY] [-o lifetime=DAYS]
This flag also obeys the filters. Test first with -i/--interactive or --dry-run flags
rclone -i backend restore --include "*.txt" s3:bucket/path -o priority=Standard
All the objects shown will be marked for restore, then
rclone backend restore --include "*.txt" s3:bucket/path -o priority=Standard
It returns a list of status dictionaries with Remote and Status keys. The Status will be OK if it was successful or an error message if not.
[
{
"Status": "OK",
"Path": "test.txt"
},
{
"Status": "OK",
"Path": "test/file4.txt"
}
]
Options:
List the unfinished multipart uploads
rclone backend list-multipart-uploads remote: [options] [<arguments>+]
This command lists the unfinished multipart uploads in JSON format.
rclone backend list-multipart s3:bucket/path/to/object
It returns a dictionary of buckets with values as lists of unfinished multipart uploads.
You can call it with no bucket in which case it lists all bucket, with a bucket or with a bucket and path.
{
"rclone": [
{
"Initiated": "2020-06-26T14:20:36Z",
"Initiator": {
"DisplayName": "XXX",
"ID": "arn:aws:iam::XXX:user/XXX"
},
"Key": "KEY",
"Owner": {
"DisplayName": null,
"ID": "XXX"
},
"StorageClass": "STANDARD",
"UploadId": "XXX"
}
],
"rclone-1000files": [],
"rclone-dst": []
}
Remove unfinished multipart uploads.
rclone backend cleanup remote: [options] [<arguments>+]
This command removes unfinished multipart uploads of age greater than max-age which defaults to 24 hours.
Note that you can use -i/--dry-run with this command to see what it would do.
rclone backend cleanup s3:bucket/path/to/object
rclone backend cleanup -o max-age=7w s3:bucket/path/to/object
Durations are parsed as per the rest of rclone, 2h, 7d, 7w etc.
Options:
If you want to use rclone to access a public bucket, configure with a blank access_key_id
and secret_access_key
. Your config should end up looking like this:
[anons3]
type = s3
provider = AWS
env_auth = false
access_key_id =
secret_access_key =
region = us-east-1
endpoint =
location_constraint =
acl = private
server_side_encryption =
storage_class =
Then use it as normal with the name of the public bucket, e.g.
rclone lsd anons3:1000genomes
You will be able to list and copy data but not upload it.
Ceph is an open source unified, distributed storage system designed for excellent performance, reliability and scalability. It has an S3 compatible object storage interface.
To use rclone with Ceph, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:
[ceph]
type = s3
provider = Ceph
env_auth = false
access_key_id = XXX
secret_access_key = YYY
region =
endpoint = https://ceph.endpoint.example.com
location_constraint =
acl =
server_side_encryption =
storage_class =
If you are using an older version of CEPH, e.g. 10.2.x Jewel, then you may need to supply the parameter --s3-upload-cutoff 0
or put this in the config file as upload_cutoff 0
to work around a bug which causes uploading of small files to fail.
Note also that Ceph sometimes puts /
in the passwords it gives users. If you read the secret access key using the command line tools you will get a JSON blob with the /
escaped as \/
. Make sure you only write /
in the secret access key.
Eg the dump from Ceph looks something like this (irrelevant keys removed).
{
"user_id": "xxx",
"display_name": "xxxx",
"keys": [
{
"user": "xxx",
"access_key": "xxxxxx",
"secret_key": "xxxxxx\/xxxx"
}
],
}
Because this is a json dump, it is encoding the /
as \/
, so if you use the secret key as xxxxxx/xxxx
it will work fine.
Dreamhost DreamObjects is an object storage system based on CEPH.
To use rclone with Dreamhost, configure as above but leave the region blank and set the endpoint. You should end up with something like this in your config:
[dreamobjects]
type = s3
provider = DreamHost
env_auth = false
access_key_id = your_access_key
secret_access_key = your_secret_key
region =
endpoint = objects-us-west-1.dream.io
location_constraint =
acl = private
server_side_encryption =
storage_class =
Spaces is an S3-interoperable object storage service from cloud provider DigitalOcean.
To connect to DigitalOcean Spaces you will need an access key and secret key. These can be retrieved on the "Applications & API" page of the DigitalOcean control panel. They will be needed when prompted by rclone config
for your access_key_id
and secret_access_key
.
When prompted for a region
or location_constraint
, press enter to use the default value. The region must be included in the endpoint
setting (e.g. nyc3.digitaloceanspaces.com
). The default values can be used for other settings.
Going through the whole process of creating a new remote by running rclone config
, each prompt should be answered as shown below:
Storage> s3
env_auth> 1
access_key_id> YOUR_ACCESS_KEY
secret_access_key> YOUR_SECRET_KEY
region>
endpoint> nyc3.digitaloceanspaces.com
location_constraint>
acl>
storage_class>
The resulting configuration file should look like:
[spaces]
type = s3
provider = DigitalOcean
env_auth = false
access_key_id = YOUR_ACCESS_KEY
secret_access_key = YOUR_SECRET_KEY
region =
endpoint = nyc3.digitaloceanspaces.com
location_constraint =
acl =
server_side_encryption =
storage_class =
Once configured, you can create a new Space and begin copying files. For example:
rclone mkdir spaces:my-new-space
rclone copy /path/to/files spaces:my-new-space
Information stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations, and accessed through an implementation of the S3 API. This service makes use of the distributed storage technologies provided by IBM’s Cloud Object Storage System (formerly Cleversafe). For more information visit: (http://www.ibm.com/cloud/object-storage)
To configure access to IBM COS S3, follow the steps below:
2018/02/14 14:13:11 NOTICE: Config file "C:\\Users\\a\\.config\\rclone\\rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> <YOUR NAME>
Choose a number from below, or type in your own value
1 / Alias for an existing remote
\ "alias"
2 / Amazon Drive
\ "amazon cloud drive"
3 / Amazon S3 Complaint Storage Providers (Dreamhost, Ceph, Minio, IBM COS)
\ "s3"
4 / Backblaze B2
\ "b2"
[snip]
23 / http Connection
\ "http"
Storage> 3
Choose the S3 provider.
Choose a number from below, or type in your own value
1 / Choose this option to configure Storage to AWS S3
\ "AWS"
2 / Choose this option to configure Storage to Ceph Systems
\ "Ceph"
3 / Choose this option to configure Storage to Dreamhost
\ "Dreamhost"
4 / Choose this option to the configure Storage to IBM COS S3
\ "IBMCOS"
5 / Choose this option to the configure Storage to Minio
\ "Minio"
Provider>4
AWS Access Key ID - leave blank for anonymous access or runtime credentials.
access_key_id> <>
AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
secret_access_key> <>
Endpoint for IBM COS S3 API.
Specify if using an IBM COS On Premise.
Choose a number from below, or type in your own value
1 / US Cross Region Endpoint
\ "s3-api.us-geo.objectstorage.softlayer.net"
2 / US Cross Region Dallas Endpoint
\ "s3-api.dal.us-geo.objectstorage.softlayer.net"
3 / US Cross Region Washington DC Endpoint
\ "s3-api.wdc-us-geo.objectstorage.softlayer.net"
4 / US Cross Region San Jose Endpoint
\ "s3-api.sjc-us-geo.objectstorage.softlayer.net"
5 / US Cross Region Private Endpoint
\ "s3-api.us-geo.objectstorage.service.networklayer.com"
6 / US Cross Region Dallas Private Endpoint
\ "s3-api.dal-us-geo.objectstorage.service.networklayer.com"
7 / US Cross Region Washington DC Private Endpoint
\ "s3-api.wdc-us-geo.objectstorage.service.networklayer.com"
8 / US Cross Region San Jose Private Endpoint
\ "s3-api.sjc-us-geo.objectstorage.service.networklayer.com"
9 / US Region East Endpoint
\ "s3.us-east.objectstorage.softlayer.net"
10 / US Region East Private Endpoint
\ "s3.us-east.objectstorage.service.networklayer.com"
11 / US Region South Endpoint
[snip]
34 / Toronto Single Site Private Endpoint
\ "s3.tor01.objectstorage.service.networklayer.com"
endpoint>1
1 / US Cross Region Standard
\ "us-standard"
2 / US Cross Region Vault
\ "us-vault"
3 / US Cross Region Cold
\ "us-cold"
4 / US Cross Region Flex
\ "us-flex"
5 / US East Region Standard
\ "us-east-standard"
6 / US East Region Vault
\ "us-east-vault"
7 / US East Region Cold
\ "us-east-cold"
8 / US East Region Flex
\ "us-east-flex"
9 / US South Region Standard
\ "us-south-standard"
10 / US South Region Vault
\ "us-south-vault"
[snip]
32 / Toronto Flex
\ "tor01-flex"
location_constraint>1
Canned ACL used when creating buckets and/or storing objects in S3.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default). This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise COS
\ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access. This acl is available on IBM Cloud (Infra), IBM Cloud (Storage), On-Premise IBM COS
\ "public-read"
3 / Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access. This acl is available on IBM Cloud (Infra), On-Premise IBM COS
\ "public-read-write"
4 / Owner gets FULL_CONTROL. The AuthenticatedUsers group gets READ access. Not supported on Buckets. This acl is available on IBM Cloud (Infra) and On-Premise IBM COS
\ "authenticated-read"
acl> 1
[xxx]
type = s3
Provider = IBMCOS
access_key_id = xxx
secret_access_key = yyy
endpoint = s3-api.us-geo.objectstorage.softlayer.net
location_constraint = us-standard
acl = private
1) Create a bucket.
rclone mkdir IBM-COS-XREGION:newbucket
2) List available buckets.
rclone lsd IBM-COS-XREGION:
-1 2017-11-08 21:16:22 -1 test
-1 2018-02-14 20:16:39 -1 newbucket
3) List contents of a bucket.
rclone ls IBM-COS-XREGION:newbucket
18685952 test.exe
4) Copy a file from local to remote.
rclone copy /Users/file.txt IBM-COS-XREGION:newbucket
5) Copy a file from remote to local.
rclone copy IBM-COS-XREGION:newbucket/file.txt .
6) Delete a file on remote.
rclone delete IBM-COS-XREGION:newbucket/file.txt
Minio is an object storage server built for cloud application developers and devops.
It is very easy to install and provides an S3 compatible server which can be used by rclone.
To use it, install Minio following the instructions here.
When it configures itself Minio will print something like this
Endpoint: http://192.168.1.106:9000 http://172.23.0.1:9000
AccessKey: USWUXHGYZQYFYFFIT3RE
SecretKey: MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
Region: us-east-1
SQS ARNs: arn:minio:sqs:us-east-1:1:redis arn:minio:sqs:us-east-1:2:redis
Browser Access:
http://192.168.1.106:9000 http://172.23.0.1:9000
Command-line Access: https://docs.minio.io/docs/minio-client-quickstart-guide
$ mc config host add myminio http://192.168.1.106:9000 USWUXHGYZQYFYFFIT3RE MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
Object API (Amazon S3 compatible):
Go: https://docs.minio.io/docs/golang-client-quickstart-guide
Java: https://docs.minio.io/docs/java-client-quickstart-guide
Python: https://docs.minio.io/docs/python-client-quickstart-guide
JavaScript: https://docs.minio.io/docs/javascript-client-quickstart-guide
.NET: https://docs.minio.io/docs/dotnet-client-quickstart-guide
Drive Capacity: 26 GiB Free, 165 GiB Total
These details need to go into rclone config
like this. Note that it is important to put the region in as stated above.
env_auth> 1
access_key_id> USWUXHGYZQYFYFFIT3RE
secret_access_key> MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
region> us-east-1
endpoint> http://192.168.1.106:9000
location_constraint>
server_side_encryption>
Which makes the config file look like this
[minio]
type = s3
provider = Minio
env_auth = false
access_key_id = USWUXHGYZQYFYFFIT3RE
secret_access_key = MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03
region = us-east-1
endpoint = http://192.168.1.106:9000
location_constraint =
server_side_encryption =
So once set up, for example to copy files into a bucket
rclone copy /path/to/files minio:bucket
Scaleway The Object Storage platform allows you to store anything from backups, logs and web assets to documents and photos. Files can be dropped from the Scaleway console or transferred through our API and CLI or using any S3-compatible tool.
Scaleway provides an S3 interface which can be configured for use with rclone like this:
[scaleway]
type = s3
provider = Scaleway
env_auth = false
endpoint = s3.nl-ams.scw.cloud
access_key_id = SCWXXXXXXXXXXXXXX
secret_access_key = 1111111-2222-3333-44444-55555555555555
region = nl-ams
location_constraint =
acl = private
server_side_encryption =
storage_class =
SeaweedFS is a distributed storage system for blobs, objects, files, and data lake, with O(1) disk seek and a scalable file metadata store. It has an S3 compatible object storage interface.
Assuming the SeaweedFS are configured with weed shell
as such:
> s3.bucket.create -name foo
> s3.configure -access_key=any -secret_key=any -buckets=foo -user=me -actions=Read,Write,List,Tagging,Admin -apply
{
"identities": [
{
"name": "me",
"credentials": [
{
"accessKey": "any",
"secretKey": "any"
}
],
"actions": [
"Read:foo",
"Write:foo",
"List:foo",
"Tagging:foo",
"Admin:foo"
]
}
]
}
To use rclone with SeaweedFS, above configuration should end up with something like this in your config:
[seaweedfs_s3]
type = s3
provider = SeaweedFS
access_key_id = any
secret_access_key = any
endpoint = localhost:8333
So once set up, for example to copy files into a bucket
rclone copy /path/to/files seaweedfs_s3:foo
Wasabi is a cloud-based object storage service for a broad range of applications and use cases. Wasabi is designed for individuals and organizations that require a high-performance, reliable, and secure data storage infrastructure at minimal cost.
Wasabi provides an S3 interface which can be configured for use with rclone like this.
No remotes found - make a new one
n) New remote
s) Set configuration password
n/s> n
name> wasabi
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Amazon S3 (also Dreamhost, Ceph, Minio)
\ "s3"
[snip]
Storage> s3
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars). Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own value
1 / Enter AWS credentials in the next step
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM)
\ "true"
env_auth> 1
AWS Access Key ID - leave blank for anonymous access or runtime credentials.
access_key_id> YOURACCESSKEY
AWS Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
secret_access_key> YOURSECRETACCESSKEY
Region to connect to.
Choose a number from below, or type in your own value
/ The default endpoint - a good choice if you are unsure.
1 | US Region, Northern Virginia, or Pacific Northwest.
| Leave location constraint empty.
\ "us-east-1"
[snip]
region> us-east-1
Endpoint for S3 API.
Leave blank if using AWS to use the default endpoint for the region.
Specify if using an S3 clone such as Ceph.
endpoint> s3.wasabisys.com
Location constraint - must be set to match the Region. Used when creating buckets only.
Choose a number from below, or type in your own value
1 / Empty for US Region, Northern Virginia, or Pacific Northwest.
\ ""
[snip]
location_constraint>
Canned ACL used when creating buckets and/or storing objects in S3.
For more info visit https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default).
\ "private"
[snip]
acl>
The server-side encryption algorithm used when storing this object in S3.
Choose a number from below, or type in your own value
1 / None
\ ""
2 / AES256
\ "AES256"
server_side_encryption>
The storage class to use when storing objects in S3.
Choose a number from below, or type in your own value
1 / Default
\ ""
2 / Standard storage class
\ "STANDARD"
3 / Reduced redundancy storage class
\ "REDUCED_REDUNDANCY"
4 / Standard Infrequent Access storage class
\ "STANDARD_IA"
storage_class>
Remote config
--------------------
[wasabi]
env_auth = false
access_key_id = YOURACCESSKEY
secret_access_key = YOURSECRETACCESSKEY
region = us-east-1
endpoint = s3.wasabisys.com
location_constraint =
acl =
server_side_encryption =
storage_class =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This will leave the config file looking like this.
[wasabi]
type = s3
provider = Wasabi
env_auth = false
access_key_id = YOURACCESSKEY
secret_access_key = YOURSECRETACCESSKEY
region =
endpoint = s3.wasabisys.com
location_constraint =
acl =
server_side_encryption =
storage_class =
Here is an example of making an Alibaba Cloud (Aliyun) OSS configuration. First run:
rclone config
This will guide you through an interactive setup process.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> oss
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, and Tencent COS
\ "s3"
[snip]
Storage> s3
Choose your S3 provider.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
\ "AWS"
2 / Alibaba Cloud Object Storage System (OSS) formerly Aliyun
\ "Alibaba"
3 / Ceph Object Storage
\ "Ceph"
[snip]
provider> Alibaba
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value
1 / Enter AWS credentials in the next step
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM)
\ "true"
env_auth> 1
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id> accesskeyid
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key> secretaccesskey
Endpoint for OSS API.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / East China 1 (Hangzhou)
\ "oss-cn-hangzhou.aliyuncs.com"
2 / East China 2 (Shanghai)
\ "oss-cn-shanghai.aliyuncs.com"
3 / North China 1 (Qingdao)
\ "oss-cn-qingdao.aliyuncs.com"
[snip]
endpoint> 1
Canned ACL used when creating buckets and storing or copying objects.
Note that this ACL is applied when server-side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Owner gets FULL_CONTROL. No one else has access rights (default).
\ "private"
2 / Owner gets FULL_CONTROL. The AllUsers group gets READ access.
\ "public-read"
/ Owner gets FULL_CONTROL. The AllUsers group gets READ and WRITE access.
[snip]
acl> 1
The storage class to use when storing new objects in OSS.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Default
\ ""
2 / Standard storage class
\ "STANDARD"
3 / Archive storage mode.
\ "GLACIER"
4 / Infrequent access storage mode.
\ "STANDARD_IA"
storage_class> 1
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[oss]
type = s3
provider = Alibaba
env_auth = false
access_key_id = accesskeyid
secret_access_key = secretaccesskey
endpoint = oss-cn-hangzhou.aliyuncs.com
acl = private
storage_class = Standard
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Tencent Cloud Object Storage (COS) is a distributed storage service offered by Tencent Cloud for unstructured data. It is secure, stable, massive, convenient, low-delay and low-cost.
To configure access to Tencent COS, follow the steps below:
rclone config
and select n
for a new remote.rclone config
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> cos
s3
storage.Choose a number from below, or type in your own value
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Providers including AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, and Tencent COS
\ "s3"
[snip]
Storage> s3
TencentCOS
provider.Choose a number from below, or type in your own value
1 / Amazon Web Services (AWS) S3
\ "AWS"
[snip]
11 / Tencent Cloud Object Storage (COS)
\ "TencentCOS"
[snip]
provider> TencentCOS
Get AWS credentials from runtime (environment variables or EC2/ECS meta data if no env vars).
Only applies if access_key_id and secret_access_key is blank.
Enter a boolean value (true or false). Press Enter for the default ("false").
Choose a number from below, or type in your own value
1 / Enter AWS credentials in the next step
\ "false"
2 / Get AWS credentials from the environment (env vars or IAM)
\ "true"
env_auth> 1
AWS Access Key ID.
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
access_key_id> AKIDxxxxxxxxxx
AWS Secret Access Key (password)
Leave blank for anonymous access or runtime credentials.
Enter a string value. Press Enter for the default ("").
secret_access_key> xxxxxxxxxxx
1 / Beijing Region.
\ "cos.ap-beijing.myqcloud.com"
2 / Nanjing Region.
\ "cos.ap-nanjing.myqcloud.com"
3 / Shanghai Region.
\ "cos.ap-shanghai.myqcloud.com"
4 / Guangzhou Region.
\ "cos.ap-guangzhou.myqcloud.com"
[snip]
endpoint> 4
Note that this ACL is applied when server-side copying objects as S3
doesn't copy the ACL from the source but rather writes a fresh one.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Owner gets Full_CONTROL. No one else has access rights (default).
\ "default"
[snip]
acl> 1
The storage class to use when storing new objects in Tencent COS.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Default
\ ""
[snip]
storage_class> 1
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[cos]
type = s3
provider = TencentCOS
env_auth = false
access_key_id = xxx
secret_access_key = xxx
endpoint = cos.ap-guangzhou.myqcloud.com
acl = default
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
cos s3
For Netease NOS configure as per the configurator rclone config
setting the provider Netease
. This will automatically set force_path_style = false
which is necessary for it to run properly.
rclone about
is not supported by the S3 backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
B2 is Backblaze's cloud storage system.
Paths are specified as remote:bucket
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir
.
Here is an example of making a b2 configuration. First run
rclone config
This will guide you through an interactive setup process. To authenticate you will either need your Account ID (a short hex number) and Master Application Key (a long hex number) OR an Application Key, which is the recommended method. See below for further details on generating and using an Application Key.
No remotes found - make a new one
n) New remote
q) Quit config
n/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Backblaze B2
\ "b2"
[snip]
Storage> b2
Account ID or Application Key ID
account> 123456789abc
Application Key
key> 0123456789abcdef0123456789abcdef0123456789
Endpoint for the service - leave blank normally.
endpoint>
Remote config
--------------------
[remote]
account = 123456789abc
key = 0123456789abcdef0123456789abcdef0123456789
endpoint =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote is called remote
and can now be used like this
See all buckets
rclone lsd remote:
Create a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync /home/local/directory
to the remote bucket, deleting any excess files in the bucket.
rclone sync -i /home/local/directory remote:bucket
B2 supports multiple Application Keys for different access permission to B2 Buckets.
You can use these with rclone too; you will need to use rclone version 1.43 or later.
Follow Backblaze's docs to create an Application Key with the required permission and add the applicationKeyId
as the account
and the Application Key
itself as the key
.
Note that you must put the applicationKeyId as the account
– you can't use the master Account ID. If you try then B2 will return 401 errors.
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
The modified time is stored as metadata on the object as X-Bz-Info-src_last_modified_millis
as milliseconds since 1970-01-01 in the Backblaze standard. Other tools should be able to use this as a modified time.
Modified times are used in syncing and are fully supported. Note that if a modification time needs to be updated on an object then it will create a new version of the object.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Note that in 2020-05 Backblaze started allowing characters in file names. Rclone hasn't changed its encoding as this could cause syncs to re-transfer files. If you want rclone not to replace then see the --b2-encoding
flag below and remove the BackSlash
from the string. This can be set in the config.
The SHA1 checksums of the files are checked on upload and download and will be used in the syncing process.
Large files (bigger than the limit in --b2-upload-cutoff
) which are uploaded in chunks will store their SHA1 on the object as X-Bz-Info-large_file_sha1
as recommended by Backblaze.
For a large file to be uploaded with an SHA1 checksum, the source needs to support SHA1 checksums. The local disk supports SHA1 checksums so large file transfers from local disk will have an SHA1. See the overview for exactly which remotes support SHA1.
Sources which don't support SHA1, in particular crypt
will upload large files without SHA1 checksums. This may be fixed in the future (see #1767).
Files sizes below --b2-upload-cutoff
will always have an SHA1 regardless of the source.
Backblaze recommends that you do lots of transfers simultaneously for maximum speed. In tests from my SSD equipped laptop the optimum setting is about --transfers 32
though higher numbers may be used for a slight speed improvement. The optimum number for you may vary depending on your hardware, how big the files are, how much you want to load your computer, etc. The default of --transfers 4
is definitely too low for Backblaze B2 though.
Note that uploading big files (bigger than 200 MiB by default) will use a 96 MiB RAM buffer by default. There can be at most --transfers
of these in use at any moment, so this sets the upper limit on the memory used.
When rclone uploads a new version of a file it creates a new version of it. Likewise when you delete a file, the old version will be marked hidden and still be available. Conversely, you may opt in to a "hard delete" of files with the --b2-hard-delete
flag which would permanently remove the file instead of hiding it.
Old versions of files, where available, are visible using the --b2-versions
flag.
If you wish to remove all the old versions then you can use the rclone cleanup remote:bucket
command which will delete all the old versions of files, leaving the current ones intact. You can also supply a path and only old versions under that path will be deleted, e.g. rclone cleanup remote:bucket/path/to/stuff
.
Note that cleanup
will remove partially uploaded files from the bucket if they are more than a day old.
When you purge
a bucket, the current and the old versions will be deleted then the bucket will be deleted.
However delete
will cause the current versions of the files to become hidden old versions.
Here is a session showing the listing and retrieval of an old version followed by a cleanup
of the old versions.
Show current version and all the versions with --b2-versions
flag.
$ rclone -q ls b2:cleanup-test
9 one.txt
$ rclone -q --b2-versions ls b2:cleanup-test
9 one.txt
8 one-v2016-07-04-141032-000.txt
16 one-v2016-07-04-141003-000.txt
15 one-v2016-07-02-155621-000.txt
Retrieve an old version
$ rclone -q --b2-versions copy b2:cleanup-test/one-v2016-07-04-141003-000.txt /tmp
$ ls -l /tmp/one-v2016-07-04-141003-000.txt
-rw-rw-r-- 1 ncw ncw 16 Jul 2 17:46 /tmp/one-v2016-07-04-141003-000.txt
Clean up all the old versions and show that they've gone.
$ rclone -q cleanup b2:cleanup-test
$ rclone -q ls b2:cleanup-test
9 one.txt
$ rclone -q --b2-versions ls b2:cleanup-test
9 one.txt
It is useful to know how many requests are sent to the server in different scenarios.
All copy commands send the following 4 requests:
/b2api/v1/b2_authorize_account
/b2api/v1/b2_create_bucket
/b2api/v1/b2_list_buckets
/b2api/v1/b2_list_file_names
The b2_list_file_names
request will be sent once for every 1k files in the remote path, providing the checksum and modification time of the listed files. As of version 1.33 issue #818 causes extra requests to be sent when using B2 with Crypt. When a copy operation does not require any files to be uploaded, no more requests will be sent.
Uploading files that do not require chunking, will send 2 requests per file upload:
/b2api/v1/b2_get_upload_url
/b2api/v1/b2_upload_file/
Uploading files requiring chunking, will send 2 requests (one each to start and finish the upload) and another 2 requests for each chunk:
/b2api/v1/b2_start_large_file
/b2api/v1/b2_get_upload_part_url
/b2api/v1/b2_upload_part/
/b2api/v1/b2_finish_large_file
Versions can be viewed with the --b2-versions
flag. When it is set rclone will show and act on older versions of files. For example
Listing without --b2-versions
$ rclone -q ls b2:cleanup-test
9 one.txt
And with
$ rclone -q --b2-versions ls b2:cleanup-test
9 one.txt
8 one-v2016-07-04-141032-000.txt
16 one-v2016-07-04-141003-000.txt
15 one-v2016-07-02-155621-000.txt
Showing that the current version is unchanged but older versions can be seen. These have the UTC date that they were uploaded to the server to the nearest millisecond appended to them.
Note that when using --b2-versions
no file write operations are permitted, so you can't upload files or delete them.
Rclone supports generating file share links for private B2 buckets. They can either be for a file for example:
./rclone link B2:bucket/path/to/file.txt
https://f002.backblazeb2.com/file/bucket/path/to/file.txt?Authorization=xxxxxxxx
or if run on a directory you will get:
./rclone link B2:bucket/path
https://f002.backblazeb2.com/file/bucket/path?Authorization=xxxxxxxx
you can then use the authorization token (the part of the url from the ?Authorization=
on) on any file path under that directory. For example:
https://f002.backblazeb2.com/file/bucket/path/to/file1?Authorization=xxxxxxxx
https://f002.backblazeb2.com/file/bucket/path/file2?Authorization=xxxxxxxx
https://f002.backblazeb2.com/file/bucket/path/folder/file3?Authorization=xxxxxxxx
Here are the standard options specific to b2 (Backblaze B2).
Account ID or Application Key ID
Application Key
Permanently delete files on remote removal, otherwise hide files.
Here are the advanced options specific to b2 (Backblaze B2).
Endpoint for the service. Leave blank normally.
A flag string for X-Bz-Test-Mode header for debugging.
This is for debugging purposes only. Setting it to one of the strings below will cause b2 to return specific errors:
These will be set in the "X-Bz-Test-Mode" header which is documented in the b2 integrations checklist.
Include old versions in directory listings. Note that when using this no file write operations are permitted, so you can't upload files or delete them.
Cutoff for switching to chunked upload.
Files above this size will be uploaded in chunks of "--b2-chunk-size".
This value should be set no larger than 4.657 GiB (== 5 GB).
Cutoff for switching to multipart copy
Any files larger than this that need to be server-side copied will be copied in chunks of this size.
The minimum is 0 and the maximum is 4.6 GiB.
Upload chunk size. Must fit in memory.
When uploading large files, chunk the file into this size. Note that these chunks are buffered in memory and there might a maximum of "--transfers" chunks in progress at once. 5,000,000 Bytes is the minimum size.
Disable checksums for large (> upload cutoff) files
Normally rclone will calculate the SHA1 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.
Custom endpoint for downloads.
This is usually set to a Cloudflare CDN URL as Backblaze offers free egress for data downloaded through the Cloudflare network. Rclone works with private buckets by sending an "Authorization" header. If the custom endpoint rewrites the requests for authentication, e.g., in Cloudflare Workers, this header needs to be handled properly. Leave blank if you want to use the endpoint provided by Backblaze.
Time before the authorization token will expire in s or suffix ms|s|m|h|d.
The duration before the download authorization token will expire. The minimum value is 1 second. The maximum value is one week.
How often internal memory buffer pools will be flushed. Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.
Whether to use mmap buffers in internal memory pool.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the B2 backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for Box involves getting a token from Box which you can do either in your browser, or with a config.json downloaded from Box to use JWT authentication. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Box
\ "box"
[snip]
Storage> box
Box App Client Id - leave blank normally.
client_id>
Box App Client Secret - leave blank normally.
client_secret>
Box App config.json location
Leave blank normally.
Enter a string value. Press Enter for the default ("").
box_config_file>
Box App Primary Access Token
Leave blank normally.
Enter a string value. Press Enter for the default ("").
access_token>
Enter a string value. Press Enter for the default ("user").
Choose a number from below, or type in your own value
1 / Rclone should act on behalf of a user
\ "user"
2 / Rclone should act on behalf of a service account
\ "enterprise"
box_sub_type>
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id =
client_secret =
token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"XXX"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Box. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your Box
rclone lsd remote:
List all the files in your Box
rclone ls remote:
To copy a local directory to an Box directory called backup
rclone copy /home/source remote:backup
If you have an "Enterprise" account type with Box with single sign on (SSO), you need to create a password to use Box with rclone. This can be done at your Enterprise Box account by going to Settings, "Account" Tab, and then set the password in the "Authentication" field.
Once you have done this, you can setup your Enterprise Box account using the same procedure detailed above in the, using the password you have just set.
According to the box docs:
Each refresh_token is valid for one use in 60 days.
This means that if you
then rclone will return an error which includes the text Invalid refresh token
.
To fix this you will need to use oauth2 again to update the refresh token. You can use the methods in the remote setup docs, bearing in mind that if you use the copy the config file method, you should not use that remote on the computer you did the authentication on.
Here is how to do it.
$ rclone config
Current remotes:
Name Type
==== ====
remote box
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> e
Choose a number from below, or type in an existing value
1 > remote
remote> remote
--------------------
[remote]
type = box
token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2017-07-08T23:40:08.059167677+01:00"}
--------------------
Edit remote
Value "client_id" = ""
Edit? (y/n)>
y) Yes
n) No
y/n> n
Value "client_secret" = ""
Edit? (y/n)>
y) Yes
n) No
y/n> n
Remote config
Already have a token - refresh?
y) Yes
n) No
y/n> y
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
type = box
token = {"access_token":"YYY","token_type":"bearer","refresh_token":"YYY","expiry":"2017-07-23T12:22:29.259137901+01:00"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Box allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.
Box supports SHA1 type hashes, so you can use the --checksum
flag.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
File names can also not end with the following characters. These only get replaced if they are the last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
For files above 50 MiB rclone will use a chunked transfer. Rclone will upload up to --transfers
chunks at the same time (shared among all the multipart uploads). Chunks are buffered in memory and are normally 8 MiB so increasing --transfers
will increase memory use.
Depending on the enterprise settings for your user, the item will either be actually deleted from Box or moved to the trash.
Emptying the trash is supported via the rclone however cleanup command however this deletes every trashed file and folder individually so it may take a very long time. Emptying the trash via the WebUI does not have this limitation so it is advised to empty the trash via the WebUI.
You can set the root_folder_id
for rclone. This is the directory (identified by its Folder ID
) that rclone considers to be the root of your Box drive.
Normally you will leave this blank and rclone will determine the correct root to use itself.
However you can set this to restrict rclone to a specific folder hierarchy.
In order to do this you will have to find the Folder ID
of the directory you wish rclone to display. This will be the last segment of the URL when you open the relevant folder in the Box web interface.
So if the folder you want rclone to use has a URL which looks like https://app.box.com/folder/11xxxxxxxxx8
in the browser, then you use 11xxxxxxxxx8
as the root_folder_id
in the config.
Here are the standard options specific to box (Box).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Box App config.json location Leave blank normally.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
Box App Primary Access Token Leave blank normally.
Here are the advanced options specific to box (Box).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Fill in for rclone to use a non root folder as its starting point.
Cutoff for switching to multipart upload (>= 50 MiB).
Max number of times to try committing a multipart file.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that Box is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
Box file names can't have the \
character in. rclone maps this to and from an identical looking unicode equivalent \
(U+FF3C Fullwidth Reverse Solidus).
Box only supports filenames up to 255 characters in length.
rclone about
is not supported by the Box backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
The cache
remote wraps another existing remote and stores file structure and its data for long running tasks like rclone mount
.
The cache backend code is working but it currently doesn't have a maintainer so there are outstanding bugs which aren't getting fixed.
The cache backend is due to be phased out in favour of the VFS caching layer eventually which is more tightly integrated into rclone.
Until this happens we recommend only using the cache backend if you find you can't work without it. There are many docs online describing the use of the cache backend to minimize API hits and by-and-large these are out of date and the cache backend isn't needed in those scenarios any more.
To get started you just need to have an existing remote which can be configured with cache
.
Here is an example of how to make a remote called test-cache
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
n/r/c/s/q> n
name> test-cache
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Cache a remote
\ "cache"
[snip]
Storage> cache
Remote to cache.
Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
"myremote:bucket" or maybe "myremote:" (not recommended).
remote> local:/test
Optional: The URL of the Plex server
plex_url> http://127.0.0.1:32400
Optional: The username of the Plex user
plex_username> dummyusername
Optional: The password of the Plex user
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank
y/g/n> y
Enter the password:
password:
Confirm the password:
password:
The size of a chunk. Lower value good for slow connections but can affect seamless reading.
Default: 5M
Choose a number from below, or type in your own value
1 / 1 MiB
\ "1M"
2 / 5 MiB
\ "5M"
3 / 10 MiB
\ "10M"
chunk_size> 2
How much time should object info (file size, file hashes, etc.) be stored in cache. Use a very high value if you don't plan on changing the source FS from outside the cache.
Accepted units are: "s", "m", "h".
Default: 5m
Choose a number from below, or type in your own value
1 / 1 hour
\ "1h"
2 / 24 hours
\ "24h"
3 / 24 hours
\ "48h"
info_age> 2
The maximum size of stored chunks. When the storage grows beyond this size, the oldest chunks will be deleted.
Default: 10G
Choose a number from below, or type in your own value
1 / 500 MiB
\ "500M"
2 / 1 GiB
\ "1G"
3 / 10 GiB
\ "10G"
chunk_total_size> 3
Remote config
--------------------
[test-cache]
remote = local:/test
plex_url = http://127.0.0.1:32400
plex_username = dummyusername
plex_password = *** ENCRYPTED ***
chunk_size = 5M
info_age = 48h
chunk_total_size = 10G
You can then use it like this,
List directories in top level of your drive
rclone lsd test-cache:
List all the files in your drive
rclone ls test-cache:
To start a cached mount
rclone mount --allow-other test-cache: /var/tmp/test-cache
In an effort to make writing through cache more reliable, the backend now supports this feature which can be activated by specifying a cache-tmp-upload-path
.
A files goes through these states when using this feature:
cache-tmp-wait-time
passes and the file is next in line, rclone move
is used to move the file to the cloud providercache
when it's actually deleted from the temporary path then cache
will simply swap the source to the cloud provider without interrupting the reading (small blip can happen though)Files are uploaded in sequence and only one file is uploaded at a time. Uploads will be stored in a queue and be processed based on the order they were added. The queue and the temporary storage is persistent across restarts but can be cleared on startup with the --cache-db-purge
flag.
Writes are supported through cache
. One caveat is that a mounted cache remote does not add any retry or fallback mechanism to the upload operation. This will depend on the implementation of the wrapped remote. Consider using Offline uploading
for reliable writes.
One special case is covered with cache-writes
which will cache the file data at the same time as the upload when it is enabled making it available from the cache store immediately once the upload is finished.
To counter the high latency between a local PC where rclone is running and cloud providers, the cache remote can split multiple requests to the cloud provider for smaller file chunks and combines them together locally where they can be available almost immediately before the reader usually needs them.
This is similar to buffering when media files are played online. Rclone will stay around the current marker but always try its best to stay ahead and prepare the data before.
There is a direct integration with Plex which allows cache to detect during reading if the file is in playback or not. This helps cache to adapt how it queries the cloud provider depending on what is needed for.
Scans will have a minimum amount of workers (1) while in a confirmed playback cache will deploy the configured number of workers.
This integration opens the doorway to additional performance improvements which will be explored in the near future.
Note: If Plex options are not configured, cache
will function with its configured options without adapting any of its settings.
How to enable? Run rclone config
and add all the Plex options (endpoint, username and password) in your remote and it will be automatically enabled.
Affected settings: - cache-workers
: Configured value during confirmed playback or 1 all the other times
When the Plex server is configured to only accept secure connections, it is possible to use .plex.direct
URLs to ensure certificate validation succeeds. These URLs are used by Plex internally to connect to the Plex server securely.
The format for these URLs is the following:
https://ip-with-dots-replaced.server-hash.plex.direct:32400/
The ip-with-dots-replaced
part can be any IPv4 address, where the dots have been replaced with dashes, e.g. 127.0.0.1
becomes 127-0-0-1
.
To get the server-hash
part, the easiest way is to visit
https://plex.tv/api/resources?includeHttps=1&X-Plex-Token=your-plex-token
This page will list all the available Plex servers for your account with at least one .plex.direct
link for each. Copy one URL and replace the IP address with the desired address. This can be used as the plex_url
value.
--dir-cache-time controls the first layer of directory caching which works at the mount layer. Being an independent caching mechanism from the cache
backend, it will manage its own entries based on the configured time.
To avoid getting in a scenario where dir cache has obsolete data and cache would have the correct one, try to set --dir-cache-time
to a lower time than --cache-info-age
. Default values are already configured in this way.
There are a couple of issues with Windows mount
functionality that still require some investigations. It should be considered as experimental thus far as fixes come in for this OS.
Most of the issues seem to be related to the difference between filesystems on Linux flavors and Windows as cache is heavily dependent on them.
Any reports or feedback on how cache behaves on this OS is greatly appreciated.
Future iterations of the cache backend will make use of the pooling functionality of the cloud provider to synchronize and at the same time make writing through it more tolerant to failures.
There are a couple of enhancements in track to add these but in the meantime there is a valid concern that the expiring cache listings can lead to cloud provider throttles or bans due to repeated queries on it for very large mounts.
Some recommendations: - don't use a very small interval for entry information (--cache-info-age
) - while writes aren't yet optimised, you can still write through cache
which gives you the advantage of adding the file in the cache at the same time if configured to do so.
Future enhancements:
One common scenario is to keep your data encrypted in the cloud provider using the crypt
remote. crypt
uses a similar technique to wrap around an existing remote and handles this translation in a seamless way.
There is an issue with wrapping the remotes in this order: cloud remote -> crypt -> cache
During testing, I experienced a lot of bans with the remotes in this order. I suspect it might be related to how crypt opens files on the cloud provider which makes it think we're downloading the full file instead of small chunks. Organizing the remotes in this order yields better results: cloud remote -> cache -> crypt
cache
can not differentiate between relative and absolute paths for the wrapped remote. Any path given in the remote
config setting and on the command line will be passed to the wrapped remote as is, but for storing the chunks on disk the path will be made relative by removing any leading /
character.
This behavior is irrelevant for most backend types, but there are backends where a leading /
changes the effective directory, e.g. in the sftp
backend paths starting with a /
are relative to the root of the SSH server and paths without are relative to the user home directory. As a result sftp:bin
and sftp:/bin
will share the same cache folder, even if they represent a different directory on the SSH server.
Cache supports the new --rc
mode in rclone and can be remote controlled through the following end points: By default, the listener is disabled if you do not add the flag.
Purge a remote from the cache backend. Supports either a directory or a file. It supports both encrypted and unencrypted file names if cache is wrapped by crypt.
Params: - remote = path to remote (required) - withData = true/false to delete cached data (chunks) as well (optional, false by default)
Here are the standard options specific to cache (Cache a remote).
Remote to cache. Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).
The URL of the Plex server
The username of the Plex user
The password of the Plex user
NB Input to this must be obscured - see rclone obscure.
The size of a chunk (partial file data).
Use lower numbers for slower connections. If the chunk size is changed, any downloaded chunks will be invalid and cache-chunk-path will need to be cleared or unexpected EOF errors will occur.
How long to cache file structure information (directory listings, file size, times, etc.). If all write operations are done through the cache then you can safely make this value very large as the cache store will also be updated in real time.
The total size that the chunks can take up on the local disk.
If the cache exceeds this value then it will start to delete the oldest chunks until it goes under this value.
Here are the advanced options specific to cache (Cache a remote).
The plex token for authentication - auto set normally
Skip all certificate verification when connecting to the Plex server
Directory to store file structure metadata DB. The remote name is used as the DB file name.
Directory to cache chunk files.
Path to where partial file data (chunks) are stored locally. The remote name is appended to the final path.
This config follows the "--cache-db-path". If you specify a custom location for "--cache-db-path" and don't specify one for "--cache-chunk-path" then "--cache-chunk-path" will use the same path as "--cache-db-path".
Clear all the cached data for this remote on start.
How often should the cache perform cleanups of the chunk storage. The default value should be ok for most people. If you find that the cache goes over "cache-chunk-total-size" too often then try to lower this value to force it to perform cleanups more often.
How many times to retry a read from a cache storage.
Since reading from a cache stream is independent from downloading file data, readers can get to a point where there's no more data in the cache. Most of the times this can indicate a connectivity issue if cache isn't able to provide file data anymore.
For really slow connections, increase this to a point where the stream is able to provide data but your experience will be very stuttering.
How many workers should run in parallel to download chunks.
Higher values will mean more parallel processing (better CPU needed) and more concurrent requests on the cloud provider. This impacts several aspects like the cloud provider API limits, more stress on the hardware that rclone runs on but it also means that streams will be more fluid and data will be available much more faster to readers.
Note: If the optional Plex integration is enabled then this setting will adapt to the type of reading performed and the value specified here will be used as a maximum number of workers to use.
Disable the in-memory cache for storing chunks during streaming.
By default, cache will keep file data during streaming in RAM as well to provide it to readers as fast as possible.
This transient data is evicted as soon as it is read and the number of chunks stored doesn't exceed the number of workers. However, depending on other settings like "cache-chunk-size" and "cache-workers" this footprint can increase if there are parallel streams too (multiple files being read at the same time).
If the hardware permits it, use this feature to provide an overall better performance during streaming but it can also be disabled if RAM is not available on the local machine.
Limits the number of requests per second to the source FS (-1 to disable)
This setting places a hard limit on the number of requests per second that cache will be doing to the cloud provider remote and try to respect that value by setting waits between reads.
If you find that you're getting banned or limited on the cloud provider through cache and know that a smaller number of requests per second will allow you to work with it then you can use this setting for that.
A good balance of all the other settings should make this setting useless but it is available to set for more special cases.
NOTE: This will limit the number of requests during streams but other API calls to the cloud provider like directory listings will still pass.
Cache file data on writes through the FS
If you need to read files immediately after you upload them through cache you can enable this flag to have their data stored in the cache store at the same time during upload.
Directory to keep temporary files until they are uploaded.
This is the path where cache will use as a temporary storage for new files that need to be uploaded to the cloud provider.
Specifying a value will enable this feature. Without it, it is completely disabled and files will be uploaded directly to the cloud provider
How long should files be stored in local cache before being uploaded
This is the duration that a file must wait in the temporary location cache-tmp-upload-path before it is selected for upload.
Note that only one file is uploaded at a time and it can take longer to start the upload if a queue formed for this purpose.
How long to wait for the DB to be available - 0 is unlimited
Only one process can have the DB open at any one time, so rclone waits for this duration for the DB to become available before it gives an error.
If you set it to 0 then it will wait forever.
Here are the commands specific to the cache backend.
Run them with
rclone backend COMMAND remote:
The help below will explain what arguments each command takes.
See the "rclone backend" command for more info on how to pass options and arguments.
These can be run on a running backend using the rc command backend/command.
Print stats on the cache backend in JSON format.
rclone backend stats remote: [options] [<arguments>+]
The chunker
overlay transparently splits large files into smaller chunks during upload to wrapped remote and transparently assembles them back when the file is downloaded. This allows to effectively overcome size limits imposed by storage providers.
To use it, first set up the underlying remote following the configuration instructions for that remote. You can also use a local pathname instead of a remote.
First check your chosen remote is working - we'll call it remote:path
here. Note that anything inside remote:path
will be chunked and anything outside won't. This means that if you are using a bucket based remote (e.g. S3, B2, swift) then you should probably put the bucket in the remote s3:bucket
.
Now configure chunker
using rclone config
. We will call this one overlay
to separate it from the remote
itself.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> overlay
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Transparently chunk/split large files
\ "chunker"
[snip]
Storage> chunker
Remote to chunk/unchunk.
Normally should contain a ':' and a path, e.g. "myremote:path/to/dir",
"myremote:bucket" or maybe "myremote:" (not recommended).
Enter a string value. Press Enter for the default ("").
remote> remote:path
Files larger than chunk size will be split in chunks.
Enter a size with suffix K,M,G,T. Press Enter for the default ("2G").
chunk_size> 100M
Choose how chunker handles hash sums. All modes but "none" require metadata.
Enter a string value. Press Enter for the default ("md5").
Choose a number from below, or type in your own value
1 / Pass any hash supported by wrapped remote for non-chunked files, return nothing otherwise
\ "none"
2 / MD5 for composite files
\ "md5"
3 / SHA1 for composite files
\ "sha1"
4 / MD5 for all files
\ "md5all"
5 / SHA1 for all files
\ "sha1all"
6 / Copying a file to chunker will request MD5 from the source falling back to SHA1 if unsupported
\ "md5quick"
7 / Similar to "md5quick" but prefers SHA1 over MD5
\ "sha1quick"
hash_type> md5
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[overlay]
type = chunker
remote = remote:bucket
chunk_size = 100M
hash_type = md5
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
In normal use, make sure the remote has a :
in. If you specify the remote without a :
then rclone will use a local directory of that name. So if you use a remote of /path/to/secret/files
then rclone will chunk stuff in that directory. If you use a remote of name
then rclone will put files in a directory called name
in the current directory.
When rclone starts a file upload, chunker checks the file size. If it doesn't exceed the configured chunk size, chunker will just pass the file to the wrapped remote. If a file is large, chunker will transparently cut data in pieces with temporary names and stream them one by one, on the fly. Each data chunk will contain the specified number of bytes, except for the last one which may have less data. If file size is unknown in advance (this is called a streaming upload), chunker will internally create a temporary copy, record its size and repeat the above process.
When upload completes, temporary chunk files are finally renamed. This scheme guarantees that operations can be run in parallel and look from outside as atomic. A similar method with hidden temporary chunks is used for other operations (copy/move/rename, etc.). If an operation fails, hidden chunks are normally destroyed, and the target composite file stays intact.
When a composite file download is requested, chunker transparently assembles it by concatenating data chunks in order. As the split is trivial one could even manually concatenate data chunks together to obtain the original content.
When the list
rclone command scans a directory on wrapped remote, the potential chunk files are accounted for, grouped and assembled into composite directory entries. Any temporary chunks are hidden.
List and other commands can sometimes come across composite files with missing or invalid chunks, e.g. shadowed by like-named directory or another file. This usually means that wrapped file system has been directly tampered with or damaged. If chunker detects a missing chunk it will by default print warning, skip the whole incomplete group of chunks but proceed with current command. You can set the --chunker-fail-hard
flag to have commands abort with error message in such cases.
The default chunk name format is *.rclone_chunk.###
, hence by default chunk names are BIG_FILE_NAME.rclone_chunk.001
, BIG_FILE_NAME.rclone_chunk.002
etc. You can configure another name format using the name_format
configuration file option. The format uses asterisk *
as a placeholder for the base file name and one or more consecutive hash characters #
as a placeholder for sequential chunk number. There must be one and only one asterisk. The number of consecutive hash characters defines the minimum length of a string representing a chunk number. If decimal chunk number has less digits than the number of hashes, it is left-padded by zeros. If the decimal string is longer, it is left intact. By default numbering starts from 1 but there is another option that allows user to start from 0, e.g. for compatibility with legacy software.
For example, if name format is big_*-##.part
and original file name is data.txt
and numbering starts from 0, then the first chunk will be named big_data.txt-00.part
, the 99th chunk will be big_data.txt-98.part
and the 302nd chunk will become big_data.txt-301.part
.
Note that list
assembles composite directory entries only when chunk names match the configured format and treats non-conforming file names as normal non-chunked files.
When using norename
transactions, chunk names will additionally have a unique file version suffix. For example, BIG_FILE_NAME.rclone_chunk.001_bp562k
.
Besides data chunks chunker will by default create metadata object for a composite file. The object is named after the original file. Chunker allows user to disable metadata completely (the none
format). Note that metadata is normally not created for files smaller than the configured chunk size. This may change in future rclone releases.
This is the default format. It supports hash sums and chunk validation for composite files. Meta objects carry the following fields:
ver
- version of format, currently 1
size
- total size of composite filenchunks
- number of data chunks in filemd5
- MD5 hashsum of composite file (if present)sha1
- SHA1 hashsum (if present)txn
- identifies current version of the fileThere is no field for composite file name as it's simply equal to the name of meta object on the wrapped remote. Please refer to respective sections for details on hashsums and modified time handling.
You can disable meta objects by setting the meta format option to none
. In this mode chunker will scan directory for all files that follow configured chunk name format, group them by detecting chunks with the same base name and show group names as virtual composite files. This method is more prone to missing chunk errors (especially missing last chunk) than format with metadata enabled.
Chunker supports hashsums only when a compatible metadata is present. Hence, if you choose metadata format of none
, chunker will report hashsum as UNSUPPORTED
.
Please note that by default metadata is stored only for composite files. If a file is smaller than configured chunk size, chunker will transparently redirect hash requests to wrapped remote, so support depends on that. You will see the empty string as a hashsum of requested type for small files if the wrapped remote doesn't support it.
Many storage backends support MD5 and SHA1 hash types, so does chunker. With chunker you can choose one or another but not both. MD5 is set by default as the most supported type. Since chunker keeps hashes for composite files and falls back to the wrapped remote hash for non-chunked ones, we advise you to choose the same hash type as supported by wrapped remote so that your file listings look coherent.
If your storage backend does not support MD5 or SHA1 but you need consistent file hashing, configure chunker with md5all
or sha1all
. These two modes guarantee given hash for all files. If wrapped remote doesn't support it, chunker will then add metadata to all files, even small. However, this can double the amount of small files in storage and incur additional service charges. You can even use chunker to force md5/sha1 support in any other remote at expense of sidecar meta objects by setting e.g. chunk_type=sha1all
to force hashsums and chunk_size=1P
to effectively disable chunking.
Normally, when a file is copied to chunker controlled remote, chunker will ask the file source for compatible file hash and revert to on-the-fly calculation if none is found. This involves some CPU overhead but provides a guarantee that given hashsum is available. Also, chunker will reject a server-side copy or move operation if source and destination hashsum types are different resulting in the extra network bandwidth, too. In some rare cases this may be undesired, so chunker provides two optional choices: sha1quick
and md5quick
. If the source does not support primary hash type and the quick mode is enabled, chunker will try to fall back to the secondary type. This will save CPU and bandwidth but can result in empty hashsums at destination. Beware of consequences: the sync
command will revert (sometimes silently) to time/size comparison if compatible hashsums between source and target are not found.
Chunker stores modification times using the wrapped remote so support depends on that. For a small non-chunked file the chunker overlay simply manipulates modification time of the wrapped remote file. For a composite file with metadata chunker will get and set modification time of the metadata object on the wrapped remote. If file is chunked but metadata format is none
then chunker will use modification time of the first data chunk.
The idiomatic way to migrate to a different chunk size, hash type, transaction style or chunk naming scheme is to:
rclone sync -i oldchunks: newchunks:
and all your data will be transparently converted in transfer. This may take some time, yet chunker will try server-side copy if possible.If rclone gets killed during a long operation on a big composite file, hidden temporary chunks may stay in the directory. They will not be shown by the list
command but will eat up your account quota. Please note that the deletefile
command deletes only active chunks of a file. As a workaround, you can use remote of the wrapped file system to see them. An easy way to get rid of hidden garbage is to copy littered directory somewhere using the chunker remote and purge the original directory. The copy
command will copy only active chunks while the purge
will remove everything including garbage.
Chunker requires wrapped remote to support server-side move
(or copy
+ delete
) operations, otherwise it will explicitly refuse to start. This is because it internally renames temporary chunk files to their final names when an operation completes successfully.
Chunker encodes chunk number in file name, so with default name_format
setting it adds 17 characters. Also chunker adds 7 characters of temporary suffix during operations. Many file systems limit base file name without path by 255 characters. Using rclone's crypt remote as a base file system limits file name by 143 characters. Thus, maximum name length is 231 for most files and 119 for chunker-over-crypt. A user in need can change name format to e.g. *.rcc##
and save 10 characters (provided at most 99 chunks per file).
Note that a move implemented using the copy-and-delete method may incur double charging with some cloud storage providers.
Chunker will not automatically rename existing chunks when you run rclone config
on a live remote and change the chunk name format. Beware that in result of this some files which have been treated as chunks before the change can pop up in directory listings as normal files and vice versa. The same warning holds for the chunk size. If you desperately need to change critical chunking settings, you should run data migration as described above.
If wrapped remote is case insensitive, the chunker overlay will inherit that property (so you can't have a file called "Hello.doc" and "hello.doc" in the same directory).
Chunker included in rclone releases up to v1.54
can sometimes fail to detect metadata produced by recent versions of rclone. We recommend users to keep rclone up-to-date to avoid data corruption.
Changing transactions
is dangerous and requires explicit migration.
Here are the standard options specific to chunker (Transparently chunk/split large files).
Remote to chunk/unchunk. Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).
Files larger than chunk size will be split in chunks.
Choose how chunker handles hash sums. All modes but "none" require metadata.
Here are the advanced options specific to chunker (Transparently chunk/split large files).
String format of chunk file names. The two placeholders are: base file name (*) and chunk number (#...). There must be one and only one asterisk and one or more consecutive hash characters. If chunk number has less digits than the number of hashes, it is left-padded by zeros. If there are more digits in the number, they are left as is. Possible chunk files are ignored if their name does not match given format.
Minimum valid chunk number. Usually 0 or 1. By default chunk numbers start from 1.
Format of the metadata object or "none". By default "simplejson". Metadata is a small JSON file named after the composite file.
Choose how chunker should handle files with missing or invalid chunks.
Choose how chunker should handle temporary files during transactions.
Citrix ShareFile is a secure file sharing and transfer service aimed as business.
The initial setup for Citrix ShareFile involves getting a token from Citrix ShareFile which you can in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
XX / Citrix Sharefile
\ "sharefile"
Storage> sharefile
** See help for sharefile backend at: https://rclone.org/sharefile/ **
ID of the root folder
Leave blank to access "Personal Folders". You can use one of the
standard values here or any folder ID (long hex number ID).
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Access the Personal Folders. (Default)
\ ""
2 / Access the Favorites folder.
\ "favorites"
3 / Access all the shared folders.
\ "allshared"
4 / Access all the individual connectors.
\ "connectors"
5 / Access the home, favorites, and shared folders as well as the connectors.
\ "top"
root_folder_id>
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=XXX
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
type = sharefile
endpoint = https://XXX.sharefile.com
token = {"access_token":"XXX","token_type":"bearer","refresh_token":"XXX","expiry":"2019-09-30T19:41:45.878561877+01:00"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Citrix ShareFile. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your ShareFile
rclone lsd remote:
List all the files in your ShareFile
rclone ls remote:
To copy a local directory to an ShareFile directory called backup
rclone copy /home/source remote:backup
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
ShareFile allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.
ShareFile supports MD5 type hashes, so you can use the --checksum
flag.
For files above 128 MiB rclone will use a chunked transfer. Rclone will upload up to --transfers
chunks at the same time (shared among all the multipart uploads). Chunks are buffered in memory and are normally 64 MiB so increasing --transfers
will increase memory use.
Note that ShareFile is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
ShareFile only supports filenames up to 256 characters in length.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
* | 0x2A | * |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
: | 0x3A | : |
| | 0x7C | | |
" | 0x22 | " |
File names can also not start or end with the following characters. These only get replaced if they are the first or last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
. | 0x2E | . |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to sharefile (Citrix Sharefile).
ID of the root folder
Leave blank to access "Personal Folders". You can use one of the standard values here or any folder ID (long hex number ID).
Here are the advanced options specific to sharefile (Citrix Sharefile).
Cutoff for switching to multipart upload.
Upload chunk size. Must a power of 2 >= 256k.
Making this larger will improve performance, but note that each chunk is buffered in memory one per transfer.
Reducing this will reduce memory usage but decrease performance.
Endpoint for API calls.
This is usually auto discovered as part of the oauth process, but can be set manually to something like: https://XXX.sharefile.com
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the Citrix ShareFile backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Rclone crypt
remotes encrypt and decrypt other remotes.
A remote of type crypt
does not access a storage system directly, but instead wraps another remote, which in turn accesses the storage system. This is similar to how alias, union, chunker and a few others work. It makes the usage very flexible, as you can add a layer, in this case an encryption layer, on top of any other backend, even in multiple layers. Rclone's functionality can be used as with any other remote, for example you can mount a crypt remote.
Accessing a storage system through a crypt remote realizes client-side encryption, which makes it safe to keep your data in a location you do not trust will not get compromised. When working against the crypt
remote, rclone will automatically encrypt (before uploading) and decrypt (after downloading) on your local system as needed on the fly, leaving the data encrypted at rest in the wrapped remote. If you access the storage system using an application other than rclone, or access the wrapped remote directly using rclone, there will not be any encryption/decryption: Downloading existing content will just give you the encrypted (scrambled) format, and anything you upload will not become encrypted.
The encryption is a secret-key encryption (also called symmetric key encryption) algorithm, where a password (or pass phrase) is used to generate real encryption key. The password can be supplied by user, or you may chose to let rclone generate one. It will be stored in the configuration file, in a lightly obscured form. If you are in an environment where you are not able to keep your configuration secured, you should add configuration encryption as protection. As long as you have this configuration file, you will be able to decrypt your data. Without the configuration file, as long as you remember the password (or keep it in a safe place), you can re-create the configuration and gain access to the existing data. You may also configure a corresponding remote in a different installation to access the same data. See below for guidance to changing password.
Encryption uses cryptographic salt, to permute the encryption key so that the same string may be encrypted in different ways. When configuring the crypt remote it is optional to enter a salt, or to let rclone generate a unique salt. If omitted, rclone uses a built-in unique string. Normally in cryptography, the salt is stored together with the encrypted content, and do not have to be memorized by the user. This is not the case in rclone, because rclone does not store any additional information on the remotes. Use of custom salt is effectively a second password that must be memorized.
File content encryption is performed using NaCl SecretBox, based on XSalsa20 cipher and Poly1305 for integrity. Names (file- and directory names) are also encrypted by default, but this has some implications and is therefore possible to turned off.
Here is an example of how to make a remote called secret
.
To use crypt
, first set up the underlying remote. Follow the rclone config
instructions for the specific backend.
Before configuring the crypt remote, check the underlying remote is working. In this example the underlying remote is called remote
. We will configure a path path
within this remote to contain the encrypted content. Anything inside remote:path
will be encrypted and anything outside will not.
Configure crypt
using rclone config
. In this example the crypt
remote is called secret
, to differentiate it from the underlying remote
.
When you are done you can use the crypt remote named secret
just as you would with any other remote, e.g. rclone copy D:\docs secret:\docs
, and rclone will encrypt and decrypt as needed on the fly. If you access the wrapped remote remote:path
directly you will bypass the encryption, and anything you read will be in encrypted form, and anything you write will be unencrypted. To avoid issues it is best to configure a dedicated path for encrypted content, and access it exclusively through a crypt remote.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> secret
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Encrypt/Decrypt a remote
\ "crypt"
[snip]
Storage> crypt
** See help for crypt backend at: https://rclone.org/crypt/ **
Remote to encrypt/decrypt.
Normally should contain a ':' and a path, eg "myremote:path/to/dir",
"myremote:bucket" or maybe "myremote:" (not recommended).
Enter a string value. Press Enter for the default ("").
remote> remote:path
How to encrypt the filenames.
Enter a string value. Press Enter for the default ("standard").
Choose a number from below, or type in your own value
1 / Encrypt the filenames see the docs for the details.
\ "standard"
2 / Very simple filename obfuscation.
\ "obfuscate"
3 / Don't encrypt the file names. Adds a ".bin" extension only.
\ "off"
filename_encryption>
Option to either encrypt directory names or leave them intact.
NB If filename_encryption is "off" then this option will do nothing.
Enter a boolean value (true or false). Press Enter for the default ("true").
Choose a number from below, or type in your own value
1 / Encrypt directory names.
\ "true"
2 / Don't encrypt directory names, leave them intact.
\ "false"
directory_name_encryption>
Password or pass phrase for encryption.
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Password or pass phrase for salt. Optional but recommended.
Should be different to the previous password.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> g
Password strength in bits.
64 is just about memorable
128 is secure
1024 is the maximum
Bits> 128
Your password is: JAsJvRcgR-_veXNfy_sGmQ
Use this password? Please note that an obscured version of this
password (and not the password itself) will be stored under your
configuration file, so keep this generated password in a safe place.
y) Yes (default)
n) No
y/n>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n>
Remote config
--------------------
[secret]
type = crypt
remote = remote:path
password = *** ENCRYPTED ***
password2 = *** ENCRYPTED ***
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d>
Important The crypt password stored in rclone.conf
is lightly obscured. That only protects it from cursory inspection. It is not secure unless configuration encryption of rclone.conf
is specified.
A long passphrase is recommended, or rclone config
can generate a random one.
The obscured password is created using AES-CTR with a static key. The salt is stored verbatim at the beginning of the obscured password. This static key is shared between all versions of rclone.
If you reconfigure rclone with the same passwords/passphrases elsewhere it will be compatible, but the obscured version will be different due to the different salt.
Rclone does not encrypt
When configuring the remote to encrypt/decrypt, you may specify any string that rclone accepts as a source/destination of other commands.
The primary use case is to specify the path into an already configured remote (e.g. remote:path/to/dir
or remote:bucket
), such that data in a remote untrusted location can be stored encrypted.
You may also specify a local filesystem path, such as /path/to/dir
on Linux, C:\path\to\dir
on Windows. By creating a crypt remote pointing to such a local filesystem path, you can use rclone as a utility for pure local file encryption, for example to keep encrypted files on a removable USB drive.
Note: A string which do not contain a :
will by rclone be treated as a relative path in the local filesystem. For example, if you enter the name remote
without the trailing :
, it will be treated as a subdirectory of the current directory with name "remote".
If a path remote:path/to/dir
is specified, rclone stores encrypted files in path/to/dir
on the remote. With file name encryption, files saved to secret:subdir/subfile
are stored in the unencrypted path path/to/dir
but the subdir/subpath
element is encrypted.
The path you specify does not have to exist, rclone will create it when needed.
If you intend to use the wrapped remote both directly for keeping unencrypted content, as well as through a crypt remote for encrypted content, it is recommended to point the crypt remote to a separate directory within the wrapped remote. If you use a bucket based storage system (e.g. Swift, S3, Google Compute Storage, B2, Hubic) it is generally advisable to wrap the crypt remote around a specific bucket (s3:bucket
). If wrapping around the entire root of the storage (s3:
), and use the optional file name encryption, rclone will encrypt the bucket name.
Should the password, or the configuration file containing a lightly obscured form of the password, be compromised, you need to re-encrypt your data with a new password. Since rclone uses secret-key encryption, where the encryption key is generated directly from the password kept on the client, it is not possible to change the password/key of already encrypted content. Just changing the password configured for an existing crypt remote means you will no longer able to decrypt any of the previously encrypted content. The only possibility is to re-upload everything via a crypt remote configured with your new password.
Depending on the size of your data, your bandwith, storage quota etc, there are different approaches you can take: - If you have everything in a different location, for example on your local system, you could remove all of the prior encrypted files, change the password for your configured crypt remote (or delete and re-create the crypt configuration), and then re-upload everything from the alternative location. - If you have enough space on the storage system you can create a new crypt remote pointing to a separate directory on the same backend, and then use rclone to copy everything from the original crypt remote to the new, effectively decrypting everything on the fly using the old password and re-encrypting using the new password. When done, delete the original crypt remote directory and finally the rclone crypt configuration with the old password. All data will be streamed from the storage system and back, so you will get half the bandwith and be charged twice if you have upload and download quota on the storage system.
Note: A security problem related to the random password generator was fixed in rclone version 1.53.3 (released 2020-11-19). Passwords generated by rclone config in version 1.49.0 (released 2019-08-26) to 1.53.2 (released 2020-10-26) are not considered secure and should be changed. If you made up your own password, or used rclone version older than 1.49.0 or newer than 1.53.2 to generate it, you are not affected by this issue. See issue #4783 for more details, and a tool you can use to check if you are affected.
Create the following file structure using "standard" file name encryption.
plaintext/
├── file0.txt
├── file1.txt
└── subdir
├── file2.txt
├── file3.txt
└── subsubdir
└── file4.txt
Copy these to the remote, and list them
$ rclone -q copy plaintext secret:
$ rclone -q ls secret:
7 file1.txt
6 file0.txt
8 subdir/file2.txt
10 subdir/subsubdir/file4.txt
9 subdir/file3.txt
The crypt remote looks like
$ rclone -q ls remote:path
55 hagjclgavj2mbiqm6u6cnjjqcg
54 v05749mltvv1tf4onltun46gls
57 86vhrsv86mpbtd3a0akjuqslj8/dlj7fkq4kdq72emafg7a7s41uo
58 86vhrsv86mpbtd3a0akjuqslj8/7uu829995du6o42n32otfhjqp4/b9pausrfansjth5ob3jkdqd4lc
56 86vhrsv86mpbtd3a0akjuqslj8/8njh1sk437gttmep3p70g81aps
The directory structure is preserved
$ rclone -q ls secret:subdir
8 file2.txt
9 file3.txt
10 subsubdir/file4.txt
Without file name encryption .bin
extensions are added to underlying names. This prevents the cloud provider attempting to interpret file content.
$ rclone -q ls remote:path
54 file0.txt.bin
57 subdir/file3.txt.bin
56 subdir/file2.txt.bin
58 subdir/subsubdir/file4.txt.bin
55 file1.txt.bin
Off
Standard
Obfuscation
This is a simple "rotate" of the filename, with each file having a rot distance based on the filename. Rclone stores the distance at the beginning of the filename. A file called "hello" may become "53.jgnnq".
Obfuscation is not a strong encryption of filenames, but hinders automated scanning tools picking up on filename patterns. It is an intermediate between "off" and "standard" which allows for longer path segment names.
There is a possibility with some unicode based filenames that the obfuscation is weak and may map lower case characters to upper case equivalents.
Obfuscation cannot be relied upon for strong protection.
