FirebirdSQL logo
  • Anglaiskeyboard_arrow_down
  • Search

Speeding up the Backup

There are a couple of tricks you can use to speed up the backup.The first is to prevent the garbage collection from being carried out while the backup is running.Garbage collection clears out old record versions that are no longer required and this is usually covered by a sweep — manual or automatic — or by a full table scan of any affected table.As gbak accesses all rows in the tables being backed up, it too will trigger the garbage collection and, if there have been a lot of updates, can slow down the backup.To prevent garbage collection during the backup, use the -⁠g[arbage_collect] option.

tux> gbak -backup -garbage_collect employee /backups/employee.fbk

The second option is to backup the database using the -⁠se[rvice] option.Although this is used to perform remote backups, it can be used locally as well.Using this option can help speed up your backups.It simply avoids the data being copied over the TCP network which can slow down the actions of the backup.

tux> gbak -backup -service tux:service_mgr employee /backups/employee.fbk

The example above backs up the employee database, on the tux server, "remotely" using the service manager.The tux server is, of course, where the command is running, so it isn’t really running remotely at all.

You can, of course, combine the -⁠g[arbage_collect] and -⁠se[rvice] options.

Restore Mode

Backups taken with the gbak application from one version of Firebird can be used by later versions of Firebird to restore the database, however, while this may result in an upgrade to the On-Disk Structure (ODS) for the database in question, the SQL Dialect will never be changed.If you backup a Firebird 1.0 dialect 1 database and then use the backup file to recreate it under Firebird 2.1, for example, the ODS will be updated to 11.1 but the SQL dialect will remain as 1.

Important

Always restore the database with the version of gbak supplied with the database server you wish to run the (new) database under.However, gbak from Firebird 2.1 can be used to restore a database onto any version of Firebird.

You can, if you wish, change the SQL dialect using gfix.

Under normal circumstances, restoring a database takes place as a single transaction.If the restore is successful, a commit at the end makes the data permanent, if not, the database will be empty at the end.

The restore option -⁠o[ne_at_a_time] will use a transaction for each table and if the table is restored with no errors, a commit is executed rendering that table permanent regardless of what happens with subsequent tables.

docnext count = 26

Restore Or Recreate?

Should a database be restored or replaced?Restoring a database is the process by which you take the existing file and delete prior to replacing it on disk with a backup copy.Gbak does this when you specify the -⁠r[ecreate_database] o[verwrite] switch or the -⁠rep[lace_database] switch.What is the difference?

If a database exists on disk, and you ask gbak to restore it using one of the two switches above, you might corrupt the database especially if the database is in use and has not been shut down using gfix.In addition, if you have only partially completed the restore of a database, and some users decide to see if they can log in, the database may well be corrupted.

Finally, if the restore process discovers that the backup file is corrupt, the restore will fail and your previously working database will be gone forever.

It can be seen that restoring a database can be a fraught experience.

For security, always recreate the database with a new name — a clone — and update the aliases.conf to reflect the new name.This way, your users will always refer to the database by the alias regardless of the actual filename on the server.

Malformed String Errors During Restores

During a restore operation, most likely when restoring a backup taken using an older gbak version, it is possible to see failure messages, in gbak's output, indicating malformed Unicode strings.The reason that these may occur is as explained by Helen Borrie:

The source text of stored procedures (and several other types of object, such as CHECK constraints) is stored in a blob, as is the "compiled" BLR code.When you restore a database, the BLR is not recreated: the same BLR is used until next time you recreate or alter the object.

Historically, the engine did not do the right thing regarding the transliteration of strings embedded in the source and the BLR.In v.2.1 and 2.5 a lot of work was done to address the international language issues, as you probably know.A side effect of this was that everything that was read from data and meta data became subject to "well-formedness" checks.Hence, on restoring, those previously stored source and BLR objects are throwing "malformed string" errors when gbak tries to read and write the data in these system table records.This very old bug affects user blobs, too, if they have been stored using character set NONE and the client is configured to read a specified character set to which the stored data could not be transliterated.

In v.2.1 there were scripts in ../misc that you could run to repair the meta data blobs and also use as a template for repairing the similar errors in blobs in your user data.The repair switches were added to the gbak restore code in v.2.5 to do the same corrections to meta data and data, respectively, during the process of restoring a database for upgrade.