Cloud storage systems have limits on file name length and total path length which rclone is more likely to breach using "Standard" file name encryption. Where file names are less thn 156 characters in length issues should not be encountered, irrespective of cloud storage provider.
An alternative, future rclone file name encryption mode may tolerate backend provider path length limits.
Crypt offers the option of encrypting dir names or leaving them intact. There are two options:
True
Encrypts the whole file path including directory names Example: 1/12/123.txt
is encrypted to p0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0
False
Only encrypts file names, skips directory names Example: 1/12/123.txt
is encrypted to 1/12/qgm4avr35m5loi1th53ato71v0
Crypt stores modification times using the underlying remote so support depends on that.
Hashes are not stored for crypt. However the data integrity is protected by an extremely strong crypto authenticator.
Use the rclone cryptcheck
command to check the integrity of a crypted remote instead of rclone check
which can't check the checksums properly.
Here are the standard options specific to crypt (Encrypt/Decrypt a remote).
Remote to encrypt/decrypt. Normally should contain a ':' and a path, e.g. "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended).
How to encrypt the filenames.
Option to either encrypt directory names or leave them intact.
NB If filename_encryption is "off" then this option will do nothing.
Password or pass phrase for encryption.
NB Input to this must be obscured - see rclone obscure.
Password or pass phrase for salt. Optional but recommended. Should be different to the previous password.
NB Input to this must be obscured - see rclone obscure.
Here are the advanced options specific to crypt (Encrypt/Decrypt a remote).
Allow server-side operations (e.g. copy) to work across different crypt configs.
Normally this option is not what you want, but if you have two crypts pointing to the same backend you can use it.
This can be used, for example, to change file name encryption type without re-uploading all the data. Just make two crypt backends pointing to two different directories with the single changed parameter and use rclone move to move the files between the crypt remotes.
For all files listed show how the names encrypt.
If this flag is set then for each file that the remote is asked to list, it will log (at level INFO) a line stating the decrypted file name and the encrypted file name.
This is so you can work out which encrypted names are which decrypted names just in case you need to do something with the encrypted file names, or for debugging purposes.
Option to either encrypt file data or leave it unencrypted.
Here are the commands specific to the crypt backend.
Run them with
rclone backend COMMAND remote:
The help below will explain what arguments each command takes.
See the "rclone backend" command for more info on how to pass options and arguments.
These can be run on a running backend using the rc command backend/command.
Encode the given filename(s)
rclone backend encode remote: [options] [<arguments>+]
This encodes the filenames given as arguments returning a list of strings of the encoded results.
Usage Example:
rclone backend encode crypt: file1 [file2...]
rclone rc backend/command command=encode fs=crypt: file1 [file2...]
Decode the given filename(s)
rclone backend decode remote: [options] [<arguments>+]
This decodes the filenames given as arguments returning a list of strings of the decoded results. It will return an error if any of the inputs are invalid.
Usage Example:
rclone backend decode crypt: encryptedfile1 [encryptedfile2...]
rclone rc backend/command command=decode fs=crypt: encryptedfile1 [encryptedfile2...]
If you wish to backup a crypted remote, it is recommended that you use rclone sync
on the encrypted files, and make sure the passwords are the same in the new encrypted remote.
This will have the following advantages
rclone sync
will check the checksums while copyingrclone check
between the encrypted remotesFor example, let's say you have your original remote at remote:
with the encrypted version at eremote:
with path remote:crypt
. You would then set up the new remote remote2:
and then the encrypted version eremote2:
with path remote2:crypt
using the same passwords as eremote:
.
To sync the two remotes you would do
rclone sync -i remote:crypt remote2:crypt
And to check the integrity you would do
rclone check remote:crypt remote2:crypt
Files are encrypted 1:1 source file to destination object. The file has a header and is divided into chunks.
RCLONE\x00\x00
The initial nonce is generated from the operating systems crypto strong random number generator. The nonce is incremented for each chunk read making sure each nonce is unique for each block written. The chance of a nonce being re-used is minuscule. If you wrote an exabyte of data (10¹⁸ bytes) you would have a probability of approximately 2×10⁻³² of re-using a nonce.
Each chunk will contain 64 KiB of data, except for the last one which may have less data. The data chunk is in standard NaCl SecretBox format. SecretBox uses XSalsa20 and Poly1305 to encrypt and authenticate messages.
Each chunk contains:
64k chunk size was chosen as the best performing chunk size (the authenticator takes too much time below this and the performance drops off due to cache effects above this). Note that these chunks are buffered in memory so they can't be too big.
This uses a 32 byte (256 bit key) key derived from the user password.
1 byte file will encrypt to
49 bytes total
1 MiB (1048576 bytes) file will encrypt to
1049120 bytes total (a 0.05% overhead). This is the overhead for big files.
File names are encrypted segment by segment - the path is broken up into /
separated strings and these are encrypted individually.
File segments are padded using PKCS#7 to a multiple of 16 bytes before encryption.
They are then encrypted with EME using AES with 256 bit key. EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003 paper "A Parallelizable Enciphering Mode" by Halevi and Rogaway.
This makes for deterministic encryption which is what we want - the same filename must encrypt to the same thing otherwise we can't find it on the cloud storage system.
This means that
This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both of which are derived from the user password.
After encryption they are written out using a modified version of standard base32
encoding as described in RFC4648. The standard encoding is modified in two ways:
=
base32
is used rather than the more efficient base64
so rclone can be used on case insensitive remotes (e.g. Windows, Amazon Drive).
Rclone uses scrypt
with parameters N=16384, r=8, p=1
with an optional user supplied salt (password2) to derive the 32+32+16 = 80 bytes of key material required. If the user doesn't supply a salt then rclone uses an internal one.
scrypt
makes it impractical to mount a dictionary attack on rclone encrypted data. For full protection against this you should always use a salt.
This remote is currently experimental. Things may break and data may be lost. Anything you do with this remote is at your own risk. Please understand the risks associated with using experimental code and don't use this remote in critical applications.
The Compress
remote adds compression to another remote. It is best used with remotes containing many large compressible files.
To use this remote, all you need to do is specify another remote and a compression mode to use:
Current remotes:
Name Type
==== ====
remote_to_press sometype
e) Edit existing remote
$ rclone config
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name> compress
...
8 / Compress a remote
\ "compress"
...
Storage> compress
** See help for compress backend at: https://rclone.org/compress/ **
Remote to compress.
Enter a string value. Press Enter for the default ("").
remote> remote_to_press:subdir
Compression mode.
Enter a string value. Press Enter for the default ("gzip").
Choose a number from below, or type in your own value
1 / Gzip compression balanced for speed and compression strength.
\ "gzip"
compression_mode> gzip
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[compress]
type = compress
remote = remote_to_press:subdir
compression_mode = gzip
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Currently only gzip compression is supported, it provides a decent balance between speed and strength and is well supported by other application. Compression strength can further be configured via an advanced setting where 0 is no compression and 9 is strongest compression.
If you open a remote wrapped by press, you will see that there are many files with an extension corresponding to the compression algorithm you chose. These files are standard files that can be opened by various archive programs, but they have some hidden metadata that allows them to be used by rclone. While you may download and decompress these files at will, do not manually delete or rename files. Files without correct metadata files will not be recognized by rclone.
The compressed files will be named *.###########.gz
where *
is the base file and the #
part is base64 encoded size of the uncompressed file. The file names should not be changed by anything other than the rclone compression backend.
Here are the standard options specific to compress (Compress a remote).
Remote to compress.
Compression mode.
Here are the advanced options specific to compress (Compress a remote).
GZIP compression level (-2 to 9).
Generally -1 (default, equivalent to 5) is recommended.
Levels 1 to 9 increase compressiong at the cost of speed.. Going past 6
generally offers very little return.
Level -2 uses Huffmann encoding only. Only use if you now what you
are doing
Level 0 turns off compression.
Some remotes don't allow the upload of files with unknown size. In this case the compressed file will need to be cached to determine it's size.
Files smaller than this limit will be cached in RAM, file larger than
this limit will be cached on disk
Paths are specified as remote:path
Dropbox paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for dropbox involves getting a token from Dropbox which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
n) New remote
d) Delete remote
q) Quit config
e/n/d/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Dropbox
\ "dropbox"
[snip]
Storage> dropbox
Dropbox App Key - leave blank normally.
app_key>
Dropbox App Secret - leave blank normally.
app_secret>
Remote config
Please visit:
https://www.dropbox.com/1/oauth2/authorize?client_id=XXXXXXXXXXXXXXX&response_type=code
Enter the code: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX
--------------------
[remote]
app_key =
app_secret =
token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
You can then use it like this,
List directories in top level of your dropbox
rclone lsd remote:
List all the files in your dropbox
rclone ls remote:
To copy a local directory to a dropbox directory called backup
rclone copy /home/source remote:backup
Rclone supports Dropbox for business and Team Folders.
When using Dropbox for business remote:
and remote:path/to/file
will refer to your personal folder.
If you wish to see Team Folders you must use a leading /
in the path, so rclone lsd remote:/
will refer to the root and show you all Team Folders and your User Folder.
You can then use team folders like this remote:/TeamFolder
and remote:/TeamFolder/path/to/file
.
A leading /
for a Dropbox personal account will do nothing, but it will take an extra HTTP transaction so it should be avoided.
Dropbox supports modified times, but the only way to set a modification time is to re-upload the file.
This means that if you uploaded your data with an older version of rclone which didn't support the v2 API and modified times, rclone will decide to upload all your old data to fix the modification times. If you don't want this to happen use --size-only
or --checksum
flag to stop it.
Dropbox supports its own hash type which is checked for all transfers.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
DEL | 0x7F | ␡ |
\ | 0x5C | \ |
File names can also not end with the following characters. These only get replaced if they are the last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Using batch mode uploads is very important for performance when using the Dropbox API. See the dropbox performance guide for more info.
There are 3 modes rclone can use for uploads.
In this mode rclone will not use upload batching. This was the default before rclone v1.55. It has the disadvantage that it is very likely to encounter too_many_requests
errors like this
NOTICE: too_many_requests/.: Too many requests or write operations. Trying again in 15 seconds.
When rclone receives these it has to wait for 15s or sometimes 300s before continuing which really slows down transfers.
This will happen especially if --transfers
is large, so this mode isn't recommended except for compatibility or investigating problems.
In this mode rclone will batch up uploads to the size specified by --dropbox-batch-size
and commit them together.
Using this mode means you can use a much higher --transfers
parameter (32 or 64 works fine) without receiving too_many_requests
errors.
This mode ensures full data integrity.
Note that there may be a pause when quitting rclone while rclone finishes up the last batch using this mode.
In this mode rclone will batch up uploads to the size specified by --dropbox-batch-size
and commit them together.
However it will not wait for the status of the batch to be returned to the caller. This means rclone can use a much bigger batch size (much bigger than --transfers
), at the cost of not being able to check the status of the upload.
This provides the maximum possible upload speed especially with lots of small files, however rclone can't check the file got uploaded properly using this mode.
If you are using this mode then using "rclone check" after the transfer completes is recommended. Or you could do an initial transfer with --dropbox-batch-mode async
then do a final transfer with --dropbox-batch-mode sync
(the default).
Note that there may be a pause when quitting rclone while rclone finishes up the last batch using this mode.
Here are the standard options specific to dropbox (Dropbox).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Here are the advanced options specific to dropbox (Dropbox).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Upload chunk size. (< 150Mi).
Any files larger than this will be uploaded in chunks of this size.
Note that chunks are buffered in memory (one at a time) so rclone can deal with retries. Setting this larger will increase the speed slightly (at most 10% for 128 MiB in tests) at the cost of using more memory. It can be set smaller if you are tight on memory.
Impersonate this user when using a business account.
Note that if you want to use impersonate, you should make sure this flag is set when running "rclone config" as this will cause rclone to request the "members.read" scope which it won't normally. This is needed to lookup a members email address into the internal ID that dropbox uses in the API.
Using the "members.read" scope will require a Dropbox Team Admin to approve during the OAuth flow.
You will have to use your own App (setting your own client_id and client_secret) to use this option as currently rclone's default set of permissions doesn't include "members.read". This can be added once v1.55 or later is in use everywhere.
Instructs rclone to work on individual shared files.
In this mode rclone's features are extremely limited - only list (ls, lsl, etc.) operations and read operations (e.g. downloading) are supported in this mode. All other operations will be disabled.
Instructs rclone to work on shared folders.
When this flag is used with no path only the List operation is supported and all available shared folders will be listed. If you specify a path the first part will be interpreted as the name of shared folder. Rclone will then try to mount this shared to the root namespace. On success shared folder rclone proceeds normally. The shared folder is now pretty much a normal folder and all normal operations are supported.
Note that we don't unmount the shared folder afterwards so the --dropbox-shared-folders can be omitted after the first use of a particular shared folder.
Upload file batching sync|async|off.
This sets the batch mode used by rclone.
For full info see the main docs
This has 3 possible values
Rclone will close any outstanding batches when it exits which may make a delay on quit.
Max number of files in upload batch.
This sets the batch size of files to upload. It has to be less than 1000.
By default this is 0 which means rclone which calculate the batch size depending on the setting of batch_mode.
Rclone will close any outstanding batches when it exits which may make a delay on quit.
Setting this is a great idea if you are uploading lots of small files as it will make them a lot quicker. You can use --transfers 32 to maximise throughput.
Max time to allow an idle upload batch before uploading
If an upload batch is idle for more than this long then it will be uploaded.
The default for this is 0 which means rclone will choose a sensible default based on the batch_mode in use.
batch_mode: off - not in use
Default: 0s
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that Dropbox is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
There are some file names such as thumbs.db
which Dropbox can't store. There is a full list of them in the "Ignored Files" section of this document. Rclone will issue an error message File name disallowed - not uploading
if it attempts to upload one of those file names, but the sync won't fail.
Some errors may occur if you try to sync copyright-protected files because Dropbox has its own copyright detector that prevents this sort of file being downloaded. This will return the error ERROR : /path/to/your/file: Failed to copy: failed to open source object: path/restricted_content/.
If you have more than 10,000 files in a directory then rclone purge dropbox:dir
will return the error Failed to purge: There are too many files involved in this operation
. As a work-around do an rclone delete dropbox:dir
followed by an rclone rmdir dropbox:dir
.
When using rclone link
you'll need to set --expire
if using a non-personal account otherwise the visibility may not be correct. (Note that --expire
isn't supported on personal accounts). See the forum discussion and the dropbox SDK issue.
When you use rclone with Dropbox in its default configuration you are using rclone's App ID. This is shared between all the rclone users.
Here is how to create your own Dropbox App ID for rclone:
Log into the Dropbox App console with your Dropbox Account (It need not to be the same account as the Dropbox you want to access)
Choose an API => Usually this should be Dropbox API
Choose the type of access you want to use => Full Dropbox
or App Folder
Name your App. The app name is global, so you can't use rclone
for example
Click the button Create App
Switch to the Permissions
tab. Enable at least the following permissions: account_info.read
, files.metadata.write
, files.content.write
, files.content.read
, sharing.write
. The files.metadata.read
and sharing.read
checkboxes will be marked too. Click Submit
Switch to the Settings
tab. Fill OAuth2 - Redirect URIs
as http://localhost:53682/
Find the App key
and App secret
values on the Settings
tab. Use these values in rclone config to add a new remote or edit an existing remote. The App key
setting corresponds to client_id
in rclone config, the App secret
corresponds to client_secret
This backend supports Storage Made Easy's Enterprise File Fabric™ which provides a software solution to integrate and unify File and Object Storage accessible through a global file system.
The initial setup for the Enterprise File Fabric backend involves getting a token from the the Enterprise File Fabric which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Enterprise File Fabric
\ "filefabric"
[snip]
Storage> filefabric
** See help for filefabric backend at: https://rclone.org/filefabric/ **
URL of the Enterprise File Fabric to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Storage Made Easy US
\ "https://storagemadeeasy.com"
2 / Storage Made Easy EU
\ "https://eu.storagemadeeasy.com"
3 / Connect to your Enterprise File Fabric
\ "https://yourfabric.smestorage.com"
url> https://yourfabric.smestorage.com/
ID of the root folder
Leave blank normally.
Fill in to make rclone start with directory of a given ID.
Enter a string value. Press Enter for the default ("").
root_folder_id>
Permanent Authentication Token
A Permanent Authentication Token can be created in the Enterprise File
Fabric, on the users Dashboard under Security, there is an entry
you'll see called "My Authentication Tokens". Click the Manage button
to create one.
These tokens are normally valid for several years.
For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
Enter a string value. Press Enter for the default ("").
permanent_token> xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[remote]
type = filefabric
url = https://yourfabric.smestorage.com/
permanent_token = xxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Once configured you can then use rclone
like this,
List directories in top level of your Enterprise File Fabric
rclone lsd remote:
List all the files in your Enterprise File Fabric
rclone ls remote:
To copy a local directory to an Enterprise File Fabric directory called backup
rclone copy /home/source remote:backup
The Enterprise File Fabric allows modification times to be set on files accurate to 1 second. These will be used to detect whether objects need syncing or not.
The Enterprise File Fabric does not support any data hashes at this time.
The default restricted characters set will be replaced.
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Empty files aren't supported by the Enterprise File Fabric. Rclone will therefore upload an empty file as a single space with a mime type of application/vnd.rclone.empty.file
and files with that mime type are treated as empty.
You can set the root_folder_id
for rclone. This is the directory (identified by its Folder ID
) that rclone considers to be the root of your Enterprise File Fabric.
Normally you will leave this blank and rclone will determine the correct root to use itself.
However you can set this to restrict rclone to a specific folder hierarchy.
In order to do this you will have to find the Folder ID
of the directory you wish rclone to display. These aren't displayed in the web interface, but you can use rclone lsf
to find them, for example
$ rclone lsf --dirs-only -Fip --csv filefabric:
120673758,Burnt PDFs/
120673759,My Quick Uploads/
120673755,My Syncs/
120673756,My backups/
120673757,My contacts/
120673761,S3 Storage/
The ID for "S3 Storage" would be 120673761
.
Here are the standard options specific to filefabric (Enterprise File Fabric).
URL of the Enterprise File Fabric to connect to
ID of the root folder Leave blank normally.
Fill in to make rclone start with directory of a given ID.
Permanent Authentication Token
A Permanent Authentication Token can be created in the Enterprise File Fabric, on the users Dashboard under Security, there is an entry you'll see called "My Authentication Tokens". Click the Manage button to create one.
These tokens are normally valid for several years.
For more info see: https://docs.storagemadeeasy.com/organisationcloud/api-tokens
Here are the advanced options specific to filefabric (Enterprise File Fabric).
Session Token
This is a session token which rclone caches in the config file. It is usually valid for 1 hour.
Don't set this value - rclone will set it automatically.
Token expiry time
Don't set this value - rclone will set it automatically.
Version read from the file fabric
Don't set this value - rclone will set it automatically.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
FTP is the File Transfer Protocol. Rclone FTP support is provided using the github.com/jlaffaye/ftp package.
Limitations of Rclone's FTP backend
Paths are specified as remote:path
. If the path does not begin with a /
it is relative to the home directory of the user. An empty path remote:
refers to the user's home directory.
To create an FTP configuration named remote
, run
rclone config
Rclone config guides you through an interactive setup process. A minimal rclone FTP remote definition only requires host, username and password. For an anonymous FTP server, use anonymous
as username and your email address as password.
No remotes found - make a new one
n) New remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
n/r/c/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / FTP Connection
\ "ftp"
[snip]
Storage> ftp
** See help for ftp backend at: https://rclone.org/ftp/ **
FTP host to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to ftp.example.com
\ "ftp.example.com"
host> ftp.example.com
FTP username, leave blank for current username, $USER
Enter a string value. Press Enter for the default ("").
user>
FTP port, leave blank to use default (21)
Enter a string value. Press Enter for the default ("").
port>
FTP password
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Use FTP over TLS (Implicit)
Enter a boolean value (true or false). Press Enter for the default ("false").
tls>
Use FTP over TLS (Explicit)
Enter a boolean value (true or false). Press Enter for the default ("false").
explicit_tls>
Remote config
--------------------
[remote]
type = ftp
host = ftp.example.com
pass = *** ENCRYPTED ***
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
To see all directories in the home directory of remote
rclone lsd remote:
Make a new directory
rclone mkdir remote:path/to/directory
List the contents of a directory
rclone ls remote:path/to/directory
Sync /home/local/directory
to the remote directory, deleting any excess files in the directory.
rclone sync -i /home/local/directory remote:directory
rclone lsf :ftp: --ftp-host=speedtest.tele2.net --ftp-user=anonymous --ftp-pass=`rclone obscure dummy`
Rlone FTP supports implicit FTP over TLS servers (FTPS). This has to be enabled in the FTP backend config for the remote, or with --ftp-tls
. The default FTPS port is 990
, not 21
and can be set with --ftp-port
.
Here are the standard options specific to ftp (FTP Connection).
FTP host to connect to
FTP username, leave blank for current username, $USER
FTP port, leave blank to use default (21)
FTP password
NB Input to this must be obscured - see rclone obscure.
Use Implicit FTPS (FTP over TLS) When using implicit FTP over TLS the client connects using TLS right from the start which breaks compatibility with non-TLS-aware servers. This is usually served over port 990 rather than port 21. Cannot be used in combination with explicit FTP.
Use Explicit FTPS (FTP over TLS) When using explicit FTP over TLS the client explicitly requests security from the server in order to upgrade a plain text connection to an encrypted one. Cannot be used in combination with implicit FTP.
Here are the advanced options specific to ftp (FTP Connection).
Maximum number of FTP simultaneous connections, 0 for unlimited
Do not verify the TLS certificate of the server
Disable using EPSV even if server advertises support
Disable using MLSD even if server advertises support
Max time before closing idle connections
If no connections have been returned to the connection pool in the time given, rclone will empty the connection pool.
Set to 0 to keep connections indefinitely.
Maximum time to wait for a response to close.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Modified times are not supported. Times you see on the FTP server through rclone are those of upload.
Rclone's FTP backend does not support any checksums but can compare file sizes.
rclone about
is not supported by the FTP backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
The implementation of : --dump headers
, --dump bodies
, --dump auth
for debugging isn't the same as for rclone HTTP based backends - it has less fine grained control.
--timeout
isn't supported (but --contimeout
is).
--bind
isn't supported.
Rclone's FTP backend could support server-side move but does not at present.
The ftp_proxy
environment variable is not currently supported.
FTP servers acting as rclone remotes must support 'passive' mode. Rclone's FTP implementation is not compatible with 'active' mode.
In addition to the default restricted characters set the following characters are also replaced:
File names cannot end with the following characters. Repacement is limited to the last character in a file name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
Not all FTP servers can have all characters in file names, for example:
FTP Server | Forbidden characters |
---|---|
proftpd | * |
pureftpd | \ [ ] |
Paths are specified as remote:bucket
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir
.
The initial setup for google cloud storage involves getting a token from Google Cloud Storage which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
n) New remote
d) Delete remote
q) Quit config
e/n/d/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
[snip]
Storage> google cloud storage
Google Application Client Id - leave blank normally.
client_id>
Google Application Client Secret - leave blank normally.
client_secret>
Project number optional - needed only for list/create/delete buckets - see your developer console.
project_number> 12345678
Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
service_account_file>
Access Control List for new objects.
Choose a number from below, or type in your own value
1 / Object owner gets OWNER access, and all Authenticated Users get READER access.
\ "authenticatedRead"
2 / Object owner gets OWNER access, and project team owners get OWNER access.
\ "bucketOwnerFullControl"
3 / Object owner gets OWNER access, and project team owners get READER access.
\ "bucketOwnerRead"
4 / Object owner gets OWNER access [default if left blank].
\ "private"
5 / Object owner gets OWNER access, and project team members get access according to their roles.
\ "projectPrivate"
6 / Object owner gets OWNER access, and all Users get READER access.
\ "publicRead"
object_acl> 4
Access Control List for new buckets.
Choose a number from below, or type in your own value
1 / Project team owners get OWNER access, and all Authenticated Users get READER access.
\ "authenticatedRead"
2 / Project team owners get OWNER access [default if left blank].
\ "private"
3 / Project team members get access according to their roles.
\ "projectPrivate"
4 / Project team owners get OWNER access, and all Users get READER access.
\ "publicRead"
5 / Project team owners get OWNER access, and all Users get WRITER access.
\ "publicReadWrite"
bucket_acl> 2
Location for the newly created buckets.
Choose a number from below, or type in your own value
1 / Empty for default location (US).
\ ""
2 / Multi-regional location for Asia.
\ "asia"
3 / Multi-regional location for Europe.
\ "eu"
4 / Multi-regional location for United States.
\ "us"
5 / Taiwan.
\ "asia-east1"
6 / Tokyo.
\ "asia-northeast1"
7 / Singapore.
\ "asia-southeast1"
8 / Sydney.
\ "australia-southeast1"
9 / Belgium.
\ "europe-west1"
10 / London.
\ "europe-west2"
11 / Iowa.
\ "us-central1"
12 / South Carolina.
\ "us-east1"
13 / Northern Virginia.
\ "us-east4"
14 / Oregon.
\ "us-west1"
location> 12
The storage class to use when storing objects in Google Cloud Storage.
Choose a number from below, or type in your own value
1 / Default
\ ""
2 / Multi-regional storage class
\ "MULTI_REGIONAL"
3 / Regional storage class
\ "REGIONAL"
4 / Nearline storage class
\ "NEARLINE"
5 / Coldline storage class
\ "COLDLINE"
6 / Durable reduced availability storage class
\ "DURABLE_REDUCED_AVAILABILITY"
storage_class> 5
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine or Y didn't work
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
type = google cloud storage
client_id =
client_secret =
token = {"AccessToken":"xxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"x/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxx","Expiry":"2014-07-17T20:49:14.929208288+01:00","Extra":null}
project_number = 12345678
object_acl = private
bucket_acl = private
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
This remote is called remote
and can now be used like this
See all the buckets in your project
rclone lsd remote:
Make a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync /home/local/directory
to the remote bucket, deleting any excess files in the bucket.
rclone sync -i /home/local/directory remote:bucket
You can set up rclone with Google Cloud Storage in an unattended mode, i.e. not tied to a specific end-user Google account. This is useful when you want to synchronise files onto machines that don't have actively logged-in users, for example build machines.
To get credentials for Google Cloud Platform IAM Service Accounts, please head to the Service Account section of the Google Developer Console. Service Accounts behave just like normal User
permissions in Google Cloud Storage ACLs, so you can limit their access (e.g. make them read only). After creating an account, a JSON file containing the Service Account's credentials will be downloaded onto your machines. These credentials are what rclone will use for authentication.
To use a Service Account instead of OAuth2 token flow, enter the path to your Service Account credentials at the service_account_file
prompt and rclone won't use the browser based authentication flow. If you'd rather stuff the contents of the credentials file into the rclone config file, you can set service_account_credentials
with the actual contents of the file instead, or set the equivalent environment variable.
For downloads of objects that permit public access you can configure rclone to use anonymous access by setting anonymous
to true
. With unauthorized access you can't write or create files but only read or list those buckets and objects that have public read access.
If no other source of credentials is provided, rclone will fall back to Application Default Credentials this is useful both when you already have configured authentication for your developer account, or in production when running on a google compute host. Note that if running in docker, you may need to run additional commands on your google compute machine - see this page.
Note that in the case application default credentials are used, there is no need to explicitly configure a project number.
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
You can set custom upload headers with the --header-upload
flag. Google Cloud Storage supports the headers as described in the working with metadata documentation
Eg --header-upload "Content-Type text/potato"
Note that the last of these is for setting custom metadata in the form --header-upload "x-goog-meta-key: value"
Google Cloud Storage stores md5sum natively. Google's gsutil tool stores modification time with one-second precision as goog-reserved-file-mtime
in file metadata.
To ensure compatibility with gsutil, rclone stores modification time in 2 separate metadata entries. mtime
uses RFC3339 format with one-nanosecond precision. goog-reserved-file-mtime
uses Unix timestamp format with one-second precision. To get modification time from object metadata, rclone reads the metadata in the following order: mtime
, goog-reserved-file-mtime
, object updated time.
Note that rclone's default modify window is 1ns. Files uploaded by gsutil only contain timestamps with one-second precision. If you use rclone to sync files previously uploaded by gsutil, rclone will attempt to update modification time for all these files. To avoid these possibly unnecessary updates, use --modify-window 1s
.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
LF | 0x0A | ␊ |
CR | 0x0D | ␍ |
/ | 0x2F | / |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Project number. Optional - needed only for list/create/delete buckets - see your developer console.
Service Account Credentials JSON file path Leave blank normally. Needed only if you want use SA instead of interactive login.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
Service Account Credentials JSON blob Leave blank normally. Needed only if you want use SA instead of interactive login.
Access public buckets and objects without credentials Set to 'true' if you just want to download files and don't configure credentials.
Access Control List for new objects.
Access Control List for new buckets.
Access checks should use bucket-level IAM policies.
If you want to upload objects to a bucket with Bucket Policy Only set then you will need to set this.
When it is set, rclone:
Docs: https://cloud.google.com/storage/docs/bucket-policy-only
Location for the newly created buckets.
The storage class to use when storing objects in Google Cloud Storage.
Here are the advanced options specific to google cloud storage (Google Cloud Storage (this is not Google Drive)).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the Google Cloud Storage backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Paths are specified as drive:path
Drive paths may be as deep as required, e.g. drive:directory/subdirectory
.
The initial setup for drive involves getting a token from Google drive which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
n/r/c/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Google Drive
\ "drive"
[snip]
Storage> drive
Google Application Client Id - leave blank normally.
client_id>
Google Application Client Secret - leave blank normally.
client_secret>
Scope that rclone should use when requesting access from drive.
Choose a number from below, or type in your own value
1 / Full access all files, excluding Application Data Folder.
\ "drive"
2 / Read-only access to file metadata and file contents.
\ "drive.readonly"
/ Access to files created by rclone only.
3 | These are visible in the drive website.
| File authorization is revoked when the user deauthorizes the app.
\ "drive.file"
/ Allows read and write access to the Application Data folder.
4 | This is not visible in the drive website.
\ "drive.appfolder"
/ Allows read-only access to file metadata but
5 | does not allow any access to read or download file content.
\ "drive.metadata.readonly"
scope> 1
ID of the root folder - leave blank normally. Fill in to access "Computers" folders. (see docs).
root_folder_id>
Service Account Credentials JSON file path - needed only if you want use SA instead of interactive login.
service_account_file>
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine or Y didn't work
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
Configure this as a Shared Drive (Team Drive)?
y) Yes
n) No
y/n> n
--------------------
[remote]
client_id =
client_secret =
scope = drive
root_folder_id =
service_account_file =
token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2014-03-16T13:57:58.955387075Z"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
You can then use it like this,
List directories in top level of your drive
rclone lsd remote:
List all the files in your drive
rclone ls remote:
To copy a local directory to a drive directory called backup
rclone copy /home/source remote:backup
Rclone allows you to select which scope you would like for rclone to use. This changes what type of token is granted to rclone. The scopes are defined here.
The scope are
This is the default scope and allows full access to all files, except for the Application Data Folder (see below).
Choose this one if you aren't sure.
This allows read only access to all files. Files may be listed and downloaded but not uploaded, renamed or deleted.
With this scope rclone can read/view/modify only those files and folders it creates.
So if you uploaded files to drive via the web interface (or any other means) they will not be visible to rclone.
This can be useful if you are using rclone to backup data and you want to be sure confidential data on your drive is not visible to rclone.
Files created with this scope are visible in the web interface.
This gives rclone its own private area to store files. Rclone will not be able to see any other files on your drive and you won't be able to see rclone's files from the web interface either.
This allows read only access to file names only. It does not allow rclone to download or upload data, or rename or delete files or directories.
You can set the root_folder_id
for rclone. This is the directory (identified by its Folder ID
) that rclone considers to be the root of your drive.
Normally you will leave this blank and rclone will determine the correct root to use itself.
However you can set this to restrict rclone to a specific folder hierarchy or to access data within the "Computers" tab on the drive web interface (where files from Google's Backup and Sync desktop program go).
In order to do this you will have to find the Folder ID
of the directory you wish rclone to display. This will be the last segment of the URL when you open the relevant folder in the drive web interface.
So if the folder you want rclone to use has a URL which looks like https://drive.google.com/drive/folders/1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh
in the browser, then you use 1XyfxxxxxxxxxxxxxxxxxxxxxxxxxKHCh
as the root_folder_id
in the config.
NB folders under the "Computers" tab seem to be read only (drive gives a 500 error) when using rclone.
There doesn't appear to be an API to discover the folder IDs of the "Computers" tab - please contact us if you know otherwise!
Note also that rclone can't access any data under the "Backups" tab on the google drive web interface yet.
You can set up rclone with Google Drive in an unattended mode, i.e. not tied to a specific end-user Google account. This is useful when you want to synchronise files onto machines that don't have actively logged-in users, for example build machines.
To use a Service Account instead of OAuth2 token flow, enter the path to your Service Account credentials at the service_account_file
prompt during rclone config
and rclone won't use the browser based authentication flow. If you'd rather stuff the contents of the credentials file into the rclone config file, you can set service_account_credentials
with the actual contents of the file instead, or set the equivalent environment variable.
Let's say that you are the administrator of a Google Apps (old) or G-suite account. The goal is to store data on an individual's Drive account, who IS a member of the domain. We'll call the domain example.com, and the user foo@example.com.
There's a few steps we need to go through to accomplish this:
https://www.googleapis.com/auth/drive
to grant access to Google Drive specifically.rclone config
n/s/q> n # New
name>gdrive # Gdrive is an example name
Storage> # Select the number shown for Google Drive
client_id> # Can be left blank
client_secret> # Can be left blank
scope> # Select your scope, 1 for example
root_folder_id> # Can be left blank
service_account_file> /home/foo/myJSONfile.json # This is where the JSON file goes!
y/n> # Auto config, y
rclone -v --drive-impersonate foo@example.com lsf gdrive:backup
-v
- verbose logging--drive-impersonate foo@example.com
- this is what does the magic, pretending to be user foo.lsf
- list files in a parsing friendly waygdrive:backup
- use the remote called gdrive, work in the folder named backup.Note: in case you configured a specific root folder on gdrive and rclone is unable to access the contents of that folder when using --drive-impersonate
, do this instead: - in the gdrive web interface, share your root folder with the user/email of the new Service Account you created/selected at step #1 - use rclone without specifying the --drive-impersonate
option, like this: rclone -v foo@example.com lsf gdrive:backup
If you want to configure the remote to point to a Google Shared Drive (previously known as Team Drives) then answer y
to the question Configure this as a Shared Drive (Team Drive)?
.
This will fetch the list of Shared Drives from google and allow you to configure which one you want to use. You can also type in a Shared Drive ID if you prefer.
For example:
Configure this as a Shared Drive (Team Drive)?
y) Yes
n) No
y/n> y
Fetching Shared Drive list...
Choose a number from below, or type in your own value
1 / Rclone Test
\ "xxxxxxxxxxxxxxxxxxxx"
2 / Rclone Test 2
\ "yyyyyyyyyyyyyyyyyyyy"
3 / Rclone Test 3
\ "zzzzzzzzzzzzzzzzzzzz"
Enter a Shared Drive ID> 1
--------------------
[remote]
client_id =
client_secret =
token = {"AccessToken":"xxxx.x.xxxxx_xxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","RefreshToken":"1/xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx","Expiry":"2014-03-16T13:57:58.955387075Z","Extra":null}
team_drive = xxxxxxxxxxxxxxxxxxxx
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
It does this by combining multiple list
calls into a single API request.
This works by combining many '%s' in parents
filters into one expression. To list the contents of directories a, b and c, the following requests will be send by the regular List
function:
trashed=false and 'a' in parents
trashed=false and 'b' in parents
trashed=false and 'c' in parents
These can now be combined into a single request:
trashed=false and ('a' in parents or 'b' in parents or 'c' in parents)
The implementation of ListR
will put up to 50 parents
filters into one request. It will use the --checkers
value to specify the number of requests to run in parallel.
In tests, these batch requests were up to 20x faster than the regular method. Running the following command against different sized folders gives:
rclone lsjson -vv -R --checkers=6 gdrive:folder
small folder (220 directories, 700 files):
--fast-list
: 38s--fast-list
: 10slarge folder (10600 directories, 39000 files):
--fast-list
: 22:05 min--fast-list
: 58sGoogle drive stores modification times accurate to 1 ms.
Only Invalid UTF-8 bytes will be replaced, as they can't be used in JSON strings.
In contrast to other backends, /
can also be used in names and .
or ..
are valid names.
Google drive stores revisions of files. When you upload a change to an existing file to google drive using rclone it will create a new revision of that file.
Revisions follow the standard google policy which at time of writing was
By default rclone will send all files to the trash when deleting files. If deleting them permanently is required then use the --drive-use-trash=false
flag, or set the equivalent environment variable.
In March 2020 Google introduced a new feature in Google Drive called drive shortcuts (API). These will (by September 2020) replace the ability for files or folders to be in multiple folders at once.
Shortcuts are files that link to other files on Google Drive somewhat like a symlink in unix, except they point to the underlying file data (e.g. the inode in unix terms) so they don't break if the source is renamed or moved about.
Be default rclone treats these as follows.
For shortcuts pointing to files:
For shortcuts pointing to folders:
rclone rmdir
or rclone purge
the shortcut is deleted not the linked folder.rclone remove
or rclone mount
the contents of the linked folder will be deleted.The rclone backend command can be used to create shortcuts.
Shortcuts can be completely ignored with the --drive-skip-shortcuts
flag or the corresponding skip_shortcuts
configuration setting.
If you wish to empty your trash you can use the rclone cleanup remote:
command which will permanently delete all your trashed files. This command does not take any path arguments.
Note that Google Drive takes some time (minutes to days) to empty the trash even though the command returns within a few seconds. No output is echoed, so there will be no confirmation even using -v or -vv.
To view your current quota you can use the rclone about remote:
command which will display your usage limit (quota), the usage in Google Drive, the size of all files in the Trash and the space used by other Google services such as Gmail. This command does not take any path arguments.
Google documents can be exported from and uploaded to Google Drive.
When rclone downloads a Google doc it chooses a format to download depending upon the --drive-export-formats
setting. By default the export formats are docx,xlsx,pptx,svg
which are a sensible default for an editable document.
When choosing a format, rclone runs down the list provided in order and chooses the first file format the doc can be exported as from the list. If the file can't be exported to a format on the formats list, then rclone will choose a format from the default list.
If you prefer an archive copy then you might use --drive-export-formats pdf
, or if you prefer openoffice/libreoffice formats you might use --drive-export-formats ods,odt,odp
.
Note that rclone adds the extension to the google doc, so if it is called My Spreadsheet
on google docs, it will be exported as My Spreadsheet.xlsx
or My Spreadsheet.pdf
etc.
When importing files into Google Drive, rclone will convert all files with an extension in --drive-import-formats
to their associated document type. rclone will not convert any files by default, since the conversion is lossy process.
The conversion must result in a file with the same extension when the --drive-export-formats
rules are applied to the uploaded document.
Here are some examples for allowed and prohibited conversions.
export-formats | import-formats | Upload Ext | Document Ext | Allowed |
---|---|---|---|---|
odt | odt | odt | odt | Yes |
odt | docx,odt | odt | odt | Yes |
docx | docx | docx | Yes | |
odt | odt | docx | No | |
odt,docx | docx,odt | docx | odt | No |
docx,odt | docx,odt | docx | docx | Yes |
docx,odt | docx,odt | odt | docx | No |
This limitation can be disabled by specifying --drive-allow-import-name-change
. When using this flag, rclone can convert multiple files types resulting in the same document type at once, e.g. with --drive-import-formats docx,odt,txt
, all files having these extension would result in a document represented as a docx file. This brings the additional risk of overwriting a document, if multiple files have the same stem. Many rclone operations will not handle this name change in any way. They assume an equal name when copying files and might copy the file again or delete them when the name changes.
Here are the possible export extensions with their corresponding mime types. Most of these can also be used for importing, but there more that are not listed here. Some of these additional ones might only be available when the operating system provides the correct MIME type entries.
This list can be changed by Google Drive at any time and might not represent the currently available conversions.
Extension | Mime Type | Description |
---|---|---|
csv | text/csv | Standard CSV format for Spreadsheets |
docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | Microsoft Office Document |
epub | application/epub+zip | E-book format |
html | text/html | An HTML Document |
jpg | image/jpeg | A JPEG Image File |
json | application/vnd.google-apps.script+json | JSON Text Format |
odp | application/vnd.oasis.opendocument.presentation | Openoffice Presentation |
ods | application/vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
ods | application/x-vnd.oasis.opendocument.spreadsheet | Openoffice Spreadsheet |
odt | application/vnd.oasis.opendocument.text | Openoffice Document |
application/pdf | Adobe PDF Format | |
png | image/png | PNG Image Format |
pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | Microsoft Office Powerpoint |
rtf | application/rtf | Rich Text Format |
svg | image/svg+xml | Scalable Vector Graphics Format |
tsv | text/tab-separated-values | Standard TSV format for spreadsheets |
txt | text/plain | Plain Text |
xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | Microsoft Office Spreadsheet |
zip | application/zip | A ZIP file of HTML, Images CSS |
Google documents can also be exported as link files. These files will open a browser window for the Google Docs website of that document when opened. The link file extension has to be specified as a --drive-export-formats
parameter. They will match all available Google Documents.
Extension | Description | OS Support |
---|---|---|
desktop | freedesktop.org specified desktop entry | Linux |
link.html | An HTML Document with a redirect | All |
url | INI style link file | macOS, Windows |
webloc | macOS specific XML format | macOS |
Here are the standard options specific to drive (Google Drive).
Google Application Client Id Setting your own is recommended. See https://rclone.org/drive/#making-your-own-client-id for how to create your own. If you leave this blank, it will use an internal key which is low performance.
OAuth Client Secret Leave blank normally.
Scope that rclone should use when requesting access from drive.
ID of the root folder Leave blank normally.
Fill in to access "Computers" folders (see docs), or for rclone to use a non root folder as its starting point.
Service Account Credentials JSON file path Leave blank normally. Needed only if you want use SA instead of interactive login.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
Deprecated: no longer needed
Here are the advanced options specific to drive (Google Drive).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Service Account Credentials JSON blob Leave blank normally. Needed only if you want use SA instead of interactive login.
ID of the Shared Drive (Team Drive)
Only consider files owned by the authenticated user.
Send files to the trash instead of deleting permanently. Defaults to true, namely sending files to the trash. Use --drive-use-trash=false
to delete files permanently instead.
Skip google documents in all listings. If given, gdocs practically become invisible to rclone.
Skip MD5 checksum on Google photos and videos only.
Use this if you get checksum errors when transferring Google photos or videos.
Setting this flag will cause Google photos and videos to return a blank MD5 checksum.
Google photos are identified by being in the "photos" space.
Corrupted checksums are caused by Google modifying the image/video but not updating the checksum.
Only show files that are shared with me.
Instructs rclone to operate on your "Shared with me" folder (where Google Drive lets you access the files and folders others have shared with you).
This works both with the "list" (lsd, lsl, etc.) and the "copy" commands (copy, sync, etc.), and with all other commands too.
Only show files that are in the trash. This will show trashed files in their original directory structure.
Only show files that are starred.
Deprecated: see export_formats
Comma separated list of preferred formats for downloading Google docs.
Comma separated list of preferred formats for uploading Google docs.
Allow the filetype to change when uploading Google docs (e.g. file.doc to file.docx). This will confuse sync and reupload every time.
Use file created date instead of modified date.,
Useful when downloading data and you want the creation date used in place of the last modified date.
WARNING: This flag may have some unexpected consequences.
When uploading to your drive all files will be overwritten unless they haven't been modified since their creation. And the inverse will occur while downloading. This side effect can be avoided by using the "--checksum" flag.
This feature was implemented to retain photos capture date as recorded by google photos. You will first need to check the "Create a Google Photos folder" option in your google drive settings. You can then copy or move the photos locally and use the date the image was taken (created) set as the modification date.
Use date file was shared instead of modified date.
Note that, as with "--drive-use-created-date", this flag may have unexpected consequences when uploading/downloading files.
If both this flag and "--drive-use-created-date" are set, the created date is used.
Size of listing chunk 100-1000. 0 to disable.
Impersonate this user when using a service account.
Cutoff for switching to chunked upload
Upload chunk size. Must a power of 2 >= 256k.
Making this larger will improve performance, but note that each chunk is buffered in memory one per transfer.
Reducing this will reduce memory usage but decrease performance.
Set to allow files which return cannotDownloadAbusiveFile to be downloaded.
If downloading a file returns the error "This file has been identified as malware or spam and cannot be downloaded" with the error code "cannotDownloadAbusiveFile" then supply this flag to rclone to indicate you acknowledge the risks of downloading the file and rclone will download it anyway.
Keep new head revision of each file forever.
Show sizes as storage quota usage, not actual size.
Show the size of a file as the storage quota used. This is the current version plus any older versions that have been set to keep forever.
WARNING: This flag may have some unexpected consequences.
It is not recommended to set this flag in your config - the recommended usage is using the flag form --drive-size-as-quota when doing rclone ls/lsl/lsf/lsjson/etc only.
If you do use this flag for syncing (not recommended) then you will need to use --ignore size also.
If Object's are greater, use drive v2 API to download.
Minimum time to sleep between API calls.
Number of API calls to allow without sleeping.
Allow server-side operations (e.g. copy) to work across different drive configs.
This can be useful if you wish to do a server-side copy between two different Google drives. Note that this isn't enabled by default because it isn't easy to tell if it will work between any two configurations.
Disable drive using http2
There is currently an unsolved issue with the google drive backend and HTTP/2. HTTP/2 is therefore disabled by default for the drive backend but can be re-enabled here. When the issue is solved this flag will be removed.
See: https://github.com/rclone/rclone/issues/3631
Make upload limit errors be fatal
At the time of writing it is only possible to upload 750 GiB of data to Google Drive a day (this is an undocumented limit). When this limit is reached Google Drive produces a slightly different error message. When this flag is set it causes these errors to be fatal. These will stop the in-progress sync.
Note that this detection is relying on error message strings which Google don't document so it may break in the future.
See: https://github.com/rclone/rclone/issues/3857
Make download limit errors be fatal
At the time of writing it is only possible to download 10 TiB of data from Google Drive a day (this is an undocumented limit). When this limit is reached Google Drive produces a slightly different error message. When this flag is set it causes these errors to be fatal. These will stop the in-progress sync.
Note that this detection is relying on error message strings which Google don't document so it may break in the future.
If set skip shortcut files
Normally rclone dereferences shortcut files making them appear as if they are the original file (see the shortcuts section). If this flag is set then rclone will ignore shortcut files completely.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Here are the commands specific to the drive backend.
Run them with
rclone backend COMMAND remote:
The help below will explain what arguments each command takes.
See the "rclone backend" command for more info on how to pass options and arguments.
These can be run on a running backend using the rc command backend/command.
Get command for fetching the drive config parameters
rclone backend get remote: [options] [<arguments>+]
This is a get command which will be used to fetch the various drive config parameters
Usage Examples:
rclone backend get drive: [-o service_account_file] [-o chunk_size]
rclone rc backend/command command=get fs=drive: [-o service_account_file] [-o chunk_size]
Options:
Set command for updating the drive config parameters
rclone backend set remote: [options] [<arguments>+]
This is a set command which will be used to update the various drive config parameters
Usage Examples:
rclone backend set drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
rclone rc backend/command command=set fs=drive: [-o service_account_file=sa.json] [-o chunk_size=67108864]
Options:
Create shortcuts from files or directories
rclone backend shortcut remote: [options] [<arguments>+]
This command creates shortcuts from files or directories.
Usage:
rclone backend shortcut drive: source_item destination_shortcut
rclone backend shortcut drive: source_item -o target=drive2: destination_shortcut
In the first example this creates a shortcut from the "source_item" which can be a file or a directory to the "destination_shortcut". The "source_item" and the "destination_shortcut" should be relative paths from "drive:"
In the second example this creates a shortcut from the "source_item" relative to "drive:" to the "destination_shortcut" relative to "drive2:". This may fail with a permission error if the user authenticated with "drive2:" can't read files from "drive:".
Options:
List the Shared Drives available to this account
rclone backend drives remote: [options] [<arguments>+]
This command lists the Shared Drives (Team Drives) available to this account.
Usage:
rclone backend drives drive:
This will return a JSON list of objects like this
[
{
"id": "0ABCDEF-01234567890",
"kind": "drive#teamDrive",
"name": "My Drive"
},
{
"id": "0ABCDEFabcdefghijkl",
"kind": "drive#teamDrive",
"name": "Test Drive"
}
]
Untrash files and directories
rclone backend untrash remote: [options] [<arguments>+]
This command untrashes all the files and directories in the directory passed in recursively.
Usage:
This takes an optional directory to trash which make this easier to use via the API.
rclone backend untrash drive:directory
rclone backend -i untrash drive:directory subdir
Use the -i flag to see what would be restored before restoring it.
Result:
{
"Untrashed": 17,
"Errors": 0
}
Copy files by ID
rclone backend copyid remote: [options] [<arguments>+]
This command copies files by ID
Usage:
rclone backend copyid drive: ID path
rclone backend copyid drive: ID1 path1 ID2 path2
It copies the drive file with ID given to the path (an rclone path which will be passed internally to rclone copyto). The ID and path pairs can be repeated.
The path should end with a / to indicate copy the file as named to this directory. If it doesn't end with a / then the last path component will be used as the file name.
If the destination is a drive backend then server-side copying will be attempted if possible.
Use the -i flag to see what would be copied before copying.
Drive has quite a lot of rate limiting. This causes rclone to be limited to transferring about 2 files per second only. Individual files may be transferred much faster at 100s of MiByte/s but lots of small files can take a long time.
Server side copies are also subject to a separate rate limit. If you see User rate limit exceeded errors, wait at least 24 hours and retry. You can disable server-side copies with --disable copy
to download and upload the files if you prefer.
Google docs will appear as size -1 in rclone ls
and as size 0 in anything which uses the VFS layer, e.g. rclone mount
, rclone serve
.
This is because rclone can't find out the size of the Google docs without downloading them.
Google docs will transfer correctly with rclone sync
, rclone copy
etc as rclone knows to ignore the size when doing the transfer.
However an unfortunate consequence of this is that you may not be able to download Google docs using rclone mount
. If it doesn't work you will get a 0 sized file. If you try again the doc may gain its correct size and be downloadable. Whether it will work on not depends on the application accessing the mount and the OS you are running - experiment to find out if it does work for you!
Sometimes, for no reason I've been able to track down, drive will duplicate a file that rclone uploads. Drive unlike all the other remotes can have duplicated files.
Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.
Use rclone dedupe
to fix duplicated files.
Note that this isn't just a problem with rclone, even Google Photos on Android duplicates files on drive sometimes.
The most likely cause of this is the duplicated file issue above - run rclone dedupe
and check your logs for duplicate object or directory messages.
This can also be caused by a delay/caching on google drive's end when comparing directory listings. Specifically with team drives used in combination with --fast-list. Files that were uploaded recently may not appear on the directory list sent to rclone when using --fast-list.
Waiting a moderate period of time between attempts (estimated to be approximately 1 hour) and/or not using --fast-list both seem to be effective in preventing the problem.
When you use rclone with Google drive in its default configuration you are using rclone's client_id. This is shared between all the rclone users. There is a global rate limit on the number of queries per second that each client_id can do set by Google. rclone already has a high quota and I will continue to make sure it is high enough by contacting Google.
It is strongly recommended to use your own client ID as the default rclone ID is heavily used. If you have multiple services running, it is recommended to use an API key for each service. The default Google quota is 10 transactions per second so it is recommended to stay under that number as if you use more than that, it will cause rclone to rate limit and make things slower.
Here is how to create your own Google Drive client ID for rclone:
Log into the Google API Console with your Google account. It doesn't matter what Google account you use. (It need not be the same account as the Google Drive you want to access)
Select a project or create a new project.
Under "ENABLE APIS AND SERVICES" search for "Drive", and enable the "Google Drive API".
Click "Credentials" in the left-side panel (not "Create credentials", which opens the wizard), then "Create credentials"
If you already configured an "Oauth Consent Screen", then skip to the next step; if not, click on "CONFIGURE CONSENT SCREEN" button (near the top right corner of the right panel), then select "External" and click on "CREATE"; on the next screen, enter an "Application name" ("rclone" is OK) then click on "Save" (all other data is optional). Click again on "Credentials" on the left panel to go back to the "Credentials" screen.
(PS: if you are a GSuite user, you could also select "Internal" instead of "External" above, but this has not been tested/documented so far).
Click on the "+ CREATE CREDENTIALS" button at the top of the screen, then select "OAuth client ID".
Choose an application type of "Desktop app" if you using a Google account or "Other" if you using a GSuite account and click "Create". (the default name is fine)
It will show you a client ID and client secret. Make a note of these.
Go to "Oauth consent screen" and press "Publish App"
Provide the noted client ID and client secret to rclone.
Be aware that, due to the "enhanced security" recently introduced by Google, you are theoretically expected to "submit your app for verification" and then wait a few weeks(!) for their response; in practice, you can go right ahead and use the client ID and client secret with rclone, the only issue will be a very scary confirmation screen shown when you connect via your browser for rclone to be able to get its token-id (but as this only happens during the remote configuration, it's not such a big deal).
(Thanks to @balazer on github for these instructions.)
Sometimes, creation of an OAuth consent in Google API Console fails due to an error message “The request failed because changes to one of the field of the resource is not supported”. As a convenient workaround, the necessary Google Drive API key can be created on the Python Quickstart page. Just push the Enable the Drive API button to receive the Client ID and Secret. Note that it will automatically create a new project in the API Console.
The rclone backend for Google Photos is a specialized backend for transferring photos and videos to and from Google Photos.
NB The Google Photos API which rclone uses has quite a few limitations, so please read the limitations section carefully to make sure it is suitable for your use.
The initial setup for google cloud storage involves getting a token from Google Photos which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Google Photos
\ "google photos"
[snip]
Storage> google photos
** See help for google photos backend at: https://rclone.org/googlephotos/ **
Google Application Client Id
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_id>
Google Application Client Secret
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret>
Set to make the Google Photos backend read only.
If you choose read only then rclone will only request read only access
to your photos, otherwise rclone will request full access.
Enter a boolean value (true or false). Press Enter for the default ("false").
read_only>
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
*** IMPORTANT: All media items uploaded to Google Photos with rclone
*** are stored in full resolution at original quality. These uploads
*** will count towards storage in your Google Account.
--------------------
[remote]
type = google photos
token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2019-06-28T17:38:04.644930156+01:00"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
This remote is called remote
and can now be used like this
See all the albums in your photos
rclone lsd remote:album
Make a new album
rclone mkdir remote:album/newAlbum
List the contents of an album
rclone ls remote:album/newAlbum
Sync /home/local/images
to the Google Photos, removing any excess files in the album.
rclone sync -i /home/local/image remote:album/newAlbum
As Google Photos is not a general purpose cloud storage system the backend is laid out to help you navigate it.
The directories under media
show different ways of categorizing the media. Each file will appear multiple times. So if you want to make a backup of your google photos you might choose to backup remote:media/by-month
. (NB remote:media/by-day
is rather slow at the moment so avoid for syncing.)
Note that all your photos and videos will appear somewhere under media
, but they may not appear under album
unless you've put them into albums.
/
- upload
- file1.jpg
- file2.jpg
- ...
- media
- all
- file1.jpg
- file2.jpg
- ...
- by-year
- 2000
- file1.jpg
- ...
- 2001
- file2.jpg
- ...
- ...
- by-month
- 2000
- 2000-01
- file1.jpg
- ...
- 2000-02
- file2.jpg
- ...
- ...
- by-day
- 2000
- 2000-01-01
- file1.jpg
- ...
- 2000-01-02
- file2.jpg
- ...
- ...
- album
- album name
- album name/sub
- shared-album
- album name
- album name/sub
- feature
- favorites
- file1.jpg
- file2.jpg
There are two writable parts of the tree, the upload
directory and sub directories of the album
directory.
The upload
directory is for uploading files you don't want to put into albums. This will be empty to start with and will contain the files you've uploaded for one rclone session only, becoming empty again when you restart rclone. The use case for this would be if you have a load of files you just want to once off dump into Google Photos. For repeated syncing, uploading to album
will work better.
Directories within the album
directory are also writeable and you may create new directories (albums) under album
. If you copy files with a directory hierarchy in there then rclone will create albums with the /
character in them. For example if you do
rclone copy /path/to/images remote:album/images
and the images directory contains
images
- file1.jpg
dir
file2.jpg
dir2
dir3
file3.jpg
Then rclone will create the following albums with the following files in
This means that you can use the album
path pretty much like a normal filesystem and it is a good target for repeated syncing.
The shared-album
directory shows albums shared with you or by you. This is similar to the Sharing tab in the Google Photos web interface.
Only images and videos can be uploaded. If you attempt to upload non videos or images or formats that Google Photos doesn't understand, rclone will upload the file, then Google Photos will give an error when it is put turned into a media item.
Note that all media items uploaded to Google Photos through the API are stored in full resolution at "original quality" and will count towards your storage quota in your Google Account. The API does not offer a way to upload in "high quality" mode..
rclone about
is not supported by the Google Photos backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
When Images are downloaded this strips EXIF location (according to the docs and my tests). This is a limitation of the Google Photos API and is covered by bug #112096115.
The current google API does not allow photos to be downloaded at original resolution. This is very important if you are, for example, relying on "Google Photos" as a backup of your photos. You will not be able to use rclone to redownload original images. You could use 'google takeout' to recover the original photos as a last resort
When videos are downloaded they are downloaded in a really compressed version of the video compared to downloading it via the Google Photos web interface. This is covered by bug #113672044.
If a file name is duplicated in a directory then rclone will add the file ID into its name. So two files called file.jpg
would then appear as file {123456}.jpg
and file {ABCDEF}.jpg
(the actual IDs are a lot longer alas!).
If you upload the same image (with the same binary data) twice then Google Photos will deduplicate it. However it will retain the filename from the first upload which may confuse rclone. For example if you uploaded an image to upload
then uploaded the same image to album/my_album
the filename of the image in album/my_album
will be what it was uploaded with initially, not what you uploaded it with to album
. In practise this shouldn't cause too many problems.
The date shown of media in Google Photos is the creation date as determined by the EXIF information, or the upload date if that is not known.
This is not changeable by rclone and is not the modification date of the media on local disk. This means that rclone cannot use the dates from Google Photos for syncing purposes.
The Google Photos API does not return the size of media. This means that when syncing to Google Photos, rclone can only do a file existence check.
It is possible to read the size of the media, but this needs an extra HTTP HEAD request per media item so is very slow and uses up a lot of transactions. This can be enabled with the --gphotos-read-size
option or the read_size = true
config parameter.
If you want to use the backend with rclone mount
you may need to enable this flag (depending on your OS and application using the photos) otherwise you may not be able to read media off the mount. You'll need to experiment to see if it works for you without the flag.
Rclone can only upload files to albums it created. This is a limitation of the Google Photos API.
Rclone can remove files it uploaded from albums it created only.
Rclone can remove files from albums it created, but note that the Google Photos API does not allow media to be deleted permanently so this media will still remain. See bug #109759781.
Rclone cannot delete files anywhere except under album
.
The Google Photos API does not support deleting albums - see bug #135714733.
Here are the standard options specific to google photos (Google Photos).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Set to make the Google Photos backend read only.
If you choose read only then rclone will only request read only access to your photos, otherwise rclone will request full access.
Here are the advanced options specific to google photos (Google Photos).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Set to read the size of media items.
Normally rclone does not read the size of media items since this takes another transaction. This isn't necessary for syncing. However rclone mount needs to know the size of files in advance of reading them, so setting this flag when using rclone mount is recommended if you want to read the media.
Year limits the photos to be downloaded to those which are uploaded after the given year
Also view and download archived media.
By default rclone does not request archived media. Thus, when syncing, archived media is not visible in directory listings or transferred.
Note that media in albums is always visible and synced, no matter their archive status.
With this flag, archived media are always visible in directory listings and transferred.
Without this flag, archived media will not be visible in directory listings and won't be transferred.
HDFS is a distributed file-system, part of the Apache Hadoop framework.
Paths are specified as remote:
or remote:path/to/dir
.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[skip]
XX / Hadoop distributed file system
\ "hdfs"
[skip]
Storage> hdfs
** See help for hdfs backend at: https://rclone.org/hdfs/ **
hadoop name node and port
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to host namenode at port 8020
\ "namenode:8020"
namenode> namenode.hadoop:8020
hadoop user name
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to hdfs as root
\ "root"
username> root
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[remote]
type = hdfs
namenode = namenode.hadoop:8020
username = root
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
hadoop hdfs
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
This remote is called remote
and can now be used like this
See all the top level directories
rclone lsd remote:
List the contents of a directory
rclone ls remote:directory
Sync the remote directory
to /home/local/directory
, deleting any excess files.
rclone sync -i remote:directory /home/local/directory
You may start with a manual setup or use the docker image from the tests:
If you want to build the docker image
git clone https://github.com/rclone/rclone.git
cd rclone/fstest/testserver/images/test-hdfs
docker build --rm -t rclone/test-hdfs .
Or you can just use the latest one pushed
docker run --rm --name "rclone-hdfs" -p 127.0.0.1:9866:9866 -p 127.0.0.1:8020:8020 --hostname "rclone-hdfs" rclone/test-hdfs
NB it need few seconds to startup.
For this docker image the remote needs to be configured like this:
[remote]
type = hdfs
namenode = 127.0.0.1:8020
username = root
You can stop this image with docker kill rclone-hdfs
(NB it does not use volumes, so all data uploaded will be lost.)
Time accurate to 1 second is stored.
No checksums are implemented.
You can use the rclone about remote:
command which will display filesystem size and current usage.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
: | 0x3A | : |
Invalid UTF-8 bytes will also be replaced.
Move
or DirMove
.Here are the standard options specific to hdfs (Hadoop distributed file system).
hadoop name node and port
hadoop user name
Here are the advanced options specific to hdfs (Hadoop distributed file system).
Kerberos service principal name for the namenode
Enables KERBEROS authentication. Specifies the Service Principal Name (SERVICE/FQDN) for the namenode.
Kerberos data transfer protection: authentication|integrity|privacy
Specifies whether or not authentication, data signature integrity checks, and wire encryption is required when communicating the the datanodes. Possible values are 'authentication', 'integrity' and 'privacy'. Used only with KERBEROS enabled.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
The HTTP remote is a read only remote for reading files of a webserver. The webserver should provide file listings which rclone will read and turn into a remote. This has been tested with common webservers such as Apache/Nginx/Caddy and will likely work with file listings from most web servers. (If it doesn't then please file an issue, or send a pull request!)
Paths are specified as remote:
or remote:path/to/dir
.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / http Connection
\ "http"
[snip]
Storage> http
URL of http host to connect to
Choose a number from below, or type in your own value
1 / Connect to example.com
\ "https://example.com"
url> https://beta.rclone.org
Remote config
--------------------
[remote]
url = https://beta.rclone.org
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
remote http
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
This remote is called remote
and can now be used like this
See all the top level directories
rclone lsd remote:
List the contents of a directory
rclone ls remote:directory
Sync the remote directory
to /home/local/directory
, deleting any excess files.
rclone sync -i remote:directory /home/local/directory
This remote is read only - you can't upload files to an HTTP server.
Most HTTP servers store time accurate to 1 second.
No checksums are stored.
Since the http remote only has one config parameter it is easy to use without a config file:
rclone lsd --http-url https://beta.rclone.org :http:
Here are the standard options specific to http (http Connection).
URL of http host to connect to
Here are the advanced options specific to http (http Connection).
Set HTTP headers for all transactions
Use this to set additional HTTP headers for all transactions
The input format is comma separated list of key,value pairs. Standard CSV encoding may be used.
For example to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
Set this if the site doesn't end directories with /
Use this if your target website does not use / on the end of directories.
A / on the end of a path is how rclone normally tells the difference between files and directories. If this flag is set, then rclone will treat all files with Content-Type: text/html as directories and read URLs from them rather than downloading them.
Note that this may cause rclone to confuse genuine HTML files with directories.
Don't use HEAD requests to find file sizes in dir listing
If your site is being very slow to load then you can try this option. Normally rclone does a HEAD request for each potential file in a directory listing to:
If you set this option, rclone will not do the HEAD request. This will mean
some files that don't exist may be in the listing
Default: false
rclone about
is not supported by the HTTP backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Paths are specified as remote:path
Paths are specified as remote:container
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:container/path/to/dir
.
The initial setup for Hubic involves getting a token from Hubic which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
n) New remote
s) Set configuration password
n/s> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Hubic
\ "hubic"
[snip]
Storage> hubic
Hubic Client Id - leave blank normally.
client_id>
Hubic Client Secret - leave blank normally.
client_secret>
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id =
client_secret =
token = {"access_token":"XXXXXX"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Hubic. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List containers in the top level of your Hubic
rclone lsd remote:
List all the files in your Hubic
rclone ls remote:
To copy a local directory to an Hubic directory called backup
rclone copy /home/source remote:backup
If you want the directory to be visible in the official Hubic browser, you need to copy your files to the default
directory
rclone copy /home/source remote:default/backup
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
The modified time is stored as metadata on the object as X-Object-Meta-Mtime
as floating point since the epoch accurate to 1 ns.
This is a de facto standard (used in the official python-swiftclient amongst others) for storing the modification time for an object.
Note that Hubic wraps the Swift backend, so most of the properties of are the same.
Here are the standard options specific to hubic (Hubic).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Here are the advanced options specific to hubic (Hubic).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Above this size files will be chunked into a _segments container.
Above this size files will be chunked into a _segments container. The default for this is 5 GiB which is its maximum value.
Don't chunk files during streaming upload.
When doing streaming uploads (e.g. using rcat or mount) setting this flag will cause the swift backend to not upload chunked files.
This will limit the maximum upload size to 5 GiB. However non chunked files are easier to deal with and have an MD5SUM.
Rclone will still chunk files bigger than chunk_size when doing normal copy operations.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
This uses the normal OpenStack Swift mechanism to refresh the Swift API credentials and ignores the expires field returned by the Hubic API.
The Swift API doesn't return a correct MD5SUM for segmented files (Dynamic or Static Large Objects) so rclone won't check or use the MD5SUM for these.
Jottacloud is a cloud storage service provider from a Norwegian company, using its own datacenters in Norway.
In addition to the official service at jottacloud.com, there are also several whitelabel versions which should work with this backend.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
To configure Jottacloud you will need to generate a personal security token in the Jottacloud web interface. You will the option to do in your account security settings (for whitelabel version you need to find this page in its web interface). Note that the web interface may refer to this token as a JottaCli token.
If you are using one of the whitelabel versions (Elgiganten, Com Hem Cloud) you may not have the option to generate a CLI token. In this case you'll have to use the legacy authentication. To to this select yes when the setup asks for legacy authentication and enter your username and password. The rest of the setup is identical to the default setup.
Similar to other whitelabel versions Telia Cloud doesn't offer the option of creating a CLI token, and additionally uses a separate authentication flow where the username is generated internally. To setup rclone to use Telia Cloud, choose Telia Cloud authentication in the setup. The rest of the setup is identical to the default setup.
Here is an example of how to make a remote called remote
with the default setup. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Jottacloud
\ "jottacloud"
[snip]
Storage> jottacloud
** See help for jottacloud backend at: https://rclone.org/jottacloud/ **
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
Use legacy authentication?.