Speeding up the Restore

The restoration of a database, from a backup, can be made to execute quicker if the -⁠se[rvice] option is used.Although this is used to perform remote restores, it can be used locally as well.It simply avoids the data being copied over the TCP network which can slow down the actions of the restore.

tux> gbak -r o -service tux:service_mgr /backups/employee.fbk employee

The example above backs up the employee database, on the tux server, "remotely" using the service manager.The tux server is, of course, where the command is running, so it isn’t really running remotely at all.

Security Of Backups

As you have seen above, anyone, with a valid username and password, can restore a gbak database backup file provided that they are not overwriting an existing database (in Firebird 3.0 and higher, they will also need the CREATE DATABASE DDL privilege).This means that your precious data can be stolen and used by nefarious characters on their own servers, to create a copy of your database and see what your sales figures, for example, are like.

To try and prevent this from happening, you are advised to take precautions.You should also prevent backups from being accidentally overwritten before they have expired.Some precautions you can take are:

  • Always set the backup file to be read-only after the backup is complete.This helps prevent the file from being overwritten.

  • Alternatively, incorporate the date (and time) in your backup filenames.

  • Keep backups in a safe location on the server.Storing backups in a location with restricted access helps reduce the chances of your backup files 'escaping' into the wild.

  • Keep tape copies of your backups very secure.A locked safe or off-site location with good security is advisable.The off-site location will also be of use after a total disaster as the backups are stored in a separate location to the server they are required on.

  • Backup to a partition or disk that has encryption enabled.

  • Encrypt the backup file — supported by Firebird 4.0 and higher.

  • Make sure that only authorised staff have access to areas where backups are kept.

  • Always test your backups by cloning a database from a recent backup.

In Firebird 2.1, there is an additional security feature built into gbak and all the other command-line utilities.This new feature automatically hides the password if it is supplied on the command line using the -⁠password switch.Gbak replaces the password with spaces — one for each character in the password.This prevents other users on the system, who could run the ps command and view your command line and parameters, from viewing any supplied password.In this manner, unauthorised users are unable to obtain the supplied password.

tux> gbak -b -user SYSDBA -passw secret employee /backups/employee.fbk
tux> ps efx| grep -i gba[k]
20724 ... gbak -backup -user SYSDBA -passw           employee employee.fbk
... (lots more data here)

You can see from the above that the password doesn’t show up under Firebird 2.1 as each character is replaced by a single space.This does mean that it is possible for someone to work out how long the password could be and that might be enough of a clue to a dedicated cracker.Knowing the length of the required password does make things a little easier, so for best results use a random number of spaces between -⁠passw and the actual password.The more difficult you make things for the bad people on your network, the better.

Backup & Restore Recipes

The following recipes show examples of backup and restore tasks using gbak.These are probably the commonest cases that you will encounter as a DBA.All the examples use the employee database supplied with Firebird and the actual location is correctly configured in aliases.conf.

Each of the following recipes is run with the assumption that the environment variables ISC_USER and ISC_PASSWORD have been given suitable values.If you don’t have these set, you will need to supply the appropriate options [gbak-cmdline-user] and [gbak-cmdline-password], or [gbak-cmdline-trusted] — Windows-only, on the commandline.

Backup & Restore Prerequisites

If you replace an open and running database, there is a good chance that you will corrupt it.For best results and minimal chance of corrupting a database, you should close it before replacing it.To close a database, use gfix as follows:

tux> gfix -shut -tran 60 employee

The example above prevents any new transaction from being started which prevents new queries being executed or new sessions connecting to the database.It will wait for up to 60 seconds for everyone to logout and for all current transactions to complete before shutting down the database.If any long-running transactions have not completed by the end of 60 seconds, the shutdown will timeout and the database will remain open.

Note

After the restore of the database has completed, the database will automatically be opened again for use.

Backup & Restore With & Without Shadow Files.

Databases can have shadow files attached in normal use.Gbak happily backs up and restores those as well and in normal use, shadow files will be recreated.Should you wish to restore the database only and ignore the shadows, gbak can do that for you as the following example shows.

tux> # Check current shadows, use isql as gstat is broken.
tux> isql employee

Database:  employee
SQL> show database;
Database: employee
        Owner: SYSDBA
 Shadow 1: "/opt/firebird/shadows/employee.shd1" manual
 Shadow 2: "/opt/firebird/shadows/employee.shd2" manual
...

SQL> quit;

tux> # Restore the database preserving shadow files.
tux> gfix -shut -tran 60 employee
tux> gbak -recreate overwrite /backups/employee.fbk employee

tux> # Check shadows again, use isql as gstat is broken.
tux> isql employee

Database:  employee
SQL> show database;
Database: employee
        Owner: SYSDBA
 Shadow 1: "/opt/firebird/shadows/employee.shd1" manual
 Shadow 2: "/opt/firebird/shadows/employee.shd2" manual
...