This is only required for certain whitelabel versions of Jottacloud and not recommended for normal users.
y) Yes
n) No (default)
y/n> n
Generate a personal login token here: https://www.jottacloud.com/web/secure
Login Token> <your token here>
Do you want to use a non standard device/mountpoint e.g. for accessing files uploaded using the official Jottacloud client?
y) Yes
n) No
y/n> y
Please select the device to use. Normally this will be Jotta
Choose a number from below, or type in an existing value
1 > DESKTOP-3H31129
2 > Jotta
Devices> 2
Please select the mountpoint to user. Normally this will be Archive
Choose a number from below, or type in an existing value
1 > Archive
2 > Links
3 > Sync
Mountpoints> 1
--------------------
[jotta]
type = jottacloud
token = {........}
device = Jotta
mountpoint = Archive
configVersion = 1
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Once configured you can then use rclone
like this,
List directories in top level of your Jottacloud
rclone lsd remote:
List all the files in your Jottacloud
rclone ls remote:
To copy a local directory to an Jottacloud directory called backup
rclone copy /home/source remote:backup
The official Jottacloud client registers a device for each computer you install it on, and then creates a mountpoint for each folder you select for Backup. The web interface uses a special device called Jotta for the Archive and Sync mountpoints. In most cases you'll want to use the Jotta/Archive device/mountpoint, however if you want to access files uploaded by any of the official clients rclone provides the option to select other devices and mountpoints during config.
The built-in Jotta device may also contain several other mountpoints, such as: Latest, Links, Shared and Trash. These are special mountpoints with a different internal representation than the "regular" mountpoints. Rclone will only to a very limited degree support them. Generally you should avoid these, unless you know what you are doing.
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
Note that the implementation in Jottacloud always uses only a single API request to get the entire list, so for large folders this could lead to long wait time before the first results are shown.
Jottacloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.
Jottacloud supports MD5 type hashes, so you can use the --checksum
flag.
Note that Jottacloud requires the MD5 hash before upload so if the source does not have an MD5 checksum then the file will be cached temporarily on disk (wherever the TMPDIR
environment variable points to) before it is uploaded. Small files will be cached in memory - see the --jottacloud-md5-memory-limit flag. When uploading from local disk the source checksum is always available, so this does not apply. Starting with rclone version 1.52 the same is true for crypted remotes (in older versions the crypt backend would not calculate hashes for uploads from local disk, so the Jottacloud backend had to do it as described above).
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
" | 0x22 | " |
* | 0x2A | * |
: | 0x3A | : |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
| | 0x7C | | |
Invalid UTF-8 bytes will also be replaced, as they can't be used in XML strings.
By default rclone will send all files to the trash when deleting files. They will be permanently deleted automatically after 30 days. You may bypass the trash and permanently delete files immediately by using the --jottacloud-hard-delete flag, or set the equivalent environment variable. Emptying the trash is supported by the cleanup command.
Jottacloud supports file versioning. When rclone uploads a new version of a file it creates a new version of it. Currently rclone only supports retrieving the current version but older versions can be accessed via the Jottacloud Website.
Versioning can be disabled by --jottacloud-no-versions
option. This is achieved by deleting the remote file prior to uploading a new version. If the upload the fails no version of the file will be available in the remote.
To view your current quota you can use the rclone about remote:
command which will display your usage limit (unless it is unlimited) and the current usage.
Here are the advanced options specific to jottacloud (Jottacloud).
Files bigger than this will be cached on disk to calculate the MD5 if required.
Only show files that are in the trash. This will show trashed files in their original directory structure.
Delete files permanently rather than putting them into the trash.
Files bigger than this can be resumed if the upload fail's.
Avoid server side versioning by deleting files and recreating files instead of overwriting them.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that Jottacloud is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
There are quite a few characters that can't be in Jottacloud file names. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a ? in it will be mapped to ? instead.
Jottacloud only supports filenames up to 255 characters in length.
Jottacloud exhibits some inconsistent behaviours regarding deleted files and folders which may cause Copy, Move and DirMove operations to previously deleted paths to fail. Emptying the trash should help in such cases.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for Koofr involves creating an application password for rclone. You can do that by opening the Koofr web application, giving the password a nice name like rclone
and clicking on generate.
Here is an example of how to make a remote called koofr
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> koofr
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Koofr
\ "koofr"
[snip]
Storage> koofr
** See help for koofr backend at: https://rclone.org/koofr/ **
Your Koofr user name
Enter a string value. Press Enter for the default ("").
user> USER@NAME
Your Koofr password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password)
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[koofr]
type = koofr
baseurl = https://app.koofr.net
user = USER@NAME
password = *** ENCRYPTED ***
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
You can choose to edit advanced config in order to enter your own service URL if you use an on-premise or white label Koofr instance, or choose an alternative mount instead of your primary storage.
Once configured you can then use rclone
like this,
List directories in top level of your Koofr
rclone lsd koofr:
List all the files in your Koofr
rclone ls koofr:
To copy a local directory to an Koofr directory called backup
rclone copy /home/source remote:backup
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in XML strings.
Here are the standard options specific to koofr (Koofr).
Your Koofr user name
Your Koofr password for rclone (generate one at https://app.koofr.net/app/admin/preferences/password)
NB Input to this must be obscured - see rclone obscure.
Here are the advanced options specific to koofr (Koofr).
The Koofr API endpoint to use
Mount ID of the mount to use. If omitted, the primary mount is used.
Does the backend support setting modification time. Set this to false if you use a mount ID that points to a Dropbox or Amazon Drive backend.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that Koofr is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
Mail.ru Cloud is a cloud storage provided by a Russian internet company Mail.Ru Group. The official desktop client is Disk-O:, available on Windows and Mac OS.
Currently it is recommended to disable 2FA on Mail.ru accounts intended for rclone until it gets eventually implemented.
remote:directory/subdirectory
last modified time
property, directories don'tHere is an example of making a mailru configuration. First create a Mail.ru Cloud account and choose a tariff, then run
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Mail.ru Cloud
\ "mailru"
[snip]
Storage> mailru
User name (usually email)
Enter a string value. Press Enter for the default ("").
user> username@mail.ru
Password
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
Skip full upload if there is another file with same data hash.
This feature is called "speedup" or "put by hash". It is especially efficient
in case of generally available files like popular books, video or audio clips
[snip]
Enter a boolean value (true or false). Press Enter for the default ("true").
Choose a number from below, or type in your own value
1 / Enable
\ "true"
2 / Disable
\ "false"
speedup_enable> 1
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
--------------------
[remote]
type = mailru
user = username@mail.ru
pass = *** ENCRYPTED ***
speedup_enable = true
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Configuration of this backend does not require a local web browser. You can use the configured backend as shown below:
See top level directories
rclone lsd remote:
Make a new directory
rclone mkdir remote:directory
List the contents of a directory
rclone ls remote:directory
Sync /home/local/directory
to the remote path, deleting any excess files in the path.
rclone sync -i /home/local/directory remote:directory
Files support a modification time attribute with up to 1 second precision. Directories do not have a modification time, which is shown as "Jan 1 1970".
Hash sums use a custom Mail.ru algorithm based on SHA1. If file size is less than or equal to the SHA1 block size (20 bytes), its hash is simply its data right-padded with zero bytes. Hash sum of a larger file is computed as a SHA1 sum of the file data bytes concatenated with a decimal representation of the data length.
Removing a file or directory actually moves it to the trash, which is not visible to rclone but can be seen in a web browser. The trashed file still occupies part of total quota. If you wish to empty your trash and free some quota, you can use the rclone cleanup remote:
command, which will permanently delete all your trashed files. This command does not take any path arguments.
To view your current quota you can use the rclone about remote:
command which will display your usage limit (quota) and the current usage.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
" | 0x22 | " |
* | 0x2A | * |
: | 0x3A | : |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
\ | 0x5C | \ |
| | 0x7C | | |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
File size limits depend on your account. A single file size is limited by 2G for a free account and unlimited for paid tariffs. Please refer to the Mail.ru site for the total uploaded size limits.
Note that Mailru is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
Here are the standard options specific to mailru (Mail.ru Cloud).
User name (usually email)
Password
NB Input to this must be obscured - see rclone obscure.
Skip full upload if there is another file with same data hash. This feature is called "speedup" or "put by hash". It is especially efficient in case of generally available files like popular books, video or audio clips, because files are searched by hash in all accounts of all mailru users. It is meaningless and ineffective if source file is unique or encrypted. Please note that rclone may need local memory and disk space to calculate content hash in advance and decide whether full upload is required. Also, if rclone does not know file size in advance (e.g. in case of streaming or partial uploads), it will not even try this optimization.
Here are the advanced options specific to mailru (Mail.ru Cloud).
Comma separated list of file name patterns eligible for speedup (put by hash). Patterns are case insensitive and can contain '*' or '?' meta characters.
This option allows you to disable speedup (put by hash) for large files (because preliminary hashing can exhaust you RAM or disk space)
Files larger than the size given below will always be hashed on disk.
What should copy do if file checksum is mismatched or invalid
HTTP user agent used internally by client. Defaults to "rclone/VERSION" or "--user-agent" provided on command line.
Comma separated list of internal maintenance flags. This option must not be used by an ordinary user. It is intended only to facilitate remote troubleshooting of backend issues. Strict meaning of flags is not documented and not guaranteed to persist between releases. Quirks will be removed when the backend grows stable. Supported quirks: atomicmkdir binlist unknowndirs
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Mega is a cloud storage and file hosting service known for its security feature where all files are encrypted locally before they are uploaded. This prevents anyone (including employees of Mega) from accessing the files without knowledge of the key used for encryption.
This is an rclone backend for Mega which supports the file transfer features of Mega using the same client side encryption.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Mega
\ "mega"
[snip]
Storage> mega
User name
user> you@example.com
Password.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank
y/g/n> y
Enter the password:
password:
Confirm the password:
password:
Remote config
--------------------
[remote]
type = mega
user = you@example.com
pass = *** ENCRYPTED ***
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
NOTE: The encryption keys need to have been already generated after a regular login via the browser, otherwise attempting to use the credentials in rclone
will fail.
Once configured you can then use rclone
like this,
List directories in top level of your Mega
rclone lsd remote:
List all the files in your Mega
rclone ls remote:
To copy a local directory to an Mega directory called backup
rclone copy /home/source remote:backup
Mega does not support modification times or hashes yet.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Mega can have two files with exactly the same name and path (unlike a normal file system).
Duplicated files cause problems with the syncing and you will see messages in the log about duplicates.
Use rclone dedupe
to fix duplicated files.
Mega remotes seem to get blocked (reject logins) under "heavy use". We haven't worked out the exact blocking rules but it seems to be related to fast paced, successive rclone commands.
For example, executing this command 90 times in a row rclone link remote:file
will cause the remote to become "blocked". This is not an abnormal situation, for example if you wish to get the public links of a directory with hundred of files... After more or less a week, the remote will remote accept rclone logins normally again.
You can mitigate this issue by mounting the remote it with rclone mount
. This will log-in when mounting and a log-out when unmounting only. You can also run rclone rcd
and then use rclone rc
to run the commands over the API to avoid logging in each time.
Rclone does not currently close mega sessions (you can see them in the web interface), however closing the sessions does not solve the issue.
If you space rclone commands by 3 seconds it will avoid blocking the remote. We haven't identified the exact blocking rules, so perhaps one could execute the command 80 times without waiting and avoid blocking by waiting 3 seconds, then continuing...
Note that this has been observed by trial and error and might not be set in stone.
Other tools seem not to produce this blocking effect, as they use a different working approach (state-based, using sessionIDs instead of log-in) which isn't compatible with the current stateless rclone approach.
Note that once blocked, the use of other tools (such as megacmd) is not a sure workaround: following megacmd login times have been observed in succession for blocked remote: 7 minutes, 20 min, 30min, 30 min, 30min. Web access looks unaffected though.
Investigation is continuing in relation to workarounds based on timeouts, pacers, retrials and tpslimits - if you discover something relevant, please post on the forum.
So, if rclone was working nicely and suddenly you are unable to log-in and you are sure the user and the password are correct, likely you have got the remote blocked for a while.
Here are the standard options specific to mega (Mega).
User name
Password.
NB Input to this must be obscured - see rclone obscure.
Here are the advanced options specific to mega (Mega).
Output more debug from Mega.
If this flag is set (along with -vv) it will print further debugging information from the mega backend.
Delete files permanently rather than putting them into the trash.
Normally the mega backend will put all deletions into the trash rather than permanently deleting them. If you specify this then rclone will permanently delete objects instead.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
This backend uses the go-mega go library which is an opensource go library implementing the Mega API. There doesn't appear to be any documentation for the mega protocol beyond the mega C++ SDK source code so there are likely quite a few errors still remaining in this library.
Mega allows duplicate files which may confuse rclone.
The memory backend is an in RAM backend. It does not persist its data - use the local backend for that.
The memory backend behaves like a bucket based remote (e.g. like s3). Because it has no parameters you can just use it with the :memory:
remote name.
You can configure it as a remote like this with rclone config
too if you want to:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Memory
\ "memory"
[snip]
Storage> memory
** See help for memory backend at: https://rclone.org/memory/ **
Remote config
--------------------
[remote]
type = memory
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Because the memory backend isn't persistent it is most useful for testing or with an rclone server or rclone mount, e.g.
rclone mount :memory: /mnt/tmp
rclone serve webdav :memory:
rclone serve sftp :memory:
The memory backend supports MD5 hashes and modification times accurate to 1 nS.
The memory backend replaces the default restricted characters set.
Paths are specified as remote:container
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:container/path/to/dir
.
Here is an example of making a Microsoft Azure Blob Storage configuration. For a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Microsoft Azure Blob Storage
\ "azureblob"
[snip]
Storage> azureblob
Storage Account Name
account> account_name
Storage Account Key
key> base64encodedkey==
Endpoint for the service - leave blank normally.
endpoint>
Remote config
--------------------
[remote]
account = account_name
key = base64encodedkey==
endpoint =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See all containers
rclone lsd remote:
Make a new container
rclone mkdir remote:container
List the contents of a container
rclone ls remote:container
Sync /home/local/directory
to the remote container, deleting any excess files in the container.
rclone sync -i /home/local/directory remote:container
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
The modified time is stored as metadata on the object with the mtime
key. It is stored using RFC3339 Format time with nanosecond precision. The metadata is supplied during directory listings so there is no overhead to using it.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
/ | 0x2F | / |
\ | 0x5C | \ |
File names can also not end with the following characters. These only get replaced if they are the last character in the name:
Character | Value | Replacement |
---|---|---|
. | 0x2E | . |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
MD5 hashes are stored with blobs. However blobs that were uploaded in chunks only have an MD5 if the source remote was capable of MD5 hashes, e.g. the local disk.
Rclone has 3 ways of authenticating with Azure Blob Storage:
This is the most straight forward and least flexible way. Just fill in the account
and key
lines and leave the rest blank.
This can be an account level SAS URL or container level SAS URL.
To use it leave account
, key
blank and fill in sas_url
.
An account level SAS URL or container level SAS URL can be obtained from the Azure portal or the Azure Storage Explorer. To get a container level SAS URL right click on a container in the Azure Blob explorer in the Azure portal.
If you use a container level SAS URL, rclone operations are permitted only on a particular container, e.g.
rclone ls azureblob:container
You can also list the single container from the root. This will only show the container specified by the SAS URL.
$ rclone lsd azureblob:
container/
Note that you can't see or access any other containers - this will fail
rclone ls azureblob:othercontainer
Container level SAS URLs are useful for temporarily allowing third parties access to a single container or putting credentials into an untrusted environment such as a CI build server.
Here are the standard options specific to azureblob (Microsoft Azure Blob Storage).
Storage Account Name (leave blank to use SAS URL or Emulator)
Path to file containing credentials for use with a service principal.
Leave blank normally. Needed only if you want to use a service principal instead of interactive login.
$ az ad sp create-for-rbac --name "<name>" \
--role "Storage Blob Data Owner" \
--scopes "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>" \
> azure-principal.json
See "Create an Azure service principal" and "Assign an Azure role for access to blob data" pages for more details.
Storage Account Key (leave blank to use SAS URL or Emulator)
SAS URL for container level access only (leave blank if using account/key or Emulator)
Use a managed service identity to authenticate (only works in Azure)
When true, use a managed service identity to authenticate to Azure Storage instead of a SAS token or account key.
If the VM(SS) on which this program is running has a system-assigned identity, it will be used by default. If the resource has no system-assigned but exactly one user-assigned identity, the user-assigned identity will be used by default. If the resource has multiple user-assigned identities, the identity to use must be explicitly specified using exactly one of the msi_object_id, msi_client_id, or msi_mi_res_id parameters.
Uses local storage emulator if provided as 'true' (leave blank if using real azure storage endpoint)
Here are the advanced options specific to azureblob (Microsoft Azure Blob Storage).
Object ID of the user-assigned MSI to use, if any. Leave blank if msi_client_id or msi_mi_res_id specified.
Object ID of the user-assigned MSI to use, if any. Leave blank if msi_object_id or msi_mi_res_id specified.
Azure resource ID of the user-assigned MSI to use, if any. Leave blank if msi_client_id or msi_object_id specified.
Endpoint for the service Leave blank normally.
Cutoff for switching to chunked upload (<= 256 MiB). (Deprecated)
Upload chunk size (<= 100 MiB).
Note that this is stored in memory and there may be up to "--transfers" chunks stored at once in memory.
Size of blob list.
This sets the number of blobs requested in each listing chunk. Default is the maximum, 5000. "List blobs" requests are permitted 2 minutes per megabyte to complete. If an operation is taking longer than 2 minutes per megabyte on average, it will time out ( source ). This can be used to limit the number of blobs items to return, to avoid the time out.
Access tier of blob: hot, cool or archive.
Archived blobs can be restored by setting access tier to hot or cool. Leave blank if you intend to use default access tier, which is set at account level
If there is no "access tier" specified, rclone doesn't apply any tier. rclone performs "Set Tier" operation on blobs while uploading, if objects are not modified, specifying "access tier" to new one will have no effect. If blobs are in "archive tier" at remote, trying to perform data transfer operations from remote will not be allowed. User should first restore by tiering blob to "Hot" or "Cool".
Delete archive tier blobs before overwriting.
Archive tier blobs cannot be updated. So without this flag, if you attempt to update an archive tier blob, then rclone will produce the error:
can't update archive tier blob without --azureblob-archive-tier-delete
With this flag set then before rclone attempts to overwrite an archive tier blob, it will delete the existing blob before uploading its replacement. This has the potential for data loss if the upload fails (unlike updating a normal blob) and also may cost more since deleting archive tier blobs early may be chargable.
Don't store MD5 checksum with object metadata.
Normally rclone will calculate the MD5 checksum of the input before uploading it so it can add it to metadata on the object. This is great for data integrity checking but can cause long delays for large files to start uploading.
How often internal memory buffer pools will be flushed. Uploads which requires additional buffers (f.e multipart) will use memory pool for allocations. This option controls how often unused buffers will be removed from the pool.
Whether to use mmap buffers in internal memory pool.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Public access level of a container: blob, container.
MD5 sums are only uploaded with chunked files if the source has an MD5 sum. This will always be the case for a local to azure copy.
rclone about
is not supported by the Microsoft Azure Blob storage backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
You can test rclone with storage emulator locally, to do this make sure azure storage emulator installed locally and set up a new remote with rclone config
follow instructions described in introduction, set use_emulator
config as true
, you do not need to provide default account name or key if using emulator.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for OneDrive involves getting a token from Microsoft which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Microsoft OneDrive
\ "onedrive"
[snip]
Storage> onedrive
Microsoft App Client Id
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_id>
Microsoft App Client Secret
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret>
Edit advanced config? (y/n)
y) Yes
n) No
y/n> n
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
Choose a number from below, or type in an existing value
1 / OneDrive Personal or Business
\ "onedrive"
2 / Sharepoint site
\ "sharepoint"
3 / Type in driveID
\ "driveid"
4 / Type in SiteID
\ "siteid"
5 / Search a Sharepoint site
\ "search"
Your choice> 1
Found 1 drives, please select the one you want to use:
0: OneDrive (business) id=b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
Chose drive to use:> 0
Found drive 'root' of type 'business', URL: https://org-my.sharepoint.com/personal/you/Documents
Is that okay?
y) Yes
n) No
y/n> y
--------------------
[remote]
type = onedrive
token = {"access_token":"youraccesstoken","token_type":"Bearer","refresh_token":"yourrefreshtoken","expiry":"2018-08-26T22:39:52.486512262+08:00"}
drive_id = b!Eqwertyuiopasdfghjklzxcvbnm-7mnbvcxzlkjhgfdsapoiuytrewqk
drive_type = business
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Microsoft. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your OneDrive
rclone lsd remote:
List all the files in your OneDrive
rclone ls remote:
To copy a local directory to an OneDrive directory called backup
rclone copy /home/source remote:backup
You can use your own Client ID if the default (client_id
left blank) one doesn't work for you or you see lots of throttling. The default Client ID and Key is shared by all rclone users when performing requests.
If you are having problems with them (E.g., seeing a lot of throttling), you can get your own Client ID and Key by following the steps below:
New registration
.Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
, select Web
in Redirect URI
, then type (do not copy and paste) http://localhost:53682/
and click Register. Copy and keep the Application (client) ID
under the app name for later use.manage
select Certificates & secrets
, click New client secret
. Copy and keep that secret for later use.manage
select API permissions
, click Add a permission
and select Microsoft Graph
then select delegated permissions
.Files.Read
, Files.ReadWrite
, Files.Read.All
, Files.ReadWrite.All
, offline_access
, User.Read
. Once selected click Add permissions
at the bottom.Now the application is complete. Run rclone config
to create or edit a OneDrive remote. Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
OneDrive allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.
OneDrive personal supports SHA1 type hashes. OneDrive for business and Sharepoint Server support QuickXorHash.
For all types of OneDrive you can use the --checksum
flag.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
" | 0x22 | " |
* | 0x2A | * |
: | 0x3A | : |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
\ | 0x5C | \ |
| | 0x7C | | |
File names can also not end with the following characters. These only get replaced if they are the last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
. | 0x2E | . |
File names can also not begin with the following characters. These only get replaced if they are the first character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
~ | 0x7E | ~ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Any files you delete with rclone will end up in the trash. Microsoft doesn't provide an API to permanently delete files, nor to empty the trash, so you will have to do that with one of Microsoft's apps or via the OneDrive website.
Here are the standard options specific to onedrive (Microsoft OneDrive).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Choose national cloud region for OneDrive.
Here are the advanced options specific to onedrive (Microsoft OneDrive).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
Chunk size to upload files with - must be multiple of 320k (327,680 bytes).
Above this size files will be chunked - must be multiple of 320k (327,680 bytes) and should not exceed 250M (262,144,000 bytes) else you may encounter "Microsoft.SharePoint.Client.InvalidClientQueryException: The request message is too big." Note that the chunks will be buffered into memory.
The ID of the drive to use
The type of the drive ( personal | business | documentLibrary )
Set to make OneNote files show up in directory listings.
By default rclone will hide OneNote files in directory listings because operations like "Open" and "Update" won't work on them. But this behaviour may also prevent you from deleting them. If you want to delete OneNote files or otherwise want them to show up in directory listing, set this option.
Allow server-side operations (e.g. copy) to work across different onedrive configs.
This will only work if you are copying between two OneDrive Personal drives AND the files to copy are already shared between them. In other cases, rclone will fall back to normal copy (which will be slightly slower).
Size of listing chunk.
Remove all versions on modifying operations
Onedrive for business creates versions when rclone uploads new files overwriting an existing one and when it sets the modification time.
These versions take up space out of the quota.
This flag checks for versions after file upload and setting modification time and removes all but the last version.
NB Onedrive personal can't currently delete versions so don't use this flag there.
Set the scope of the links created by the link command.
Set the type of the links created by the link command.
Set the password for links created by the link command.
At the time of writing this only works with OneDrive personal paid accounts.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
If you don't use rclone for 90 days the refresh token will expire. This will result in authorization problems. This is easy to fix by running the rclone config reconnect remote:
command to get a new token and refresh token.
Note that OneDrive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
There are quite a few characters that can't be in OneDrive file names. These can't occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a ?
in it will be mapped to ?
instead.
The largest allowed file size is 250 GiB for both OneDrive Personal and OneDrive for Business (Updated 13 Jan 2021).
The entire path, including the file name, must contain fewer than 400 characters for OneDrive, OneDrive for Business and SharePoint Online. If you are encrypting file and folder names with rclone, you may want to pay attention to this limitation because the encrypted names are typically longer than the original ones.
OneDrive seems to be OK with at least 50,000 files in a folder, but at 100,000 rclone will get errors listing the directory like couldn’t list files: UnknownError:
. See #2707 for more info.
An official document about the limitations for different types of OneDrive can be found here.
Every change in a file OneDrive causes the service to create a new version of the the file. This counts against a users quota. For example changing the modification time of a file creates a second version, so the file apparently uses twice the space.
For example the copy
command is affected by this as rclone copies the file and then afterwards sets the modification time to match the source file which uses another version.
You can use the rclone cleanup
command (see below) to remove all old versions.
Or you can set the no_versions
parameter to true
and rclone will remove versions after operations which create new versions. This takes extra transactions so only enable it if you need it.
Note At the time of writing Onedrive Personal creates versions (but not for setting the modification time) but the API for removing them returns "API not found" so cleanup and no_versions
should not be used on Onedrive Personal.
Starting October 2018, users will no longer be able to disable versioning by default. This is because Microsoft has brought an update to the mechanism. To change this new default setting, a PowerShell command is required to be run by a SharePoint admin. If you are an admin, you can run these commands in PowerShell to change that setting:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
(in case you haven't installed this already)Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url https://YOURSITE-admin.sharepoint.com -Credential YOU@YOURSITE.COM
(replacing YOURSITE
, YOU
, YOURSITE.COM
with the actual values; this will prompt for your credentials)Set-SPOTenant -EnableMinimumVersionRequirement $False
Disconnect-SPOService
(to disconnect from the server)Below are the steps for normal users to disable versioning. If you don't see the "No Versioning" option, make sure the above requirements are met.
User Weropol has found a method to disable versioning on OneDrive
OneDrive supports rclone cleanup
which causes rclone to look through every file under the path supplied and delete all version but the current version. Because this involves traversing all the files, then querying each file for versions it can be quite slow. Rclone does --checkers
tests in parallel. The command also supports -i
which is a great way to see what it would do.
rclone cleanup -i remote:path/subdir # interactively remove all old version for path/subdir
rclone cleanup remote:path/subdir # unconditionally remove all old version for path/subdir
NB Onedrive personal can't currently delete versions
If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: --user-agent "ISV|rclone.org|rclone/v1.55.1"
The specific details can be found in the Microsoft document: Avoid getting throttled or blocked in SharePoint Online
It is a known issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and hash checks to fail. There are also other situations that will cause OneDrive to report inconsistent file sizes. To use rclone with such affected files on Sharepoint, you may disable these checks with the following command line arguments:
--ignore-checksum --ignore-size
Alternatively, if you have write access to the OneDrive files, it may be possible to fix this problem for certain files, by attempting the steps below. Open the web interface for OneDrive and find the affected files (which will be in the error messages/log for rclone). Simply click on each of these files, causing OneDrive to open them on the web. This will cause each file to be converted in place to a format that is functionally equivalent but which will no longer trigger the size discrepancy. Once all problematic files are converted you will no longer need the ignore options above.
It is a known issue that Sharepoint (not OneDrive or OneDrive for Business) may return "item not found" errors when users try to replace or delete uploaded files; this seems to mainly affect Office files (.docx, .xlsx, etc.). As a workaround, you may use the --backup-dir <BACKUP_DIR>
command line argument so rclone moves the files to be replaced/deleted into a given backup directory (instead of directly replacing/deleting them). For example, to instruct rclone to move the files into the directory rclone-backup-dir
on backend mysharepoint
, you may use:
--backup-dir mysharepoint:rclone-backup-dir
Error: access_denied
Code: AADSTS65005
Description: Using application 'rclone' is currently not supported for your organization [YOUR_ORGANIZATION] because it is in an unmanaged state. An administrator needs to claim ownership of the company by DNS validation of [YOUR_ORGANIZATION] before the application rclone can be provisioned.
This means that rclone can't use the OneDrive for Business API with your account. You can't do much about it, maybe write an email to your admins.
However, there are other ways to interact with your OneDrive account. Have a look at the webdav backend: https://rclone.org/webdav/#sharepoint
Error: invalid_grant
Code: AADSTS50076
Description: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '...'.
If you see the error above after enabling multi-factor authentication for your account, you can fix it by refreshing your OAuth refresh token. To do that, run rclone config
, and choose to edit your OneDrive backend. Then, you don't need to actually make any changes until you reach this question: Already have a token - refresh?
. For this question, answer y
and go through the process to refresh your token, just like the first time the backend is configured. After this, rclone should work again for this backend.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
n) New remote
d) Delete remote
q) Quit config
e/n/d/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / OpenDrive
\ "opendrive"
[snip]
Storage> opendrive
Username
username>
Password
y) Yes type in my own password
g) Generate random password
y/g> y
Enter the password:
password:
Confirm the password:
password:
--------------------
[remote]
username =
password = *** ENCRYPTED ***
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
List directories in top level of your OpenDrive
rclone lsd remote:
List all the files in your OpenDrive
rclone ls remote:
To copy a local directory to an OpenDrive directory called backup
rclone copy /home/source remote:backup
OpenDrive allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
" | 0x22 | " |
* | 0x2A | * |
: | 0x3A | : |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
\ | 0x5C | \ |
| | 0x7C | | |
File names can also not begin or end with the following characters. These only get replaced if they are the first or last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
HT | 0x09 | ␉ |
LF | 0x0A | ␊ |
VT | 0x0B | ␋ |
CR | 0x0D | ␍ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to opendrive (OpenDrive).
Username
Password.
NB Input to this must be obscured - see rclone obscure.
Here are the advanced options specific to opendrive (OpenDrive).
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Files will be uploaded in chunks this size.
Note that these chunks are buffered in memory so increasing them will increase memory use.
Note that OpenDrive is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
There are quite a few characters that can't be in OpenDrive file names. These can't occur on Windows platforms, but on non-Windows platforms they are common. Rclone will map these names to and from an identical looking unicode equivalent. For example if a file has a ?
in it will be mapped to ?
instead.
rclone about
is not supported by the OpenDrive backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Paths are specified as remote:bucket
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir
.
Here is an example of making an QingStor configuration. First run
rclone config
This will guide you through an interactive setup process.
No remotes found - make a new one
n) New remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
n/r/c/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / QingStor Object Storage
\ "qingstor"
[snip]
Storage> qingstor
Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
Choose a number from below, or type in your own value
1 / Enter QingStor credentials in the next step
\ "false"
2 / Get QingStor credentials from the environment (env vars or IAM)
\ "true"
env_auth> 1
QingStor Access Key ID - leave blank for anonymous access or runtime credentials.
access_key_id> access_key
QingStor Secret Access Key (password) - leave blank for anonymous access or runtime credentials.
secret_access_key> secret_key
Enter an endpoint URL to connection QingStor API.
Leave blank will use the default value "https://qingstor.com:443"
endpoint>
Zone connect to. Default is "pek3a".
Choose a number from below, or type in your own value
/ The Beijing (China) Three Zone
1 | Needs location constraint pek3a.
\ "pek3a"
/ The Shanghai (China) First Zone
2 | Needs location constraint sh1a.
\ "sh1a"
zone> 1
Number of connection retry.
Leave blank will use the default value "3".
connection_retries>
Remote config
--------------------
[remote]
env_auth = false
access_key_id = access_key
secret_access_key = secret_key
endpoint =
zone = pek3a
connection_retries =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote is called remote
and can now be used like this
See all buckets
rclone lsd remote:
Make a new bucket
rclone mkdir remote:bucket
List the contents of a bucket
rclone ls remote:bucket
Sync /home/local/directory
to the remote bucket, deleting any excess files in the bucket.
rclone sync -i /home/local/directory remote:bucket
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
rclone supports multipart uploads with QingStor which means that it can upload files bigger than 5 GiB. Note that files uploaded with multipart upload don't have an MD5SUM.
Note that incomplete multipart uploads older than 24 hours can be removed with rclone cleanup remote:bucket
just for one bucket rclone cleanup remote:
for all buckets. QingStor does not ever remove incomplete multipart uploads so it may be necessary to run this from time to time.
With QingStor you can list buckets (rclone lsd
) using any zone, but you can only access the content of a bucket from the zone it was created in. If you attempt to access a bucket from the wrong zone, you will get an error, incorrect zone, the bucket is not in 'XXX' zone
.
There are two ways to supply rclone
with a set of QingStor credentials. In order of precedence:
rclone config
)
access_key_id
and secret_access_key
env_auth
to true
in the config filerclone
QS_ACCESS_KEY_ID
or QS_ACCESS_KEY
QS_SECRET_ACCESS_KEY
or QS_SECRET_KEY
The control characters 0x00-0x1F and / are replaced as in the default restricted characters set. Note that 0x7F is not replaced.
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to qingstor (QingCloud Object Storage).
Get QingStor credentials from runtime. Only applies if access_key_id and secret_access_key is blank.
QingStor Access Key ID Leave blank for anonymous access or runtime credentials.
QingStor Secret Access Key (password) Leave blank for anonymous access or runtime credentials.
Enter an endpoint URL to connection QingStor API. Leave blank will use the default value "https://qingstor.com:443"
Zone to connect to. Default is "pek3a".
Here are the advanced options specific to qingstor (QingCloud Object Storage).
Number of connection retries.
Cutoff for switching to chunked upload
Any files larger than this will be uploaded in chunks of chunk_size. The minimum is 0 and the maximum is 5 GiB.
Chunk size to use for uploading.
When uploading files larger than upload_cutoff they will be uploaded as multipart uploads using this chunk size.
Note that "--qingstor-upload-concurrency" chunks of this size are buffered in memory per transfer.
If you are transferring large files over high-speed links and you have enough memory, then increasing this will speed up the transfers.
Concurrency for multipart uploads.
This is the number of chunks of the same file that are uploaded concurrently.
NB if you set this to > 1 then the checksums of multipart uploads become corrupted (the uploads themselves are not corrupted though).
If you are uploading small numbers of large files over high-speed links and these uploads do not fully utilize your bandwidth, then increasing this may help to speed up the transfers.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the qingstor backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Swift refers to OpenStack Object Storage. Commercial implementations of that being:
Paths are specified as remote:container
(or remote:
for the lsd
command.) You may put subdirectories in too, e.g. remote:container/path/to/dir
.
Here is an example of making a swift configuration. First run
rclone config
This will guide you through an interactive setup process.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
[snip]
Storage> swift
Get swift credentials from environment variables in standard OpenStack form.
Choose a number from below, or type in your own value
1 / Enter swift credentials in the next step
\ "false"
2 / Get swift credentials from environment vars. Leave other fields blank if using this.
\ "true"
env_auth> true
User name to log in (OS_USERNAME).
user>
API key or password (OS_PASSWORD).
key>
Authentication URL for server (OS_AUTH_URL).
Choose a number from below, or type in your own value
1 / Rackspace US
\ "https://auth.api.rackspacecloud.com/v1.0"
2 / Rackspace UK
\ "https://lon.auth.api.rackspacecloud.com/v1.0"
3 / Rackspace v2
\ "https://identity.api.rackspacecloud.com/v2.0"
4 / Memset Memstore UK
\ "https://auth.storage.memset.com/v1.0"
5 / Memset Memstore UK v2
\ "https://auth.storage.memset.com/v2.0"
6 / OVH
\ "https://auth.cloud.ovh.net/v3"
auth>
User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
user_id>
User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
domain>
Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
tenant>
Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
tenant_id>
Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
tenant_domain>
Region name - optional (OS_REGION_NAME)
region>
Storage URL - optional (OS_STORAGE_URL)
storage_url>
Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
auth_token>
AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
auth_version>
Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
Choose a number from below, or type in your own value
1 / Public (default, choose this if not sure)
\ "public"
2 / Internal (use internal service net)
\ "internal"
3 / Admin
\ "admin"
endpoint_type>
Remote config
--------------------
[test]
env_auth = true
user =
key =
auth =
user_id =
domain =
tenant =
tenant_id =
tenant_domain =
region =
storage_url =
auth_token =
auth_version =
endpoint_type =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote is called remote
and can now be used like this
See all containers
rclone lsd remote:
Make a new container
rclone mkdir remote:container
List the contents of a container
rclone ls remote:container
Sync /home/local/directory
to the remote container, deleting any excess files in the container.
rclone sync -i /home/local/directory remote:container
An OpenStack credentials file typically looks something something like this (without the comments)
export OS_AUTH_URL=https://a.provider.net/v2.0
export OS_TENANT_ID=ffffffffffffffffffffffffffffffff
export OS_TENANT_NAME="1234567890123456"
export OS_USERNAME="123abc567xy"
echo "Please enter your OpenStack Password: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="SBG1"
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
The config file needs to look something like this where $OS_USERNAME
represents the value of the OS_USERNAME
variable - 123abc567xy
in the example above.
[remote]
type = swift
user = $OS_USERNAME
key = $OS_PASSWORD
auth = $OS_AUTH_URL
tenant = $OS_TENANT_NAME
Note that you may (or may not) need to set region
too - try without first.
If you prefer you can configure rclone to use swift using a standard set of OpenStack environment variables.
When you run through the config, make sure you choose true
for env_auth
and leave everything else blank.
rclone will then set any empty config parameters from the environment using standard OpenStack environment variables. There is a list of the variables in the docs for the swift library.
If your OpenStack installation uses a non-standard authentication method that might not be yet supported by rclone or the underlying swift library, you can authenticate externally (e.g. calling manually the openstack
commands to get a token). Then, you just need to pass the two configuration variables auth_token
and storage_url
. If they are both provided, the other variables are ignored. rclone will not try to authenticate but instead assume it is already authenticated and use these two variables to access the OpenStack installation.
You can use rclone with swift without a config file, if desired, like this:
source openstack-credentials-file
export RCLONE_CONFIG_MYREMOTE_TYPE=swift
export RCLONE_CONFIG_MYREMOTE_ENV_AUTH=true
rclone lsd myremote:
This remote supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details.
As noted below, the modified time is stored on metadata on the object. It is used by default for all operations that require checking the time a file was last updated. It allows rclone to treat the remote more like a true filesystem, but it is inefficient because it requires an extra API call to retrieve the metadata.
For many operations, the time the object was last uploaded to the remote is sufficient to determine if it is "dirty". By using --update
along with --use-server-modtime
, you can avoid the extra API call and simply upload files whose local modtime is newer than the time it was last uploaded.
Here are the standard options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
Get swift credentials from environment variables in standard OpenStack form.
User name to log in (OS_USERNAME).
API key or password (OS_PASSWORD).
Authentication URL for server (OS_AUTH_URL).
User ID to log in - optional - most swift systems use user and leave this blank (v3 auth) (OS_USER_ID).
User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)
Tenant name - optional for v1 auth, this or tenant_id required otherwise (OS_TENANT_NAME or OS_PROJECT_NAME)
Tenant ID - optional for v1 auth, this or tenant required otherwise (OS_TENANT_ID)
Tenant domain - optional (v3 auth) (OS_PROJECT_DOMAIN_NAME)
Region name - optional (OS_REGION_NAME)
Storage URL - optional (OS_STORAGE_URL)
Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)
Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)
Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)
Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)
AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)
Endpoint type to choose from the service catalogue (OS_ENDPOINT_TYPE)
The storage policy to use when creating a new container
This applies the specified storage policy when creating a new container. The policy cannot be changed afterwards. The allowed configuration values and their meaning depend on your Swift storage provider.
Here are the advanced options specific to swift (OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)).
If true avoid calling abort upload on a failure. It should be set to true for resuming uploads across different sessions.
Above this size files will be chunked into a _segments container.
Above this size files will be chunked into a _segments container. The default for this is 5 GiB which is its maximum value.
Don't chunk files during streaming upload.
When doing streaming uploads (e.g. using rcat or mount) setting this flag will cause the swift backend to not upload chunked files.
This will limit the maximum upload size to 5 GiB. However non chunked files are easier to deal with and have an MD5SUM.
Rclone will still chunk files bigger than chunk_size when doing normal copy operations.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
The modified time is stored as metadata on the object as X-Object-Meta-Mtime
as floating point since the epoch accurate to 1 ns.
This is a de facto standard (used in the official python-swiftclient amongst others) for storing the modification time for an object.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
The Swift API doesn't return a correct MD5SUM for segmented files (Dynamic or Static Large Objects) so rclone won't check or use the MD5SUM for these.
Due to an oddity of the underlying swift library, it gives a "Bad Request" error rather than a more sensible error when the authentication fails for Swift.
So this most likely means your username / password is wrong. You can investigate further with the --dump-bodies
flag.
This may also be caused by specifying the region when you shouldn't have (e.g. OVH).
This is most likely caused by forgetting to specify your tenant when setting up a swift remote.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for pCloud involves getting a token from pCloud which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Pcloud
\ "pcloud"
[snip]
Storage> pcloud
Pcloud App Client Id - leave blank normally.
client_id>
Pcloud App Client Secret - leave blank normally.
client_secret>
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id =
client_secret =
token = {"access_token":"XXX","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from pCloud. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your pCloud
rclone lsd remote:
List all the files in your pCloud
rclone ls remote:
To copy a local directory to an pCloud directory called backup
rclone copy /home/source remote:backup
pCloud allows modification times to be set on objects accurate to 1 second. These will be used to detect whether objects need syncing or not. In order to set a Modification time pCloud requires the object be re-uploaded.
pCloud supports MD5 and SHA1 type hashes in the US region but and SHA1 only in the EU region, so you can use the --checksum
flag.
(Note that pCloud also support SHA256 in the EU region, but rclone does not have support for that yet.)
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Deleted files will be moved to the trash. Your subscription level will determine how long items stay in the trash. rclone cleanup
can be used to empty the trash.
You can set the root_folder_id
for rclone. This is the directory (identified by its Folder ID
) that rclone considers to be the root of your pCloud drive.
Normally you will leave this blank and rclone will determine the correct root to use itself.
However you can set this to restrict rclone to a specific folder hierarchy.
In order to do this you will have to find the Folder ID
of the directory you wish rclone to display. This will be the folder
field of the URL when you open the relevant folder in the pCloud web interface.
So if the folder you want rclone to use has a URL which looks like https://my.pcloud.com/#page=filemanager&folder=5xxxxxxxx8&tpl=foldergrid
in the browser, then you use 5xxxxxxxx8
as the root_folder_id
in the config.
Here are the standard options specific to pcloud (Pcloud).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Here are the advanced options specific to pcloud (Pcloud).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Fill in for rclone to use a non root folder as its starting point.
Hostname to connect to.
This is normally set when rclone initially does the oauth connection, however you will need to set it by hand if you are using remote config with rclone authorize.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for premiumize.me involves getting a token from premiumize.me which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / premiumize.me
\ "premiumizeme"
[snip]
Storage> premiumizeme
** See help for premiumizeme backend at: https://rclone.org/premiumizeme/ **
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
type = premiumizeme
token = {"access_token":"XXX","token_type":"Bearer","refresh_token":"XXX","expiry":"2029-08-07T18:44:15.548915378+01:00"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d>
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from premiumize.me. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
List directories in top level of your premiumize.me
rclone lsd remote:
List all the files in your premiumize.me
rclone ls remote:
To copy a local directory to an premiumize.me directory called backup
rclone copy /home/source remote:backup
premiumize.me does not support modification times or hashes, therefore syncing will default to --size-only
checking. Note that using --update
will work.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
" | 0x22 | " |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the standard options specific to premiumizeme (premiumize.me).
API Key.
This is not normally used - use oauth instead.
Here are the advanced options specific to premiumizeme (premiumize.me).
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Note that premiumize.me is case insensitive so you can't have a file called "Hello.doc" and one called "hello.doc".
premiumize.me file names can't have the \
or "
characters in. rclone maps these to and from an identical looking unicode equivalents \
and "
premiumize.me only supports filenames up to 255 characters in length.
Paths are specified as remote:path
put.io paths may be as deep as required, e.g. remote:directory/subdirectory
.
The initial setup for put.io involves getting a token from put.io which you need to do in your browser. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> putio
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Put.io
\ "putio"
[snip]
Storage> putio
** See help for putio backend at: https://rclone.org/putio/ **
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[putio]
type = putio
token = {"access_token":"XXXXXXXX","expiry":"0001-01-01T00:00:00Z"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
putio putio
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
Note that rclone runs a webserver on your local machine to collect the token as returned from Google if you use auto config mode. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall, or use manual mode.
You can then use it like this,
List directories in top level of your put.io
rclone lsd remote:
List all the files in your put.io
rclone ls remote:
To copy a local directory to a put.io directory called backup
rclone copy /home/source remote:backup
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
\ | 0x5C | \ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Here are the advanced options specific to putio (Put.io).
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
This is a backend for the Seafile storage service: - It works with both the free community edition or the professional edition. - Seafile versions 6.x and 7.x are all supported. - Encrypted libraries are also supported. - It supports 2FA enabled users
There are two distinct modes you can setup your remote: - you point your remote to the root of the server, meaning you don't specify a library during the configuration: Paths are specified as remote:library
. You may put subdirectories in too, e.g. remote:library/path/to/dir
. - you point your remote to a specific library during the configuration: Paths are specified as remote:path/to/dir
. This is the recommended mode when using encrypted libraries. (This mode is possibly slightly faster than the root mode)
Here is an example of making a seafile configuration for a user with no two-factor authentication. First run
rclone config
This will guide you through an interactive setup process. To authenticate you will need the URL of your server, your email (or username) and your password.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> seafile
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Seafile
\ "seafile"
[snip]
Storage> seafile
** See help for seafile backend at: https://rclone.org/seafile/ **
URL of seafile host to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to cloud.seafile.com
\ "https://cloud.seafile.com/"
url> http://my.seafile.server/
User name (usually email address)
Enter a string value. Press Enter for the default ("").
user> me@example.com
Password
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g> y
Enter the password:
password:
Confirm the password:
password:
Two-factor authentication ('true' if the account has 2FA enabled)
Enter a boolean value (true or false). Press Enter for the default ("false").
2fa> false
Name of the library. Leave blank to access all non-encrypted libraries.
Enter a string value. Press Enter for the default ("").
library>
Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> n
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
Two-factor authentication is not enabled on this account.
--------------------
[seafile]
type = seafile
url = http://my.seafile.server/
user = me@example.com
pass = *** ENCRYPTED ***
2fa = false
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote is called seafile
. It's pointing to the root of your seafile server and can now be used like this:
See all libraries
rclone lsd seafile:
Create a new library
rclone mkdir seafile:library
List the contents of a library
rclone ls seafile:library
Sync /home/local/directory
to the remote library, deleting any excess files in the library.
rclone sync -i /home/local/directory seafile:library
Here's an example of a configuration in library mode with a user that has the two-factor authentication enabled. Your 2FA code will be asked at the end of the configuration, and will attempt to authenticate you:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> seafile
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Seafile
\ "seafile"
[snip]
Storage> seafile
** See help for seafile backend at: https://rclone.org/seafile/ **
URL of seafile host to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to cloud.seafile.com
\ "https://cloud.seafile.com/"
url> http://my.seafile.server/
User name (usually email address)
Enter a string value. Press Enter for the default ("").
user> me@example.com
Password
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g> y
Enter the password:
password:
Confirm the password:
password:
Two-factor authentication ('true' if the account has 2FA enabled)
Enter a boolean value (true or false). Press Enter for the default ("false").
2fa> true
Name of the library. Leave blank to access all non-encrypted libraries.
Enter a string value. Press Enter for the default ("").
library> My Library
Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> n
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
Two-factor authentication: please enter your 2FA code
2fa code> 123456
Authenticating...
Success!
--------------------
[seafile]
type = seafile
url = http://my.seafile.server/
user = me@example.com
pass =
2fa = true
library = My Library
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
You'll notice your password is blank in the configuration. It's because we only need the password to authenticate you once.
You specified My Library
during the configuration. The root of the remote is pointing at the root of the library My Library
:
See all files in the library:
rclone lsd seafile:
Create a new directory inside the library
rclone mkdir seafile:directory
List the contents of a directory
rclone ls seafile:directory
Sync /home/local/directory
to the remote library, deleting any excess files in the library.
rclone sync -i /home/local/directory seafile:
Seafile version 7+ supports --fast-list
which allows you to use fewer transactions in exchange for more memory. See the rclone docs for more details. Please note this is not supported on seafile server version 6.x
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
/ | 0x2F | / |
" | 0x22 | " |
\ | 0x5C | \ |
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
Rclone supports generating share links for non-encrypted libraries only. They can either be for a file or a directory:
rclone link seafile:seafile-tutorial.doc
http://my.seafile.server/f/fdcd8a2f93f84b8b90f4/
or if run on a directory you will get:
rclone link seafile:dir
http://my.seafile.server/d/9ea2455f6f55478bbb0d/
Please note a share link is unique for each file or directory. If you run a link command on a file/dir that has already been shared, you will get the exact same link.
It has been actively tested using the seafile docker image of these versions: - 6.3.4 community edition - 7.0.5 community edition - 7.1.3 community edition
Versions below 6.0 are not supported. Versions between 6.0 and 6.3 haven't been tested and might not work properly.
Here are the standard options specific to seafile (seafile).
URL of seafile host to connect to
User name (usually email address)
Password
NB Input to this must be obscured - see rclone obscure.
Two-factor authentication ('true' if the account has 2FA enabled)
Name of the library. Leave blank to access all non-encrypted libraries.
Library password (for encrypted libraries only). Leave blank if you pass it through the command line.
NB Input to this must be obscured - see rclone obscure.
Authentication token
Here are the advanced options specific to seafile (seafile).
Should rclone create a library if it doesn't exist
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
SFTP is the Secure (or SSH) File Transfer Protocol.
The SFTP backend can be used with a number of different providers:
SFTP runs over SSH v2 and is installed as standard with most modern SSH installations.
Paths are specified as remote:path
. If the path does not begin with a /
it is relative to the home directory of the user. An empty path remote:
refers to the user's home directory. For example, rclone lsd remote:
would list the home directory of the user cofigured in the rclone remote config (i.e /home/sftpuser
). However, rclone lsd remote:/
would list the root directory for remote machine (i.e. /
)
"Note that some SFTP servers will need the leading / - Synology is a good example of this. rsync.net, on the other hand, requires users to OMIT the leading /.
Here is an example of making an SFTP configuration. First run
rclone config
This will guide you through an interactive setup process.
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / SSH/SFTP Connection
\ "sftp"
[snip]
Storage> sftp
SSH host to connect to
Choose a number from below, or type in your own value
1 / Connect to example.com
\ "example.com"
host> example.com
SSH username, leave blank for current username, $USER
user> sftpuser
SSH port, leave blank to use default (22)
port>
SSH password, leave blank to use ssh-agent.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank
y/g/n> n
Path to unencrypted PEM-encoded private key file, leave blank to use ssh-agent.
key_file>
Remote config
--------------------
[remote]
host = example.com
user = sftpuser
port =
pass =
key_file =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
This remote is called remote
and can now be used like this:
See all directories in the home directory
rclone lsd remote:
See all directories in the root directory
rclone lsd remote:/
Make a new directory
rclone mkdir remote:path/to/directory
List the contents of a directory
rclone ls remote:path/to/directory
Sync /home/local/directory
to the remote directory, deleting any excess files in the directory.
rclone sync -i /home/local/directory remote:directory
Mount the remote path /srv/www-data/
to the local path /mnt/www-data
rclone mount remote:/srv/www-data/ /mnt/www-data
The SFTP remote supports three authentication methods:
Key files should be PEM-encoded private key files. For instance /home/$USER/.ssh/id_rsa
. Only unencrypted OpenSSH or PEM encrypted files are supported.
The key file can be specified in either an external file (key_file) or contained within the rclone config file (key_pem). If using key_pem in the config file, the entry should be on a single line with new line ('' or '') separating lines. i.e.
key_pem = -----BEGIN RSA PRIVATE KEY-----0gAMbMbaSsd-----END RSA PRIVATE KEY-----
This will generate it correctly for key_pem for use in the config:
awk '{printf "%s\\n", $0}' < ~/.ssh/id_rsa
If you don't specify pass
, key_file
, or key_pem
then rclone will attempt to contact an ssh-agent.
You can also specify key_use_agent
to force the usage of an ssh-agent. In this case key_file
or key_pem
can also be specified to force the usage of a specific key in the ssh-agent.
Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.
If you set the --sftp-ask-password
option, rclone will prompt for a password when needed and no password has been configured.
If you have a certificate then you can provide the path to the public key that contains the certificate. For example:
[remote]
type = sftp
host = example.com
user = sftpuser
key_file = ~/id_rsa
pubkey_file = ~/id_rsa-cert.pub
If you concatenate a cert with a private key then you can specify the merged file in both places.
Note: the cert must come first in the file. e.g.
cat id_rsa-cert.pub id_rsa > merged_key
By default rclone will not check the server's host key for validation. This can allow an attacker to replace a server with their own and if you use password authentication then this can lead to that password being exposed.
Host key matching, using standard known_hosts
files can be turned on by enabling the known_hosts_file
option. This can point to the file maintained by OpenSSH
or can point to a unique file.
e.g.
[remote]
type = sftp
host = example.com
user = sftpuser
pass =
known_hosts_file = ~/.ssh/known_hosts
There are some limitations:
rclone
will not manage this file for you. If the key is missing or wrong then the connection will be refused.known_hosts
file must be the @cert-authority
entry for the CAOpenSSH
, the libraries used by rclone
do not permit (at time of writing) multiple host keys to be listed for a server. Only the first entry is used.If the host key provided by the server does not match the one in the file (or is missing) then the connection will be aborted and an error returned such as
NewFs: couldn't connect SSH: ssh: handshake failed: knownhosts: key mismatch
or
NewFs: couldn't connect SSH: ssh: handshake failed: knownhosts: key is unknown
If you see an error such as
NewFs: couldn't connect SSH: ssh: handshake failed: ssh: no authorities for hostname: example.com:22
then it is likely the server has presented a CA signed host certificate and you will need to add the appropriate @cert-authority
entry.
The known_hosts_file
setting can be set during rclone config
as an advanced option.
Note that there seem to be various problems with using an ssh-agent on macOS due to recent changes in the OS. The most effective work-around seems to be to start an ssh-agent in each session, e.g.
eval `ssh-agent -s` && ssh-add -A
And then at the end of the session
eval `ssh-agent -k`
These commands can be used in scripts of course.
Modified times are stored on the server to 1 second precision.
Modified times are used in syncing and are fully supported.
Some SFTP servers disable setting/modifying the file modification time after upload (for example, certain configurations of ProFTPd with mod_sftp). If you are using one of these servers, you can set the option set_modtime = false
in your RClone backend configuration to disable this behaviour.
Here are the standard options specific to sftp (SSH/SFTP Connection).
SSH host to connect to
SSH username, leave blank for current username, $USER
SSH port, leave blank to use default (22)
SSH password, leave blank to use ssh-agent.
NB Input to this must be obscured - see rclone obscure.
Raw PEM-encoded private key, If specified, will override key_file parameter.
Path to PEM-encoded private key file, leave blank or set key-use-agent to use ssh-agent.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
The passphrase to decrypt the PEM-encoded private key file.
Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keys in the new OpenSSH format can't be used.
NB Input to this must be obscured - see rclone obscure.
Optional path to public key file.
Set this if you have a signed certificate you want to use for authentication.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
When set forces the usage of the ssh-agent.
When key-file is also set, the ".pub" file of the specified key-file is read and only the associated key is requested from the ssh-agent. This allows to avoid Too many authentication failures for *username*
errors when the ssh-agent contains many keys.
Enable the use of insecure ciphers and key exchange methods.
This enables the use of the following insecure ciphers and key exchange methods:
Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.
Disable the execution of SSH commands to determine if remote file hashing is available. Leave blank or set to false to enable hashing (recommended), set to true to disable hashing.
Here are the advanced options specific to sftp (SSH/SFTP Connection).
Optional path to known_hosts file.
Set this value to enable server host key validation.
Leading ~
will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}
.
Allow asking for SFTP password when needed.
If this is set and no password is supplied then rclone will: - ask for a password - not contact the ssh agent
Override path used by SSH connection.
This allows checksum calculation when SFTP and SSH paths are different. This issue affects among others Synology NAS boxes.
Shared folders can be found in directories representing volumes
rclone sync /home/local/directory remote:/directory --ssh-path-override /volume2/directory
Home directory can be found in a shared folder called "home"
rclone sync /home/local/directory remote:/home/directory --ssh-path-override /volume1/homes/USER/directory
Set the modified time on the remote if set.
The command used to read md5 hashes. Leave blank for autodetect.
The command used to read sha1 hashes. Leave blank for autodetect.
Set to skip any symlinks and any other non regular files.
Specifies the SSH2 subsystem on the remote host.
Specifies the path or command to run a sftp server on the remote host.
The subsystem option is ignored when server_command is defined.
If set use fstat instead of stat
Some servers limit the amount of open files and calling Stat after opening the file will throw an error from the server. Setting this flag will call Fstat instead of Stat which is called on an already open file handle.
It has been found that this helps with IBM Sterling SFTP servers which have "extractability" level set to 1 which means only 1 file can be opened at any given time.
If set don't use concurrent reads
Normally concurrent reads are safe to use and not using them will degrade performance, so this option is disabled by default.
Some servers limit the amount number of times a file can be downloaded. Using concurrent reads can trigger this limit, so if you have a server which returns
Failed to copy: file does not exist
Then you may need to enable this flag.
If concurrent reads are disabled, the use_fstat option is ignored.
If set don't use concurrent writes
Normally rclone uses concurrent writes to upload files. This improves the performance greatly, especially for distant servers.
This option disables concurrent writes should that be necessary.
Max time before closing idle connections
If no connections have been returned to the connection pool in the time given, rclone will empty the connection pool.
Set to 0 to keep connections indefinitely.
SFTP supports checksums if the same login has shell access and md5sum
or sha1sum
as well as echo
are in the remote's PATH. This remote checksumming (file hashing) is recommended and enabled by default. Disabling the checksumming may be required if you are connecting to SFTP servers which are not under your control, and to which the execution of remote commands is prohibited. Set the configuration option disable_hashcheck
to true
to disable checksumming.
SFTP also supports about
if the same login has shell access and df
are in the remote's PATH. about
will return the total space, free space, and used space on the remote for the disk of the specified path on the remote or, if not set, the disk of the root on the remote. about
will fail if it does not have shell access or if df
is not in the remote's PATH.
Note that some SFTP servers (e.g. Synology) the paths are different for SSH and SFTP so the hashes can't be calculated properly. For them using disable_hashcheck
is a good idea.
The only ssh agent supported under Windows is Putty's pageant.
The Go SSH library disables the use of the aes128-cbc cipher by default, due to security concerns. This can be re-enabled on a per-connection basis by setting the use_insecure_cipher
setting in the configuration file to true
. Further details on the insecurity of this cipher can be found in this paper.
SFTP isn't supported under plan9 until this issue is fixed.
Note that since SFTP isn't HTTP based the following flags don't work with it: --dump-headers
, --dump-bodies
, --dump-auth
Note that --timeout
isn't supported (but --contimeout
is).
C14 is supported through the SFTP backend.
rsync.net is supported through the SFTP backend.
See rsync.net's documentation of rclone examples.
SugarSync is a cloud service that enables active synchronization of files across computers and other devices for file backup, access, syncing, and sharing.
The initial setup for SugarSync involves getting a token from SugarSync which you can do with rclone. rclone config
walks you through it.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Sugarsync
\ "sugarsync"
[snip]
Storage> sugarsync
** See help for sugarsync backend at: https://rclone.org/sugarsync/ **
Sugarsync App ID.
Leave blank to use rclone's.
Enter a string value. Press Enter for the default ("").
app_id>
Sugarsync Access Key ID.
Leave blank to use rclone's.
Enter a string value. Press Enter for the default ("").
access_key_id>
Sugarsync Private Access Key
Leave blank to use rclone's.
Enter a string value. Press Enter for the default ("").
private_access_key>
Permanently delete files if true
otherwise put them in the deleted files.
Enter a boolean value (true or false). Press Enter for the default ("false").
hard_delete>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
Username (email address)> nick@craig-wood.com
Your Sugarsync password is only required during setup and will not be stored.
password:
--------------------
[remote]
type = sugarsync
refresh_token = https://api.sugarsync.com/app-authorization/XXXXXXXXXXXXXXXXXX
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Note that the config asks for your email and password but doesn't store them, it only uses them to get the initial token.
Once configured you can then use rclone
like this,
List directories (sync folders) in top level of your SugarSync
rclone lsd remote:
List all the files in your SugarSync folder "Test"
rclone ls remote:Test
To copy a local directory to an SugarSync folder called backup
rclone copy /home/source remote:backup
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
NB you can't create files in the top level folder you have to create a folder, which rclone will create as a "Sync Folder" with SugarSync.
SugarSync does not support modification times or hashes, therefore syncing will default to --size-only
checking. Note that using --update
will work as rclone can read the time files were uploaded.
SugarSync replaces the default restricted characters set except for DEL.
Invalid UTF-8 bytes will also be replaced, as they can't be used in XML strings.
Deleted files will be moved to the "Deleted items" folder by default.
However you can supply the flag --sugarsync-hard-delete
or set the config parameter hard_delete = true
if you would like files to be deleted straight away.
Here are the standard options specific to sugarsync (Sugarsync).
Sugarsync App ID.
Leave blank to use rclone's.
Sugarsync Access Key ID.
Leave blank to use rclone's.
Sugarsync Private Access Key
Leave blank to use rclone's.
Permanently delete files if true otherwise put them in the deleted files.
Here are the advanced options specific to sugarsync (Sugarsync).
Sugarsync refresh token
Leave blank normally, will be auto configured by rclone.
Sugarsync authorization
Leave blank normally, will be auto configured by rclone.
Sugarsync authorization expiry
Leave blank normally, will be auto configured by rclone.
Sugarsync user
Leave blank normally, will be auto configured by rclone.
Sugarsync root id
Leave blank normally, will be auto configured by rclone.
Sugarsync deleted folder id
Leave blank normally, will be auto configured by rclone.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
rclone about
is not supported by the SugarSync backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
Tardigrade is an encrypted, secure, and cost-effective object storage service that enables you to store, back up, and archive large amounts of data in a decentralized manner.
To make a new Tardigrade configuration you need one of the following: * Access Grant that someone else shared with you. * API Key of a Tardigrade project you are a member of.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
[snip]
Storage> tardigrade
** See help for tardigrade backend at: https://rclone.org/tardigrade/ **
Choose an authentication method.
Enter a string value. Press Enter for the default ("existing").
Choose a number from below, or type in your own value
1 / Use an existing access grant.
\ "existing"
2 / Create a new access grant from satellite address, API key, and passphrase.
\ "new"
provider> existing
Access Grant.
Enter a string value. Press Enter for the default ("").
access_grant> your-access-grant-received-by-someone-else
Remote config
--------------------
[remote]
type = tardigrade
access_grant = your-access-grant-received-by-someone-else
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
[snip]
Storage> tardigrade
** See help for tardigrade backend at: https://rclone.org/tardigrade/ **
Choose an authentication method.
Enter a string value. Press Enter for the default ("existing").
Choose a number from below, or type in your own value
1 / Use an existing access grant.
\ "existing"
2 / Create a new access grant from satellite address, API key, and passphrase.
\ "new"
provider> new
Satellite Address. Custom satellite address should match the format: `<nodeid>@<address>:<port>`.
Enter a string value. Press Enter for the default ("us-central-1.tardigrade.io").
Choose a number from below, or type in your own value
1 / US Central 1
\ "us-central-1.tardigrade.io"
2 / Europe West 1
\ "europe-west-1.tardigrade.io"
3 / Asia East 1
\ "asia-east-1.tardigrade.io"
satellite_address> 1
API Key.
Enter a string value. Press Enter for the default ("").
api_key> your-api-key-for-your-tardigrade-project
Encryption Passphrase. To access existing objects enter passphrase used for uploading.
Enter a string value. Press Enter for the default ("").
passphrase> your-human-readable-encryption-passphrase
Remote config
--------------------
[remote]
type = tardigrade
satellite_address = 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us-central-1.tardigrade.io:7777
api_key = your-api-key-for-your-tardigrade-project
passphrase = your-human-readable-encryption-passphrase
access_grant = the-access-grant-generated-from-the-api-key-and-passphrase
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Paths are specified as remote:bucket
(or remote:
for the lsf
command.) You may put subdirectories in too, e.g. remote:bucket/path/to/dir
.
Once configured you can then use rclone
like this.
Use the mkdir
command to create new bucket, e.g. bucket
.
rclone mkdir remote:bucket
Use the lsf
command to list all buckets.
rclone lsf remote:
Note the colon (:
) character at the end of the command line.
Use the rmdir
command to delete an empty bucket.
rclone rmdir remote:bucket
Use the purge
command to delete a non-empty bucket with all its content.
rclone purge remote:bucket
Use the copy
command to upload an object.
rclone copy --progress /home/local/directory/file.ext remote:bucket/path/to/dir/
The --progress
flag is for displaying progress information. Remove it if you don't need this information.
Use a folder in the local path to upload all its objects.
rclone copy --progress /home/local/directory/ remote:bucket/path/to/dir/
Only modified files will be copied.
Use the ls
command to list recursively all objects in a bucket.
rclone ls remote:bucket
Add the folder to the remote path to list recursively all objects in this folder.
rclone ls remote:bucket/path/to/dir/
Use the lsf
command to list non-recursively all objects in a bucket or a folder.
rclone lsf remote:bucket/path/to/dir/
Use the copy
command to download an object.
rclone copy --progress remote:bucket/path/to/dir/file.ext /home/local/directory/
The --progress
flag is for displaying progress information. Remove it if you don't need this information.
Use a folder in the remote path to download all its objects.
rclone copy --progress remote:bucket/path/to/dir/ /home/local/directory/
Use the deletefile
command to delete a single object.
rclone deletefile remote:bucket/path/to/dir/file.ext
Use the delete
command to delete all object in a folder.
rclone delete remote:bucket/path/to/dir/
Use the size
command to print the total size of objects in a bucket or a folder.
rclone size remote:bucket/path/to/dir/
Use the sync
command to sync the source to the destination, changing the destination only, deleting any excess files.
rclone sync -i --progress /home/local/directory/ remote:bucket/path/to/dir/
The --progress
flag is for displaying progress information. Remove it if you don't need this information.
Since this can cause data loss, test first with the --dry-run
flag to see exactly what would be copied and deleted.
The sync can be done also from Tardigrade to the local file system.
rclone sync -i --progress remote:bucket/path/to/dir/ /home/local/directory/
Or between two Tardigrade buckets.
rclone sync -i --progress remote-us:bucket/path/to/dir/ remote-europe:bucket/path/to/dir/
Or even between another cloud storage and Tardigrade.
rclone sync -i --progress s3:bucket/path/to/dir/ tardigrade:bucket/path/to/dir/
Here are the standard options specific to tardigrade (Tardigrade Decentralized Cloud Storage).
Choose an authentication method.
Access Grant.
Satellite Address. Custom satellite address should match the format: <nodeid>@<address>:<port>
.
API Key.
Encryption Passphrase. To access existing objects enter passphrase used for uploading.
rclone about
is not supported by the rclone Tardigrade backend. Backends without this capability cannot determine free space for an rclone mount or use policy mfs
(most free space) as a member of an rclone union remote.
See List of backends that do not support rclone about See rclone about
If you get errors like too many open files
this usually happens when the default ulimit
for system max open files is exceeded. Native Storj protocol opens a large number of TCP connections (each of which is counted as an open file). For a single upload stream you can expect 110 TCP connections to be opened. For a single download stream you can expect 35. This batch of connections will be opened for every 64 MiB segment and you should also expect TCP connections to be reused. If you do many transfers you eventually open a connection to most storage nodes (thousands of nodes).
To fix these, please raise your system limits. You can do this issuing a ulimit -n 65536
just before you run rclone. To change the limits more permanently you can add this to your shell startup script, e.g. $HOME/.bashrc
, or change the system-wide configuration, usually /etc/sysctl.conf
and/or /etc/security/limits.conf
, but please refer to your operating system manual.
This is a Backend for Uptobox file storage service. Uptobox is closer to a one-click hoster than a traditional cloud storage provider and therefore not suitable for long term storage.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
To configure an Uptobox backend you'll need your personal api token. You'll find it in your account settings
Here is an example of how to make a remote called remote
with the default setup. First run:
rclone config
This will guide you through an interactive setup process:
Current remotes:
Name Type
==== ====
TestUptobox uptobox
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> n
name> uptobox
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[...]
37 / Uptobox
\ "uptobox"
[...]
Storage> uptobox
** See help for uptobox backend at: https://rclone.org/uptobox/ **
Your API Key, get it from https://uptobox.com/my_account
Enter a string value. Press Enter for the default ("").
api_key> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[uptobox]
type = uptobox
api_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d>
Once configured you can then use rclone
like this,
List directories in top level of your Uptobox
rclone lsd remote:
List all the files in your Uptobox
rclone ls remote:
To copy a local directory to an Uptobox directory called backup
rclone copy /home/source remote:backup
Uptobox supports neither modified times nor checksums.
In addition to the default restricted characters set the following characters are also replaced:
Character | Value | Replacement |
---|---|---|
" | 0x22 | " |
` | 0x41 | ` |
Invalid UTF-8 bytes will also be replaced, as they can't be used in XML strings.
Here are the standard options specific to uptobox (Uptobox).
Your access Token, get it from https://uptobox.com/my_account
Here are the advanced options specific to uptobox (Uptobox).
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Uptobox will delete inactive files that have not been accessed in 60 days.
rclone about
is not supported by this backend an overview of used space can however been seen in the uptobox web interface.
The union
remote provides a unification similar to UnionFS using other remotes.
Paths may be as deep as required or a local path, e.g. remote:directory/subdirectory
or /directory/subdirectory
.
During the initial setup with rclone config
you will specify the upstream remotes as a space separated list. The upstream remotes can either be a local paths or other remotes.
Attribute :ro
and :nc
can be attach to the end of path to tag the remote as read only or no create, e.g. remote:directory/subdirectory:ro
or remote:directory/subdirectory:nc
.
Subfolders can be used in upstream remotes. Assume a union remote named backup
with the remotes mydrive:private/backup
. Invoking rclone mkdir backup:desktop
is exactly the same as invoking rclone mkdir mydrive:private/backup/desktop
.
There will be no special handling of paths containing ..
segments. Invoking rclone mkdir backup:../desktop
is exactly the same as invoking rclone mkdir mydrive:private/backup/../desktop
.
The behavior of union backend is inspired by trapexit/mergerfs. All functions are grouped into 3 categories: action, create and search. These functions and categories can be assigned a policy which dictates what file or directory is chosen when performing that behavior. Any policy can be assigned to a function or category though some may not be very useful in practice. For instance: rand (random) may be useful for file creation (create) but could lead to very odd behavior if used for delete
if there were more than one copy of the file.
Category | Description | Functions |
---|---|---|
action | Writing Existing file | move, rmdir, rmdirs, delete, purge and copy, sync (as destination when file exist) |
create | Create non-existing file | copy, sync (as destination when file not exist) |
search | Reading and listing file | ls, lsd, lsl, cat, md5sum, sha1sum and copy, sync (as source) |
N/A | size, about |
Policies, as described below, are of two basic types. path preserving
and non-path preserving
.
All policies which start with ep
(epff, eplfs, eplus, epmfs, eprand) are path preserving
. ep
stands for existing path
.
A path preserving policy will only consider upstreams where the relative path being accessed already exists.
When using non-path preserving policies paths will be created in target upstreams as necessary.
Some policies rely on quota information. These policies should be used only if your upstreams support the respective quota fields.
Policy | Required Field |
---|---|
lfs, eplfs | Free |
mfs, epmfs | Free |
lus, eplus | Used |
lno, eplno | Objects |
To check if your upstream supports the field, run rclone about remote: [flags]
and see if the required field exists.
Policies basically search upstream remotes and create a list of files / paths for functions to work on. The policy is responsible for filtering and sorting. The policy type defines the sorting but filtering is mostly uniform as described below.
If all remotes are filtered an error will be returned.
The policies definition are inspired by trapexit/mergerfs but not exactly the same. Some policy definition could be different due to the much larger latency of remote file systems.
Policy | Description |
---|---|
all | Search category: same as epall. Action category: same as epall. Create category: act on all upstreams. |
epall (existing path, all) | Search category: Given this order configured, act on the first one found where the relative path exists. Action category: apply to all found. Create category: act on all upstreams where the relative path exists. |
epff (existing path, first found) | Act on the first one found, by the time upstreams reply, where the relative path exists. |
eplfs (existing path, least free space) | Of all the upstreams on which the relative path exists choose the one with the least free space. |
eplus (existing path, least used space) | Of all the upstreams on which the relative path exists choose the one with the least used space. |
eplno (existing path, least number of objects) | Of all the upstreams on which the relative path exists choose the one with the least number of objects. |
epmfs (existing path, most free space) | Of all the upstreams on which the relative path exists choose the one with the most free space. |
eprand (existing path, random) | Calls epall and then randomizes. Returns only one upstream. |
ff (first found) | Search category: same as epff. Action category: same as epff. Create category: Act on the first one found by the time upstreams reply. |
lfs (least free space) | Search category: same as eplfs. Action category: same as eplfs. Create category: Pick the upstream with the least available free space. |
lus (least used space) | Search category: same as eplus. Action category: same as eplus. Create category: Pick the upstream with the least used space. |
lno (least number of objects) | Search category: same as eplno. Action category: same as eplno. Create category: Pick the upstream with the least number of objects. |
mfs (most free space) | Search category: same as epmfs. Action category: same as epmfs. Create category: Pick the upstream with the most available free space. |
newest | Pick the file / directory with the largest mtime. |
rand (random) | Calls all and then randomizes. Returns only one upstream. |
Here is an example of how to make a union called remote
for local folders. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Union merges the contents of several remotes
\ "union"
[snip]
Storage> union
List of space separated upstreams.
Can be 'upstreama:test/dir upstreamb:', '\"upstreama:test/space:ro dir\" upstreamb:', etc.
Enter a string value. Press Enter for the default ("").
upstreams> remote1:dir1 remote2:dir2 remote3:dir3
Policy to choose upstream on ACTION class.
Enter a string value. Press Enter for the default ("epall").
action_policy>
Policy to choose upstream on CREATE class.
Enter a string value. Press Enter for the default ("epmfs").
create_policy>
Policy to choose upstream on SEARCH class.
Enter a string value. Press Enter for the default ("ff").
search_policy>
Cache time of usage and free space (in seconds). This option is only useful when a path preserving policy is used.
Enter a signed integer. Press Enter for the default ("120").
cache_time>
Remote config
--------------------
[remote]
type = union
upstreams = remote1:dir1 remote2:dir2 remote3:dir3
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
remote union
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
Once configured you can then use rclone
like this,
List directories in top level in remote1:dir1
, remote2:dir2
and remote3:dir3
rclone lsd remote:
List all the files in remote1:dir1
, remote2:dir2
and remote3:dir3
rclone ls remote:
Copy another local directory to the union directory called source, which will be placed into remote3:dir3
rclone copy C:\source remote:source
Here are the standard options specific to union (Union merges the contents of several upstream fs).
List of space separated upstreams. Can be 'upstreama:test/dir upstreamb:', '"upstreama:test/space:ro dir" upstreamb:', etc.
Policy to choose upstream on ACTION category.
Policy to choose upstream on CREATE category.
Policy to choose upstream on SEARCH category.
Cache time of usage and free space (in seconds). This option is only useful when a path preserving policy is used.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
To configure the WebDAV remote you will need to have a URL for it, and a username and password. If you know what kind of system you are connecting to then rclone can enable extra features.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Webdav
\ "webdav"
[snip]
Storage> webdav
URL of http host to connect to
Choose a number from below, or type in your own value
1 / Connect to example.com
\ "https://example.com"
url> https://example.com/remote.php/webdav/
Name of the Webdav site/service/software you are using
Choose a number from below, or type in your own value
1 / Nextcloud
\ "nextcloud"
2 / Owncloud
\ "owncloud"
3 / Sharepoint Online, authenticated by Microsoft account.
\ "sharepoint"
4 / Sharepoint with NTLM authentication. Usually self-hosted or on-premises.
\ "sharepoint-ntlm"
5 / Other site/service or software
\ "other"
vendor> 1
User name
user> user
Password.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank
y/g/n> y
Enter the password:
password:
Confirm the password:
password:
Bearer token instead of user/pass (e.g. a Macaroon)
bearer_token>
Remote config
--------------------
[remote]
type = webdav
url = https://example.com/remote.php/webdav/
vendor = nextcloud
user = user
pass = *** ENCRYPTED ***
bearer_token =
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
Once configured you can then use rclone
like this,
List directories in top level of your WebDAV
rclone lsd remote:
List all the files in your WebDAV
rclone ls remote:
To copy a local directory to an WebDAV directory called backup
rclone copy /home/source remote:backup
Plain WebDAV does not support modified times. However when used with Owncloud or Nextcloud rclone will support modified times.
Likewise plain WebDAV does not support hashes, however when used with Owncloud or Nextcloud rclone will support SHA1 and MD5 hashes. Depending on the exact version of Owncloud or Nextcloud hashes may appear on all objects, or only on objects which had a hash uploaded with them.
Here are the standard options specific to webdav (Webdav).
URL of http host to connect to
Name of the Webdav site/service/software you are using
User name. In case NTLM authentication is used, the username should be in the format 'Domain'.
Password.
NB Input to this must be obscured - see rclone obscure.
Bearer token instead of user/pass (e.g. a Macaroon)
Here are the advanced options specific to webdav (Webdav).
Command to run to get a bearer token
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Default encoding is Slash,LtGt,DoubleQuote,Colon,Question,Asterisk,Pipe,Hash,Percent,BackSlash,Del,Ctl,LeftSpace,LeftTilde,RightSpace,RightPeriod,InvalidUtf8 for sharepoint-ntlm or identity otherwise.
Set HTTP headers for all transactions
Use this to set additional HTTP headers for all transactions
The input format is comma separated list of key,value pairs. Standard CSV encoding may be used.
For example to set a Cookie use 'Cookie,name=value', or '"Cookie","name=value"'.
You can set multiple headers, e.g. '"Cookie","name=value","Authorization","xxx"'.
See below for notes on specific providers.
Click on the settings cog in the bottom right of the page and this will show the WebDAV URL that rclone needs in the config step. It will look something like https://example.com/remote.php/webdav/
.
Owncloud supports modified times using the X-OC-Mtime
header.
This is configured in an identical way to Owncloud. Note that Nextcloud initially did not support streaming of files (rcat
) whereas Owncloud did, but this seems to be fixed as of 2020-11-27 (tested with rclone v1.53.1 and Nextcloud Server v19).
Rclone can be used with Sharepoint provided by OneDrive for Business or Office365 Education Accounts. This feature is only needed for a few of these Accounts, mostly Office365 Education ones. These accounts are sometimes not verified by the domain owner github#1975
This means that these accounts can't be added using the official API (other Accounts should work with the "onedrive" option). However, it is possible to access them using webdav.
To use a sharepoint remote with rclone, add it like this: First, you need to get your remote's URL:
https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/_layouts/15/onedrive.aspx
You'll only need this URL up to the email address. After that, you'll most likely want to add "/Documents". That subdirectory contains the actual data stored on your OneDrive.
Add the remote to rclone like this: Configure the url
as https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/Documents
and use your normal account email and password for user
and pass
. If you have 2FA enabled, you have to generate an app password. Set the vendor
to sharepoint
.
Your config file should look like this:
[sharepoint]
type = webdav
url = https://[YOUR-DOMAIN]-my.sharepoint.com/personal/[YOUR-EMAIL]/Documents
vendor = sharepoint
user = YourEmailAddress
pass = encryptedpassword
Use this option in case your (hosted) Sharepoint is not tied to OneDrive accounts and uses NTLM authentication.
To get the url
configuration, similarly to the above, first navigate to the desired directory in your browser to get the URL, then strip everything after the name of the opened directory.
Example: If the URL is: https://example.sharepoint.com/sites/12345/Documents/Forms/AllItems.aspx
The configuration to use would be: https://example.sharepoint.com/sites/12345/Documents
Set the vendor
to sharepoint-ntlm
.
NTLM uses domain and user name combination for authentication, set user
to DOMAIN\username
.
Your config file should look like this:
[sharepoint]
type = webdav
url = https://[YOUR-DOMAIN]/some-path-to/Documents
vendor = sharepoint-ntlm
user = DOMAIN\user
pass = encryptedpassword
As SharePoint does some special things with uploaded documents, you won't be able to use the documents size or the documents hash to compare if a file has been changed since the upload / which file is newer.
For Rclone calls copying files (especially Office files such as .docx, .xlsx, etc.) from/to SharePoint (like copy, sync, etc.), you should append these flags to ensure Rclone uses the "Last Modified" datetime property to compare your documents:
--ignore-size --ignore-checksum --update
dCache is a storage system that supports many protocols and authentication/authorisation schemes. For WebDAV clients, it allows users to authenticate with username and password (BASIC), X.509, Kerberos, and various bearer tokens, including Macaroons and OpenID-Connect access tokens.
Configure as normal using the other
type. Don't enter a username or password, instead enter your Macaroon as the bearer_token
.
The config will end up looking something like this.
[dcache]
type = webdav
url = https://dcache...
vendor = other
user =
pass =
bearer_token = your-macaroon
There is a script that obtains a Macaroon from a dCache WebDAV endpoint, and creates an rclone config file.
Macaroons may also be obtained from the dCacheView web-browser/JavaScript client that comes with dCache.
dCache also supports authenticating with OpenID-Connect access tokens. OpenID-Connect is a protocol (based on OAuth 2.0) that allows services to identify users who have authenticated with some central service.
Support for OpenID-Connect in rclone is currently achieved using another software package called oidc-agent. This is a command-line tool that facilitates obtaining an access token. Once installed and configured, an access token is obtained by running the oidc-token
command. The following example shows a (shortened) access token obtained from the XDC OIDC Provider.
paul@celebrimbor:~$ oidc-token XDC
eyJraWQ[...]QFXDt0
paul@celebrimbor:~$
Note Before the oidc-token
command will work, the refresh token must be loaded into the oidc agent. This is done with the oidc-add
command (e.g., oidc-add XDC
). This is typically done once per login session. Full details on this and how to register oidc-agent with your OIDC Provider are provided in the oidc-agent documentation.
The rclone bearer_token_command
configuration option is used to fetch the access token from oidc-agent.
Configure as a normal WebDAV endpoint, using the 'other' vendor, leaving the username and password empty. When prompted, choose to edit the advanced config and enter the command to get a bearer token (e.g., oidc-agent XDC
).
The following example config shows a WebDAV endpoint that uses oidc-agent to supply an access token from the XDC OIDC Provider.
[dcache]
type = webdav
url = https://dcache.example.org/
vendor = other
bearer_token_command = oidc-token XDC
Yandex Disk is a cloud storage solution created by Yandex.
Here is an example of making a yandex configuration. First run
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
n/s> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Yandex Disk
\ "yandex"
[snip]
Storage> yandex
Yandex Client Id - leave blank normally.
client_id>
Yandex Client Secret - leave blank normally.
client_secret>
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes
n) No
y/n> y
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth
Log in and authorize rclone for access
Waiting for code...
Got code
--------------------
[remote]
client_id =
client_secret =
token = {"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","token_type":"OAuth","expiry":"2016-12-29T12:27:11.362788025Z"}
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Note that rclone runs a webserver on your local machine to collect the token as returned from Yandex Disk. This only runs from the moment it opens your browser to the moment you get back the verification code. This is on http://127.0.0.1:53682/
and this it may require you to unblock it temporarily if you are running a host firewall.
Once configured you can then use rclone
like this,
See top level directories
rclone lsd remote:
Make a new directory
rclone mkdir remote:directory
List the contents of a directory
rclone ls remote:directory
Sync /home/local/directory
to the remote path, deleting any excess files in the path.
rclone sync -i /home/local/directory remote:directory
Yandex paths may be as deep as required, e.g. remote:directory/subdirectory
.
Modified times are supported and are stored accurate to 1 ns in custom metadata called rclone_modified
in RFC3339 with nanoseconds format.
MD5 checksums are natively supported by Yandex Disk.
If you wish to empty your trash you can use the rclone cleanup remote:
command which will permanently delete all your trashed files. This command does not take any path arguments.
To view your current quota you can use the rclone about remote:
command which will display your usage limit (quota) and the current usage.
The default restricted characters set are replaced.
Invalid UTF-8 bytes will also be replaced, as they can't be used in JSON strings.
When uploading very large files (bigger than about 5 GiB) you will need to increase the --timeout
parameter. This is because Yandex pauses (perhaps to calculate the MD5SUM for the entire file) before returning confirmation that the file has been uploaded. The default handling of timeouts in rclone is to assume a 5 minute pause is an error and close the connection - you'll see net/http: timeout awaiting response headers
errors in the logs if this is happening. Setting the timeout to twice the max size of file in GiB should be enough, so if you want to upload a 30 GiB file set a timeout of 2 * 30 = 60m
, that is --timeout 60m
.
Here are the standard options specific to yandex (Yandex Disk).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Here are the advanced options specific to yandex (Yandex Disk).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Zoho WorkDrive is a cloud storage solution created by Zoho.
Here is an example of making a zoho configuration. First run
rclone config
This will guide you through an interactive setup process:
No remotes found - make a new one
n) New remote
s) Set configuration password
n/s> n
name> remote
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
[snip]
XX / Zoho
\ "zoho"
[snip]
Storage> zoho
** See help for zoho backend at: https://rclone.org/zoho/ **
OAuth Client Id
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_id>
OAuth Client Secret
Leave blank normally.
Enter a string value. Press Enter for the default ("").
client_secret>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
Use auto config?
* Say Y if not sure
* Say N if you are working on a remote or headless machine
y) Yes (default)
n) No
y/n>
If your browser doesn't open automatically go to the following link: http://127.0.0.1:53682/auth?state=LVn0IHzxej1ZkmQw31d0wQ
Log in and authorize rclone for access
Waiting for code...
Got code
Choose a number from below, or type in your own value
1 / MyTeam
\ "4u28602177065ff22426787a6745dba8954eb"
Enter a Team ID> 1
Choose a number from below, or type in your own value
1 / General
\ "4u2869d2aa6fca04f4f2f896b6539243b85b1"
Enter a Workspace ID> 1
--------------------
[remote]
type = zoho
token = {"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","token_type":"Zoho-oauthtoken","refresh_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","expiry":"2020-10-12T00:54:52.370275223+02:00"}
root_folder_id = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d>
See the remote setup docs for how to set it up on a machine with no Internet browser available.
Rclone runs a webserver on your local computer to collect the authorization token from Zoho Workdrive. This is only from the moment your browser is opened until the token is returned. The webserver runs on http://127.0.0.1:53682/
. If local port 53682
is protected by a firewall you may need to temporarily unblock the firewall to complete authorization.
Once configured you can then use rclone
like this,
See top level directories
rclone lsd remote:
Make a new directory
rclone mkdir remote:directory
List the contents of a directory
rclone ls remote:directory
Sync /home/local/directory
to the remote path, deleting any excess files in the path.
rclone sync -i /home/local/directory remote:directory
Zoho paths may be as deep as required, eg remote:directory/subdirectory
.
Modified times are currently not supported for Zoho Workdrive
No checksums are supported.
To view your current quota you can use the rclone about remote:
command which will display your current usage.
Only control characters and invalid UTF-8 are replaced. In addition most Unicode full-width characters are not supported at all and will be removed from filenames during upload.
Here are the standard options specific to zoho (Zoho).
OAuth Client Id Leave blank normally.
OAuth Client Secret Leave blank normally.
Zoho region to connect to.
You'll have to use the region your organization is registered in. If not sure use the same top level domain as you connect to in your browser.
Here are the advanced options specific to zoho (Zoho).
OAuth Access Token as a JSON blob.
Auth server URL. Leave blank to use the provider defaults.
Token server url. Leave blank to use the provider defaults.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Local paths are specified as normal filesystem paths, e.g. /path/to/wherever
, so
rclone sync -i /home/source /tmp/destination
Will sync /home/source
to /tmp/destination
.
For consistencies sake one can also configure a remote of type local
in the config file, and access the local filesystem using rclone remote paths, e.g. remote:path/to/wherever
, but it is probably easier not to.
Rclone reads and writes the modified time using an accuracy determined by the OS. Typically this is 1ns on Linux, 10 ns on Windows and 1 Second on OS X.
Filenames should be encoded in UTF-8 on disk. This is the normal case for Windows and OS X.
There is a bit more uncertainty in the Linux world, but new distributions will have UTF-8 encoded files names. If you are using an old Linux filesystem with non UTF-8 file names (e.g. latin1) then you can use the convmv
tool to convert the filesystem to UTF-8. This tool is available in most distributions' package managers.
If an invalid (non-UTF8) filename is read, the invalid characters will be replaced with a quoted representation of the invalid bytes. The name gro\xdf
will be transferred as gro‛DF
. rclone
will emit a debug message in this case (use -v
to see), e.g.
Local file system at .: Replacing invalid UTF-8 characters in "gro\xdf"
On non Windows platforms the following characters are replaced when handling file names.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
/ | 0x2F | / |
When running on Windows the following characters are replaced. This list is based on the Windows file naming conventions.
Character | Value | Replacement |
---|---|---|
NUL | 0x00 | ␀ |
SOH | 0x01 | ␁ |
STX | 0x02 | ␂ |
ETX | 0x03 | ␃ |
EOT | 0x04 | ␄ |
ENQ | 0x05 | ␅ |
ACK | 0x06 | ␆ |
BEL | 0x07 | ␇ |
BS | 0x08 | ␈ |
HT | 0x09 | ␉ |
LF | 0x0A | ␊ |
VT | 0x0B | ␋ |
FF | 0x0C | ␌ |
CR | 0x0D | ␍ |
SO | 0x0E | ␎ |
SI | 0x0F | ␏ |
DLE | 0x10 | ␐ |
DC1 | 0x11 | ␑ |
DC2 | 0x12 | ␒ |
DC3 | 0x13 | ␓ |
DC4 | 0x14 | ␔ |
NAK | 0x15 | ␕ |
SYN | 0x16 | ␖ |
ETB | 0x17 | ␗ |
CAN | 0x18 | ␘ |
EM | 0x19 | ␙ |
SUB | 0x1A | ␚ |
ESC | 0x1B | ␛ |
FS | 0x1C | ␜ |
GS | 0x1D | ␝ |
RS | 0x1E | ␞ |
US | 0x1F | ␟ |
/ | 0x2F | / |
" | 0x22 | " |
* | 0x2A | * |
: | 0x3A | : |
< | 0x3C | < |
> | 0x3E | > |
? | 0x3F | ? |
\ | 0x5C | \ |
| | 0x7C | | |
File names on Windows can also not end with the following characters. These only get replaced if they are the last character in the name:
Character | Value | Replacement |
---|---|---|
SP | 0x20 | ␠ |
. | 0x2E | . |
Invalid UTF-8 bytes will also be replaced, as they can't be converted to UTF-16.
On Windows there are many ways of specifying a path to a file system resource. Local paths can be absolute, like C:\path\to\wherever
, or relative, like ..\wherever
. Network paths in UNC format, \\server\share
, are also supported. Path separator can be either \
(as in C:\path\to\wherever
) or /
(as in C:/path/to/wherever
). Length of these paths are limited to 259 characters for files and 247 characters for directories, but there is an alternative extended-length path format increasing the limit to (approximately) 32,767 characters. This format requires absolute paths and the use of prefix \\?\
, e.g. \\?\D:\some\very\long\path
. For convenience rclone will automatically convert regular paths into the corresponding extended-length paths, so in most cases you do not have to worry about this (read more below).
Note that Windows supports using the same prefix \\?\
to specify path to volumes identified by their GUID, e.g. \\?\Volume{b75e2c83-0000-0000-0000-602f00000000}\some\path
. This is not supported in rclone, due to an issue in go.
Rclone handles long paths automatically, by converting all paths to extended-length path format, which allows paths up to 32,767 characters.
This conversion will ensure paths are absolute and prefix them with the \\?\
. This is why you will see that your paths, for instance .\files
is shown as path \\?\C:\files
in the output, and \\server\share
as \\?\UNC\server\share
.
However, in rare cases this may cause problems with buggy file system drivers like EncFS. To disable UNC conversion globally, add this to your .rclone.conf
file:
[local]
nounc = true
If you want to selectively disable UNC, you can add it to a separate entry like this:
[nounc]
type = local
nounc = true
And use rclone like this:
rclone copy c:\src nounc:z:\dst
This will use UNC paths on c:\src
but not on z:\dst
. Of course this will cause problems if the absolute path length of a file exceeds 259 characters on z, so only use this option if you have to.
Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).
If you supply --copy-links
or -L
then rclone will follow the symlink and copy the pointed to file or directory. Note that this flag is incompatible with --links
/ -l
.
This flag applies to all commands.
For example, supposing you have a directory structure like this
$ tree /tmp/a
/tmp/a
├── b -> ../b
├── expected -> ../expected
├── one
└── two
└── three
Then you can see the difference with and without the flag like this
$ rclone ls /tmp/a
6 one
6 two/three
and
$ rclone -L ls /tmp/a
4174 expected
6 one
6 two/three
6 b/two
6 b/one
Normally rclone will ignore symlinks or junction points (which behave like symlinks under Windows).
If you supply this flag then rclone will copy symbolic links from the local storage, and store them as text files, with a '.rclonelink' suffix in the remote storage.
The text file will contain the target of the symbolic link (see example).
This flag applies to all commands.
For example, supposing you have a directory structure like this
$ tree /tmp/a
/tmp/a
├── file1 -> ./file4
└── file2 -> /home/user/file3
Copying the entire directory with '-l'
$ rclone copyto -l /tmp/a/file1 remote:/tmp/a/
The remote files are created with a '.rclonelink' suffix
$ rclone ls remote:/tmp/a
5 file1.rclonelink
14 file2.rclonelink
The remote files will contain the target of the symbolic links
$ rclone cat remote:/tmp/a/file1.rclonelink
./file4
$ rclone cat remote:/tmp/a/file2.rclonelink
/home/user/file3
Copying them back with '-l'
$ rclone copyto -l remote:/tmp/a/ /tmp/b/
$ tree /tmp/b
/tmp/b
├── file1 -> ./file4
└── file2 -> /home/user/file3
However, if copied back without '-l'
$ rclone copyto remote:/tmp/a/ /tmp/b/
$ tree /tmp/b
/tmp/b
├── file1.rclonelink
└── file2.rclonelink
Note that this flag is incompatible with -copy-links
/ -L
.
Normally rclone will recurse through filesystems as mounted.
However if you set --one-file-system
or -x
this tells rclone to stay in the filesystem specified by the root and not to recurse into different file systems.
For example if you have a directory hierarchy like this
root
├── disk1 - disk1 mounted on the root
│ └── file3 - stored on disk1
├── disk2 - disk2 mounted on the root
│ └── file4 - stored on disk12
├── file1 - stored on the root disk
└── file2 - stored on the root disk
Using rclone --one-file-system copy root remote:
will only copy file1
and file2
. Eg
$ rclone -q --one-file-system ls root
0 file1
0 file2
$ rclone -q ls root
0 disk1/file3
0 disk2/file4
0 file1
0 file2
NB Rclone (like most unix tools such as du
, rsync
and tar
) treats a bind mount to the same device as being on the same filesystem.
NB This flag is only available on Unix based systems. On systems where it isn't supported (e.g. Windows) it will be ignored.
Here are the advanced options specific to local (Local Disk).
Disable UNC (long path names) conversion on Windows
Follow symlinks and copy the pointed to item.
Translate symlinks to/from regular files with a '.rclonelink' extension
Don't warn about skipped symlinks. This flag disables warning messages on skipped symlinks or junction points, as you explicitly acknowledge that they should be skipped.
Assume the Stat size of links is zero (and read them instead) (Deprecated)
Rclone used to use the Stat size of links as the link size, but this fails in quite a few places
So rclone now always reads the link
Apply unicode NFC normalization to paths and filenames
This flag can be used to normalize file names into unicode NFC form that are read from the local filesystem.
Rclone does not normally touch the encoding of file names it reads from the file system.
This can be useful when using macOS as it normally provides decomposed (NFD) unicode which in some language (eg Korean) doesn't display properly on some OSes.
Note that rclone compares filenames with unicode normalization in the sync routine so this flag shouldn't normally be used.
Don't check to see if the files change during upload
Normally rclone checks the size and modification time of files as they are being uploaded and aborts with a message which starts "can't copy - source file is being updated" if the file changes during upload.
However on some file systems this modification time check may fail (e.g. Glusterfs #2206) so this check can be disabled with this flag.
If this flag is set, rclone will use its best efforts to transfer a file which is being updated. If the file is only having things appended to it (e.g. a log) then rclone will transfer the log file with the size it had the first time rclone saw it.
If the file is being modified throughout (not just appended to) then the transfer may fail with a hash check failure.
In detail, once the file has had stat() called on it for the first time we:
Don't update the stat info for the file
Default: false
Don't cross filesystem boundaries (unix/macOS only).
Force the filesystem to report itself as case sensitive.
Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.
Force the filesystem to report itself as case insensitive
Normally the local backend declares itself as case insensitive on Windows/macOS and case sensitive for everything else. Use this flag to override the default choice.
Disable preallocation of disk space for transferred files
Preallocation of disk space helps prevent filesystem fragmentation. However, some virtual filesystem layers (such as Google Drive File Stream) may incorrectly set the actual file size equal to the preallocated space, causing checksum and file size checks to fail. Use this flag to disable preallocation.
Disable sparse files for multi-thread downloads
On Windows platforms rclone will make sparse files when doing multi-thread downloads. This avoids long pauses on large files where the OS zeros the file. However sparse files may be undesirable as they cause disk fragmentation and can be slow to work with.
Disable setting modtime
Normally rclone updates modification time of files after they are done uploading. This can cause permissions issues on Linux platforms when the user rclone is running as does not own the file uploaded, such as when copying to a CIFS mount owned by another user. If this option is enabled, rclone will no longer update the modtime after copying a file.
This sets the encoding for the backend.
See: the encoding section in the overview for more info.
Here are the commands specific to the local backend.
Run them with
rclone backend COMMAND remote:
The help below will explain what arguments each command takes.
See the "rclone backend" command for more info on how to pass options and arguments.
These can be run on a running backend using the rc command backend/command.
A null operation for testing backend commands
rclone backend noop remote: [options] [<arguments>+]
This is a test command which has some options you can try to change the output.
Options:
rclone md5sum -C
etcdbhashsum
: Remove command deprecated a year ago (Ivan Andreev)cache
: Deprecate cache backend (Ivan Andreev)--disable-http2
for global http2 disable (Nick Craig-Wood)--dump
imply -vv
(Alex Chen)config create
and friends to take key=value
parameters (Nick Craig-Wood)--template
config and flags to serve/data (Nolan Woods)--size
flag for more efficient uploads of known size (Nazar Mishturak)--stdio
flag to serve via stdio (Tom)--no-traverse
when --files-from
is set (Nick Gaya)test makefiles
--seed
flag and make data generated repeatable (Nick Craig-Wood)--compare-dest
(Nick Gaya)--vfs-cache-max-size
handling at cache poll interval (Leo Luan)--local-unicode-normalization
(and remove --local-no-unicode-normalization
) (Nick Craig-Wood)--b2-versions
(Dominik Mydlil)--dropbox-batch-mode
flag to speed up uploading (Nick Craig-Wood)
--expire
is set (Nick Craig-Wood)list_chunk option
(Nick Gaya)--s3-no-head-object
(Tatsuya Noyori)known_hosts_file
(albertony)too many open files
(acsfer)--package
flag)histogram
- Makes a histogram of file name characters.info
- Discovers file name or other limitations for paths.makefiles
- Make a random file hierarchy for testing.memory
- Load all the objects at remote:path into memory and report memory stats.--drive-shared-with-me
use drive,shared_with_me:
GO386=softfloat
instead of deprecated GO386=387
for 386 builds (Nick Craig-Wood)--config ""
or "/notfound"
for in memory config only (Nick Craig-Wood)--rmdirs
obey the filters (Nick Craig-Wood)--compare-dest
and --copy-dest
flag (K265)--exclude "dir/"
equivalent to --exclude "dir/**"
(Nick Craig-Wood)--dscp
for QoS with differentiated services (Max Sum)options/local
to see the options configured in the context (Nick Craig-Wood)_config
parameter to set global config for just this rc call (Nick Craig-Wood)_filter
parameter (Nick Craig-Wood)fscache/clear
and fscache/entries
to control the fs cache (Nick Craig-Wood)core/stats
(albertony)core/stats
(Nick Craig-Wood)fs=
params to be a JSON blob (Nick Craig-Wood)rclone rcd
command. (Naveen Honest Raj)--rmdirs
obey the filters (Nick Craig-Wood)--max-duration
timeout (Nick Craig-Wood)--low-level-retries=0
(Nick Craig-Wood)--vfs-used-is-size
to report used space using recursive scan (tYYGH)--vfs-cache-mode writes
/full
and no write (Nick Craig-Wood)--local-no-preallocate
(David Sze)nounc
an advanced option except on Windows (albertony)--fs-cache-expire-duration
to control the fs cache (Nick Craig-Wood)--timeout 0
work properly (Nick Craig-Wood)--ftp-idle-timeout
(1m by default) (Nick Craig-Wood)--timeout 0
work properly (Nick Craig-Wood)--ftp-close-timeout
flag for use with awkward ftp servers (Nick Craig-Wood)--timeout 0
work properly (Nick Craig-Wood)--s3-profile
which wasn't working (Nick Craig-Wood)--sftp-idle-timeout
(1m by default) (Nick Craig-Wood)--sftp-set-modtime=false
(Nick Craig-Wood)--timeout 0
work properly (Nick Craig-Wood)rclone config reconnect
after this (buengese)--bwlimit
for upload and download (Nick Craig-Wood)
--download
flag to md5sum/sha1sum/hashsum to force rclone to download and hash files locally (lostheli)--progress-terminal-title
to print ETA to terminal title (LaSombra)--by-hash
to dedupe on content hash not file name (Nick Craig-Wood)--dedupe-mode list
to just list dupes, changing nothing (Nick Craig-Wood)--files-from
check files concurrently (zhucan)--dry-run
(Ingo Weiss)--dry-run
or --interactive
(Nick Craig-Wood)--no-console
on windows to hide the console window (albertony)!
(errror) and .
(unreadable) file flags to go with e
(empty) (Nick Craig-Wood)rclone osbcure -
ignore newline at end of line (Nick Craig-Wood)--log-file
(Nick Craig-Wood)--cutof-mode
hard not cutting off immediately (Nick Craig-Wood)--immutable
error message (Nick Craig-Wood)--cutoff-mode
soft & cautious so it doesn't end the transfer early (Nick Craig-Wood)--immutable
errors retrying many times (Nick Craig-Wood)rclone mount
actually run rclone cmount
under macOS (Nick Craig-Wood)--vfs-cache-mode
full and --buffer-size 0
(Nick Craig-Wood)--local-zero-size-links
to fix sync on some virtual filesystems (Riccardo Iaconelli)--azureblob-archive-tier-delete
(Nick Craig-Wood)--files-from
and restic serve
in particularrclone backend copyid
command for copying files by ID (Nick Craig-Wood)--drive-stop-on-download-limit
to stop transfers when the download limit is exceeded (Anagh Kumar Baranwal)rclone lsf
etc can read the IDs (buengese)--ftp-disable-msld
option to ignore MLSD for really old servers (Nick Craig-Wood)--tpslimit apply
(Nick Craig-Wood)Entry doesn't belong in directory "" (same as directory) - ignoring
(Nick Craig-Wood)--gphotos-include-archived
to show archived photos as well (Nicolas Rueff)--s3-disable-http2
to disable http/2 (Anagh Kumar Baranwal)--s3-no-head parameter
to minimise transactions on upload (Nick Craig-Wood)--tpslimit
apply (Nick Craig-Wood)--sftp-use-fstat
for unusual SFTP servers (Nick Craig-Wood)--swift-leave-parts-on-error
(Nguyễn Hữu Luân)brew
tag to throw an error when using mount in the binaries installed via Homebrew (Anagh Kumar Baranwal)rclone config
may be insecure~
and environment vars in file names they use (Nick Craig-Wood)rclone cmount
on macOS (Nick Craig-Wood)mount/listmounts
option for listing current mounts (Chaitanya Bankanhal)operations/uploadfile
to upload a file through rc using encoding multipart/form-data (Chaitanya Bankanhal)core/command
to execute rclone terminal commands. (Chaitanya Bankanhal)rclone check
--dry-run
/-i
/--interactive
(Nick Craig-Wood)--checkers
files concurrently (Nick Craig-Wood)--download
flag (Nick Craig-Wood)rclone obscure
: Allow obscure command to accept password on STDIN (David Ibarra)rclone config
rclone cryptcheck
: Add reporting of filenames for same/missing/changed (Nick Craig-Wood)rclone dedupe
: Make it obey the --size-only
flag for duplicate detection (Nick Craig-Wood)rclone link
: Add --expire
and --unlink
flags (Roman Kredentser)rclone mkdir
: Warn when using mkdir on remotes which can't have empty directories (Nick Craig-Wood)rclone rc
: Allow JSON parameters to simplify command line usage (Nick Craig-Wood)rclone serve ftp
rclone serve restic
: Expose interfaces so that rclone can be used as a library from within restic (Jack)rclone sync
: Add --track-renames-strategy leaf
(Nick Craig-Wood)rclone touch
: Add ability to set nanosecond resolution times (Nick Craig-Wood)rclone tree
: Remove -i
shorthand for --noindent
as it conflicts with -i
/--interactive
(Nick Craig-Wood)speed
/speedAvg
(Nick Craig-Wood)rclone check
: Fix successful retries with --download
counting errors (Nick Craig-Wood)rclone dedupe
: Fix logging to be easier to understand (Nick Craig-Wood)rclone cmount
instead of rclone mount
mount/mount
remote control take vfsOpt option (Nick Craig-Wood)mount/mount
(Nick Craig-Wood)mount/listmounts
(Nick Craig-Wood)-o uid/gid=-1
if user supplies -o uid/gid
. (Nick Craig-Wood)--vfs-cache-mode full
(Nick Craig-Wood)--vfs-writeback
option to delay writes back to cloud storage (Nick Craig-Wood)--vfs-read-ahead
parameter for use with --vfs-cache-mode full
(Nick Craig-Wood)--vfs-cache-modes writes
on backends which can't stream (Nick Craig-Wood)fs
parameter to vfs rc methods (Nick Craig-Wood)--vfs-cache-mode minimal
(Nick Craig-Wood)--vfs-cache-mode writes
(Nick Craig-Wood)--local-no-updated
to provide a consistent view of changing objects (Nick Craig-Wood)--local-no-set-modtime
option to prevent modtime changes (tyhuber1)--crypt-server-side-across-configs
flag (Nick Craig-Wood)rclone backend drives
to list shared drives (teamdrives) (Nick Craig-Wood)rclone backend untrash
(Nick Craig-Wood)--drive-starred-only
to only show starred files (Jay McEntire)--drive-alternate-export
as it is no longer needed (themylogin)rclone link
by removing expires parameter (Nick Craig-Wood)--dump bodies
and --dump auth
for debugging (Nick Craig-Wood)--onedrive-no-versions
flag to remove old versions (Nick Craig-Wood)rclone link
for public link creation (buengese)rclone link
for public link sharing (Roman Kredentser)rclone backend restore
command to restore objects from GLACIER (Nick Craig-Wood)rclone cleanup
and rclone backend cleanup
to clean unfinished multipart uploads (Nick Craig-Wood)rclone backend list-multipart-uploads
to list unfinished multipart uploads (Nick Craig-Wood)--s3-max-upload-parts
support (Kamil Trzciński)--s3-no-check-bucket
for minimising rclone transactions and perms (Nick Craig-Wood)--s3-profile
and --s3-shared-credentials-file
options (Nick Craig-Wood)--s3-copy-cutoff
to < 5GB for Backblaze S3 compatibility (Nick Craig-Wood)--sftp-subsystem
and --sftp-server-command
options (aus)Special thanks to Martin Michlmayr for proof reading and correcting all the docs and Edward Barker for helping re-write the front page.
rclone backend stats cache:
(Nick Craig-Wood)rclone hashsum DropboxHash
(Nick Craig-Wood)--header-download
and --header-upload
flags for setting HTTP headers when uploading/downloading (Tim Gallant)--header
flag to add HTTP headers to every HTTP transaction (Nick Craig-Wood)--check-first
to do all checking before starting transfers (Nick Craig-Wood)--track-renames-strategy
for configurable matching criteria for --track-renames
(Bernd Schoolmann)--cutoff-mode
hard,soft,cautious (Shing Kit Chan & Franklyn Tackitt)--files-from -
) can read from stdin (fishbullet)--error-on-no-transfer
option (Jon Fautley)--order-by xxx,mixed
for copying some small and some big files (Nick Craig-Wood)--max-backlog
to be negative meaning as large as possible (Nick Craig-Wood)--no-unicode-normalization
flag to allow Unicode filenames to remain unique (Ben Zenker)--min-age
/--max-age
to take a date as well as a duration (Nick Craig-Wood)--password-command
allow use of stdin (Sébastien Gross)-trimpath
to release build for reproduceable builds (Nick Craig-Wood)--obscure
and --no-obscure
flags to config create
/update
(Nick Craig-Wood)config show
take remote:
as well as remote
(Nick Craig-Wood)--no-clobber
flag (Denis)--rmdirs
flag to delete directories as well (Kush)--files-from-raw
flag (Ankur Gupta)--hash-type
parameter and use it in lsf to speed up hashing (Nick Craig-Wood)-o
/--opt
and -a
/--arg
for more structured input (Nick Craig-Wood)backend/command
for running backend specific commands remotely (Nick Craig-Wood)mount/mount
command for starting rclone mount
via the API (Chaitanya)--template
flag for user defined markup (calistri)--key
flag (Maxime Suret)--localtime
flag to make --timestamp
localtime not UTC (Nick Craig-Wood)--no-check-certificate
is honored by oauth token fetch (Mark Spieth)--ignore-checksum
(Nick Craig-Wood)--max-transfer
more accurate (Nick Craig-Wood)--delete-before
(Nick Craig-Wood)--async-read
flag to disable asynchronous reads (Nick Craig-Wood)--allow-root
flag with a warning as it has been removed upstream (Nick Craig-Wood)--allow-non-empty
used on Windows and clarify docs (Nick Craig-Wood)mount/types
(Nick Craig-Wood)--vfs-read-wait
and --vfs-write-wait
flags to control time waiting for a sequential read/write (Nick Craig-Wood)--vfs-read-wait
to 20ms (it was 5ms and not configurable) (Nick Craig-Wood)df
output more consistent on a rclone mount. (Yves G)--local-no-sparse
flag for disabling sparse files (Nick Craig-Wood)rclone backend noop
for testing purposes (Nick Craig-Wood)rclone backend stats
command (Nick Craig-Wood)rclone backend decode
/encode
commands to replicate functionality of cryptdecode
(Anagh Kumar Baranwal)rcat
is now supported (Nick Craig-Wood)--azureblob-disable-checksum
flag (Nick Craig-Wood)InvalidBlobOrBlock
error as it may indicate block concurrency problems (Nick Craig-Wood)Object.parseTimeString()
(Lars Lehtonen)--header-upload
and --header-download
(Tim Gallant)largeUpload.clearUploadURL()
(Lars Lehtonen)--header-upload
and --header-download
(Tim Gallant)--drive-skip-shortcuts
(Nick Craig-Wood)rclone backend shortcut
command for creating shortcuts (Nick Craig-Wood)rclone backend
command to change service_account_file
and chunk_size
(Anagh Kumar Baranwal)--fast-list
and --drive-shared-with-me
(Nick Craig-Wood)--drive-shared-with-me
(Nick Craig-Wood)--drive-stop-on-upload-limit
to respond to teamDriveFileLimitExceeded
. (harry)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Nick Craig-Wood)ARCHIVE
storage class to help (Adam Stroud)--header-upload
and --header-download
(Tim Gallant)--jottacloud-trashed-only
(buengese)--header-upload
and --header-download
(Tim Gallant)RawURLEncoding
when decoding base64 encoded login token (buengese)--onedrive-server-side-across-configs
(Nick Craig-Wood)--header-upload
and --header-download
(Tim Gallant)quotaLimitReached
to be fatal (harry)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Nick Craig-Wood)rclone cleanup
remove pending multipart uploads older than 24h (Nick Craig-Wood)multiUploader.list()
(Lars Lehtonen)--header-upload
and --header-download
(Tim Gallant)--low-level-retries
as the number of SDK retries (Aleksandar Janković)session.New()
with session.NewSession()
(Lars Lehtonen)--s3-disable-checksum
(Nick Craig-Wood)--sftp-pem-key
to support inline key files (calisro)set_modtime=false
(Nick Craig-Wood)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Tim Gallant)--header-upload
and --header-download
(Nick Craig-Wood)--header-upload
and --header-download
(Tim Gallant)X-OC-Mtime
header for Transip compatibility (Nick Craig-Wood)about
(Yves G)--header-upload
and --header-download
(Tim Gallant)--backend-encoding
parameter (Nick Craig-Wood)
--max-duration
flag to control the maximum duration of a transfer session (boosh)--expect-continue-timeout
flag, default 1s (Nick Craig-Wood)--no-check-dest
flag for copying without testing the destination (Nick Craig-Wood)--order-by
flag to order transfers (Nick Craig-Wood)--password-command
to allow dynamic config password (Damon Permezel)--stdout
flag to write to stdout (Nick Craig-Wood)--base64
flag (landall)--no-mimetype
flag (Nick Craig-Wood)--one-way
recursing more directories than it needs to (Nick Craig-Wood)--vfs-cache-mode writes
(Nick Craig-Wood)--vfs-cache-modes writes
(Nick Craig-Wood)fatal error: concurrent map writes
(Nick Craig-Wood)--drive-stop-on-upload-limit
flag to stop syncs when upload limit reached (Nick Craig-Wood)--drive-use-shared-date
to use date file was shared instead of modified date (Garry McNulty)--fast-list
when using appDataFolder (Nick Craig-Wood)insufficient_space
errors as non retriable errors (Nick Craig-Wood)--opendrive-chunk-size
(Nick Craig-Wood)--s3-copy-cutoff
for size to switch to multipart copy (Nick Craig-Wood)--s3-list-chunk
option for bucket listing (Thomas Kriechbaumer)--sftp-skip-links
to skip symlinks and non regular files (Nick Craig-Wood)DropboxHash
and CRC-32
(Nick Craig-Wood)--auto-filename
flag for using file name from URL in destination path (Denis)--update
/-u
not transfer files that haven't changed (Nick Craig-Wood)--files-from without --no-traverse
doing a recursive scan (Nick Craig-Wood)--progress
work in git bash on Windows (Nick Craig-Wood)--size-only
and --ignore-size
together. (Nick Craig-Wood)--files-from
is in use (Michele Caci)--vfs-case-insensitive
for windows/macOS mounts (Ivan Andreev)unverified:
prefix on sha1 to improve interop (e.g. with CyberDuck) (Nick Craig-Wood)--drive-shared-with-me
from the root with lsand --fast-list
(Nick Craig-Wood)--http-no-head
to stop rclone doing HEAD in listings (Nick Craig-Wood)--sftp-ask-password
trying to contact the ssh agent (Nick Craig-Wood)--sftp-use-insecure-cipher
(Carlos Ferreyra)--progress
(Nick Craig-Wood)-u
/--update
with google photos / files of unknown size (Nick Craig-Wood)--compare-dest
& --copy-dest
(yparitcher)--suffix
without --backup-dir
for backup to current dir (yparitcher)config reconnect
to re-login (re-run the oauth login) for the backend. (Nick Craig-Wood)config userinfo
to discover which user you are logged in as. (Nick Craig-Wood)config disconnect
to disconnect you (log out) from the backend. (Nick Craig-Wood)--use-json-log
for JSON logging (justinalin)--ignore-checksum
(Nick Craig-Wood)--size-only
mode (Nick Craig-Wood)--baseurl
for rcd and web-gui (Chaitanya Bankanhal)--auth-proxy
(Nick Craig-Wood)--baseurl
(Nick Craig-Wood)--baseurl
(Nick Craig-Wood)--baseurl
(Nick Craig-Wood)--auth-proxy
(Nick Craig-Wood)--no-traverse
(buengese)--loopback
with rc/list and others (Nick Craig-Wood)--daemon-timout
to 15 minutes on macOS and FreeBSD (Nick Craig-Wood)--vfs-cache-mode minimal
and writes
ignoring cached files (Nick Craig-Wood)--local-case-sensitive
and --local-case-insensitive
(Nick Craig-Wood)--drive-trashed-only
(ginvine)--http-headers
flag for setting arbitrary headers (Nick Craig-Wood)--webdav-bearer-token-command
(Nick Craig-Wood)--webdav-bearer-token-command
(Nick Craig-Wood)--multi-thread-cutoff
and --multi-thread-streams
--ignore-case-sync
for forced case insensitivity (garry415)--stats-one-line-date
and --stats-one-line-date-format
(Peter Berbec)--no-check-certificate
(Stefan Breunig)--loopback
flag to run commands directly without a server (Nick Craig-Wood)--ftp-public-ip
flag to specify public IP (calistri)--private-repos
in serve restic
(Florian Apolloner)--backup-dir
(Nick Craig-Wood)--ignore-checksum
is in effect, don't calculate checksum (Nick Craig-Wood)--rc-serve
(Nick Craig-Wood)--drive-server-side-across-configs
to default back to old server-side copy semantics by default (Nick Craig-Wood)--drive-size-as-quota
to show storage quota usage for file size (Garry McNulty)--ftp-no-check-certificate
option for FTPS (Gary Kim)--s3-use-accelerate-endpoint
(Nick Craig-Wood)df
results so it can cope with -ve results (Nick Craig-Wood)--fast-list
for listing operations where it won't use more memory (Nick Craig-Wood)
ListR
dedupe
, serve restic
lsf
, ls
, lsl
, lsjson
, lsd
, md5sum
, sha1sum
, hashsum
, size
, delete
, cat
, settier
--disable ListR
to get old behaviour if required--files-from
traverse the destination unless --no-traverse
is set (Nick Craig-Wood)
--files-from
with Google drive and excessive API use in general.--max-transfer
(Nick Craig-Wood)--create-empty-src-dirs
flag and default to not creating empty dirs (ishuah)--ca-cert
/--client-cert
/--client-key
(Nick Craig-Wood)--suffix-keep-extension
for use with --suffix
(Nick Craig-Wood)--files-only
and --dirs-only
flags (calistri)rclone link
(Nick Craig-Wood)--stats-unit bits
is in effect (Nick Craig-Wood)src_last_modified_millis
(Nick Craig-Wood)--skip-checksum-gphotos
to ignore incorrect checksums on Google Photos (Nick Craig-Wood)--fast-list
eventual consistency (Nestar47)--ftp-concurrency
to limit maximum number of connections (Nick Craig-Wood)--http-no-slash
for websites with directories with no slashes (Nick Craig-Wood)--no-traverse
flag (Nick Craig-Wood)
--use-mmap
if having memory problems - not default yet--files-from
(Nick Craig-Wood)--use-cookies
for all HTTP based remotes (qip)--checksum
is set but there are no hashes available (Nick Craig-Wood)-l
short flag as it conflicts with the new global flag (weetmuts)--progress
crash under Windows Jenkins (Nick Craig-Wood)--dry-run
(Denis Skovpen)--vfs-cache-max-size
to limit the total size of the cache (Nick Craig-Wood)--dir-perms
and --file-perms
flags to set default permissions (Nick Craig-Wood)--dry-run
set (Nick Craig-Wood)--fast-list
flag-l
/--links
(symbolic link translation) (yair@unicorn)
link.rclonelink
- see local backend docs for more info-L
/--copy-links
--dump headers
, --tpslimit
, etc. (Nick Craig-Wood)--b2-disable-checksum
flag (Wojciech Smigielski)
--drive-pacer-min-sleep
and --drive-pacer-burst
to control the pacervfs/refresh
(Fabian Möller)--drive-impersonate
and appfolders (Nick Craig-Wood)--files-from
and non-existent files (Nick Craig-Wood)--qingstor-upload-concurrency
to 1 to work around bug (Nick Craig-Wood)--s3-upload-cutoff
for single part uploads below this (Nick Craig-Wood)--s3-upload-concurrency
default to 4 to increase performance (Nick Craig-Wood)--s3-bucket-acl
to control bucket ACL (Nick Craig-Wood)--swift-no-chunk
to disable segmented uploads in rcat/mount (Nick Craig-Wood)--rc-no-auth
flag--rc-files
flag to serve files on the rc http server
--rc
port is in use already--files-from
only read the objects specified and don't scan directories (Nick Craig-Wood)
--ignore-case
flag (Nick Craig-Wood)--json
flag for structured JSON input (Nick Craig-Wood)--user
and --pass
flags and interpret --rc-user
, --rc-pass
, --rc-addr
(Nick Craig-Wood)--progress
update the stats correctly at the end (Nick Craig-Wood)--dry-run
(Nick Craig-Wood)--volname
work for Windows and macOS (Nick Craig-Wood)--fast-list
handing of empty folders (albertony)+
and &
in (Nick Craig-Wood)--webdav-user
and --webdav-pass
flags work (Nick Craig-Wood)--log-format
flag for more control over log output (dcpu)--config
(albertony)--progress
on windows (Nick Craig-Wood)--azureblob-list-chunk
parameter (Santiago Rodríguez)--drive-import-formats
- google docs can now be imported (Fabian Möller)
--drive-v2-download-min-size
a workaround for slow downloads (Fabian Möller)--fast-list
support (albertony)--jottacloud-hard-delete
(albertony)--s3-v2-auth
flag (Nick Craig-Wood)--backup-dir
on union backend (Nick Craig-Wood)Point release to fix hubic and azureblob backends.
--progress
and --stats 0
(Nick Craig-Wood)--progress
/-P
flag to show interactive progress (Nick Craig-Wood)--stats-one-line
flag for single line stats (Nick Craig-Wood)--bwlimit
(Mateusz)--etag-hash
(Nick Craig-Wood)version --check
: Prints the current release and beta versions (Nick Craig-Wood)--delete-empty-src-dirs
flag to delete all empty dirs on move (ishuah)--daemon-timeout
flag for OSXFUSE (Nick Craig-Wood)--daemon
not working with encrypted config (Alex Chen)--local-no-unicode-normalization
is supplied (Nick Craig-Wood)--box-commit-retries
flag defaulting to 100 to fix large uploads (Nick Craig-Wood)--drive-keep-revision-forever
flag (lewapm)--fast-list
for large speedups (Fabian Möller)--fast-list
(Nick Craig-Wood)df
support). (Sebastian Bünger)--mega-hard-delete
flag (Nick Craig-Wood)--fast-list
(Nick Craig-Wood)--s3-force-path-style
(Nick Craig-Wood)storage_policy
(Ruben Vandamme)storage_url
or auth_token
can be overridden (Nick Craig-Wood)--files-from
work-around
--max-transfer
flag to quit transferring at a limit
--max-transfer
exceeded--one-way
flag (Kasper Byrdal Nielsen)--rc
port--absolute
flag to add a leading / onto path names--csv
flag for compliant CSV output--retries-sleep
flag (Benjamin Joseph Dag)--log-file
fixed for unix (Filip Bartodziej)--noappledouble
--noapplexattr
--volname
flag and remove special chars from it--daemon
work for macOS without CGO--vfs-read-chunk-size
and --vfs-read-chunk-size-limit
(Fabian Möller)-L
to your command line to copy files with reparse points/
in the path--drive-acknowledge-abuse
to download flagged files--drive-alternate-export
to fix large doc export--s3-upload-concurrency
(themylogin)--s3-chunk-size
which was always using the minimum--ssh-path-override
flag (Piotr Oleszczyk)make tarball
(Chih-Hsuan Yen)df
)--attr-timeout default
to 1s
- fixes:
df -i
(upstream fix).
and ..
from directory listing--s3-disable-checksum
to disable checksum uploading (Chris Redekop)lsf
: list for parsing purposes (Jakub Tasiemski)
serve restic
: for serving a remote as a Restic REST endpoint
rc
: enable the remote control of a running rclone
--max-delete
flag to add a delete threshold (Bjørn Erik Pedersen)cat
: Use RangeOption for limited fetches to make more efficientcryptcheck
: make reading of nonce more efficient with RangeOption--user
--pass
and --htpasswd
for authenticationcopy
/move
: detect file size change during copy/move and abort transfer (ishuah)cryptdecode
: added option to return encrypted file names. (ishuah)lsjson
: add --encrypted
to show encrypted name (Jakub Tasiemski)--stats-file-name-length
to specify the printed file name length for stats (Will Gunn)--backup-dir
don't delete files if we can't set their modtime
--backup-dir
serve http
: fix serving files with : in - fixes--exclude-if-present
to ignore directories which it doesn't have permission for (Iakov Davydov)--no-traverse
flag because it is obsolete--attr-timeout
flag to control attribute caching in kernel
--daemon
flag to allow mount to run in the background (ishuah)--vfs-cache-mode
writes and above
--vfs-cache-poll-interval=0
--cache-db-wait-time
flag--drive-impersonate
for service accounts
--drive-use-created-date
to use created date as modified date (nbuchanan)--drive-auth-owner-only
to look in all directories--sftp-ask-password
flag to prompt for password when needed (Leo R. Lundgren)set_modtime
configuration optionrcat
- read from standard input and stream uploadtree
- shows a nicely formatted recursive listingcryptdecode
- decode crypted file names (thanks ishuah)config show
- print the config fileconfig file
- print the config file locationsync
dedupe
- implement merging of duplicate directoriescheck
and cryptcheck
made more consistent and use less memorycleanup
for remaining remotes (thanks ishuah)--immutable
for ensuring that files don't change (thanks Jacob McNamee)--user-agent
option (thanks Alex McGrath Kraak)--disable
flag to disable optional features--bind
flag for choosing the local addr on outgoing connectionssync
check
obey --ignore-size
config
ensures newly written config is on the same mount--skip-links
to suppress symlink warnings (thanks Zhiming Wang)rcat
internals to support uploads from all remotes--fast-list
--drive-use-trash
to true
--b2-hard-delete
to permanently delete (not hide) files (thanks John Papandriopoulos)default
containerendpoint_type
config:
inrclone mount
to limit external apps--size-only
or --checksum
to avoid this--stats
flag--files-from
operations iterating through the source bucket.rclone check
shows count of hashes that couldn't be checkedrclone listremotes
commandAuthorization:
lines from --dump-headers
outputrclone move
command
rclone check
on crypted file systems-q
rclone mount
- FUSE
--no-modtime
, --debug-fuse
, --read-only
, --allow-non-empty
, --allow-root
, --allow-other
--default-permissions
, --write-back-cache
, --max-read-ahead
, --umask
, --uid
, --gid
--dir-cache-time
to control caching of directory entries-no-seek
flag to disable--acd-upload-wait-per-gb
-x
/--one-file-system
to stay on a single file system
.epub
, .odp
and .tsv
as export formats.rclone config
now goes through the wizard+
in them.X-Bz-Test-Mode
header.--max-size 0b
b
suffix so we can specify bytes in --bwlimit, --min-size, etc.-I, --ignore-times
for unconditional uploaddedupe
command
--dry-run
--dedupe-mode
for non interactive running
--dedupe-mode interactive
- interactive the default.--dedupe-mode skip
- removes identical files then skips anything left.--dedupe-mode first
- removes identical files then keeps the first one.--dedupe-mode newest
- removes identical files then keeps the newest one.--dedupe-mode oldest
- removes identical files then keeps the oldest one.--dedupe-mode rename
- removes identical files then renames the rest to be different.--size-only
flag.--size-only
.rclone config
adding more help and making it easier to understand-u
/--update
so creation times can be used on all remotes--low-level-retries
flag--no-gzip-encoding
--dry-run
setmove
command--log-file
delete
command to wait until all finished - fixes missing deletes.more than one upload using auth token
storage_url
in the config - thanks Xavier Lucasrclone authorize
delete
command which does obey the filters (unlike purge
)dedupe
command to deduplicate a remote. Useful with Google Drive.--ignore-existing
flag to skip all files that exist on destination.--delete-before
, --delete-during
, --delete-after
flags.--memprofile
flag to debug memory use.--include
rules add their implicit exclude * at the end of the filter list--drive-auth-owner-only
to only consider files owned by the user - thanks Björn Harrtell+
in.--dry-run
!--no-check-certificate
option to disable server certificate verificationrclone size
for measuring remotes--dump-headers
--drive-use-trash
flag so rclone trashes instead of deletesRclone doesn't currently preserve the timestamps of directories. This is because rclone only really considers objects when syncing.
Currently rclone loads each directory/bucket entirely into memory before using it. Since each rclone object takes 0.5k-1k of memory this can take a very long time and use a large amount of memory.
Millions of files in a directory tends to occur on bucket-based remotes (e.g. S3 buckets) since those remotes do not segregate subdirectories within the bucket.
Bucket based remotes (e.g. S3/GCS/Swift/B2) do not have a concept of directories. Rclone therefore cannot create directories in them which means that empty directories on a bucket based remote will tend to disappear.
Some software creates empty keys ending in /
as directory markers. Rclone doesn't do this as it potentially creates more objects and costs more. This ability may be added in the future (probably via a flag/option).
Bugs are stored in rclone's GitHub project:
Yes they do. All the rclone commands (e.g. sync
, copy
, etc.) will work on all the remote storage systems.
Sure! Rclone stores all of its config in a single file. If you want to find this file, run rclone config file
which will tell you where it is.
See the remote setup docs for more info.
This has now been documented in its own remote setup page.
Rclone can sync between two remote cloud storage systems just fine.
Note that it effectively downloads the file and uploads it again, so the node running rclone would need to have lots of bandwidth.
The syncs would be incremental (on a file by file basis).
Eg
rclone sync -i drive:Folder s3:bucket
You can use rclone from multiple places at the same time if you choose different subdirectory for the output, e.g.
Server A> rclone sync -i /tmp/whatever remote:ServerA
Server B> rclone sync -i /tmp/whatever remote:ServerB
If you sync to the same directory then you should use rclone copy otherwise the two instances of rclone may delete each other's files, e.g.
Server A> rclone copy /tmp/whatever remote:Backup
Server B> rclone copy /tmp/whatever remote:Backup
The file names you upload from Server A and Server B should be different in this case, otherwise some file systems (e.g. Drive) may make duplicates.
Rclone stores each file you transfer as a native object on the remote cloud storage system. This means that you can see the files you upload as expected using alternative access methods (e.g. using the Google Drive web interface). There is a 1:1 mapping between files on your hard disk and objects created in the cloud storage system.
Cloud storage systems (at least none I've come across yet) don't support partially uploading an object. You can't take an existing object, and change some bytes in the middle of it.
It would be possible to make a sync system which stored binary diffs instead of whole objects like rclone does, but that would break the 1:1 mapping of files on your hard disk to objects in the remote cloud storage system.
All the cloud storage systems support partial downloads of content, so it would be possible to make partial downloads work. However to make this work efficiently this would require storing a significant amount of metadata, which breaks the desired 1:1 mapping of files to objects.
No, not at present. rclone only does uni-directional sync from A -> B. It may do in the future though since it has all the primitives - it just requires writing the algorithm to do it.
Yes. rclone will follow the standard environment variables for proxies, similar to cURL and other programs.
In general the variables are called http_proxy
(for services reached over http
) and https_proxy
(for services reached over https
). Most public services will be using https
, but you may wish to set both.
The content of the variable is protocol://server:port
. The protocol value is the one used to talk to the proxy server, itself, and is commonly either http
or socks5
.
Slightly annoyingly, there is no standard for the name; some applications may use http_proxy
but another one HTTP_PROXY
. The Go
libraries used by rclone
will try both variations, but you may wish to set all possibilities. So, on Linux, you may end up with code similar to
export http_proxy=http://proxyserver:12345
export https_proxy=$http_proxy
export HTTP_PROXY=$http_proxy
export HTTPS_PROXY=$http_proxy
The NO_PROXY
allows you to disable the proxy for specific hosts. Hosts must be comma separated, and can contain domains or parts. For instance "foo.com" also matches "bar.foo.com".
e.g.
export no_proxy=localhost,127.0.0.0/8,my.host.name
export NO_PROXY=$no_proxy
Note that the ftp backend does not support ftp_proxy
yet.
This means that rclone
can't find the SSL root certificates. Likely you are running rclone
on a NAS with a cut-down Linux OS, or possibly on Solaris.
Rclone (via the Go runtime) tries to load the root certificates from these places on Linux.
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
So doing something like this should fix the problem. It also sets the time which is important for SSL to work properly.
mkdir -p /etc/ssl/certs/
curl -o /etc/ssl/certs/ca-certificates.crt https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
ntpclient -s -h pool.ntp.org
The two environment variables SSL_CERT_FILE
and SSL_CERT_DIR
, mentioned in the x509 package, provide an additional way to provide the SSL root certificates.
Note that you may need to add the --insecure
option to the curl
command line if it doesn't work without.
curl --insecure -o /etc/ssl/certs/ca-certificates.crt https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
Likely this means that you are running rclone on Linux version not supported by the go runtime, ie earlier than version 2.6.23.
See the system requirements section in the go install docs for full details.
This is caused by uploading these files from a Windows computer which hasn't got the Microsoft Office suite installed. The easiest way to fix is to install the Word viewer and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 and later versions' file formats
This happens when rclone cannot resolve a domain. Please check that your DNS setup is generally working, e.g.
# both should print a long list of possible IP addresses
dig www.googleapis.com # resolve using your default DNS
dig www.googleapis.com @8.8.8.8 # resolve with Google's DNS server
If you are using systemd-resolved
(default on Arch Linux), ensure it is at version 233 or higher. Previous releases contain a bug which causes not all domains to be resolved properly.
Additionally with the GODEBUG=netdns=
environment variable the Go resolver decision can be influenced. This also allows to resolve certain issues with DNS resolution. See the name resolution section in the go docs.
It is likely you have more than 10,000 files that need to be synced. By default rclone only gets 10,000 files ahead in a sync so as not to use up too much memory. You can change this default with the --max-backlog flag.
Rclone is written in Go which uses a garbage collector. The default settings for the garbage collector mean that it runs when the heap size has doubled.
However it is possible to tune the garbage collector to use less memory by setting GOGC to a lower value, say export GOGC=20
. This will make the garbage collector work harder, reducing memory size at the expense of CPU usage.
The most common cause of rclone using lots of memory is a single directory with thousands or millions of files in. Rclone has to load this entirely into memory as rclone objects. Each rclone object takes 0.5k-1k of memory.
This is free software under the terms of MIT the license (check the COPYING file included with the source code).
Copyright (C) 2019 by Nick Craig-Wood https://www.craig-wood.com/nick/
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
{{< rem email addresses removed from here need to be addeed to bin/.ignore-emails to make sure update-authors.py doesn't immediately put them back in again.
>}}
Forum for questions and general discussion:
The project's repository is located at:
There you can file bug reports or contribute with pull requests.
You can also follow me on twitter for rclone announcements:
Or if all else fails or you want to ask something private or confidential email Nick Craig-Wood. Please don't email me requests for help - those are better directed to the forum. Thanks!