SQL> quit;


tux> # Restore the database killing shadow files.
tux> gfix -shut -tran 60 employee
tux> gbak -recreate overwrite -kill /backups/employee.fbk employee

tux> # Check shadows again, use isql as gstat is broken.
tux> isql employee

Database:  employee
SQL> show database;
Database: employee
        Owner: SYSDBA
...

SQL> quit;
Note

I use isql in the above examples as gstat -⁠h seems to get confused about how many shadows there are on a database.It reports zero when there are two, eventually it catches up and reports that there are two, then, if you kill a shadow, it reports that there are now three!

Remote Backups & Restores

Firebird’s gbak utility can make backups of a remote database.To do this, you need to connect to the service manager running on the remote server, this is normally called service_mgr.The following example shows the Firebird employee database on server tuxrep being backed up from the server tux.The backup will be written to the remote server, in other words, the backup file will be created on the tuxrep server and not on the tux one.The network protocol in use is TCP.

tux> # Backup the reporting database on remote server tuxrep.
tux> gbak -backup -service tuxrep:service_mgr employee /backups/remote_backup.fbk

The backup file will have the same owner and group as the Firebird database server — on Unix systems at least.

It is also possible to restore a remote database in this manner as well, and gbak allows this.

tux> # Restore the read-only reporting database on remote server tuxrep.
tux> gbak -r o -mode read_only -service tuxrep:service_mgr \
            /backups/remote_backup.fbk employee
Note

The above example uses the handy Unix ability to split a long line over many shorter ones using a backslash as the final character on the line.

As ever, you are advised to beware of replacing a database in case there are problems during the restore.The example above recreates the existing database in read-only mode but this need not always be the case.

A remote backup can also be run on the database server itself!On Windows, this makes no difference, but on Unix systems, this local-remote method of backups and restores reduces network traffic.The 'remote' server, in this case, is not actually remote it is just the method of running the backup — connecting to the service manager — that implies remoteness.

tux> # Backup the employee database on this server, but pseudo-remotely!
tux> gbak -backup -service tux:service_mgr employee /backups/remote_backup.fbk

And corresponding restores can also be run 'remotely':

tux> # Restore the employee database on this server, but pseudo-remotely!
tux> gbak -r o -service tux:service_mgr /backups/remote_backup.fbk employee

The format of the parameter used for the -⁠service switch is different according to the nature of the network protocol and the connection string in use:

TCP

Legacy connection string: <hostname>[/<port>]:service_mgr
Firebird 3.0 and higher connection strings:

# TCP/IP (v4 and v6)
inet://[<hostname>[:<port]]/service_mgr
# TCP/IP (v4 only)
inet4://[<hostname>[:<port]]/service_mgr
# TCP/IP (v6 only)
inet6://[<hostname>[:<port]]/service_mgr

If port is not specified, port 3050 is used.If hostname is not specified, localhost is used.It is not possible to specify a port without hostname.

To use a IPv6 IP address it must be enclosed in square brackets (e.g. inet://[::1]/service_mgr).

XNET

Legacy connection string: service_mgr (this may also use TCP/IP to localhost instead)
Firebird 3.0 and higher connection string: xnet://service_mgr

XNET is only supported on Windows.

Named pipes/WNET

Legacy connection string: \\<hostname>[@<port>]\service_mgr
Firebird 3.0 and 4.0 connection string: wnet://[<hostname>[:<port>]]/service_mgr

Support for named pipes (a.k.a. WNET) was removed in Firebird 5.0, and in earlier versions only available on Windows.

Note

Since Firebird 4.0, the service_mgr name is no longer required and may now be left out of the connection string.

That means that the minimum connection strings to use the service manager are now:

  • . or effectively anything that is not interpreted as one of the other connection strings (using XNET or TCP/IP)

  • xnet://

  • inet://, inet4://, inet6::// (using localhost)

  • wnet:// (using localhost)

Be aware that not specifying a value for [gbak-cmdline-service] is not possible.If the commandline has any other options or values after -⁠se, this will be silently ignored and instead consume the next commandline option as its value, effectively ignoring that value.

Remote Backups and Restores Using SSH

As shown above, you can use the special filenames stdin and stdout to backup and restore a database to a separate database on the same server.However, you can also use the same tools, over an SSH connection to a remote server, and pass the backup of one database directly to a restoration of a separate one.

The first example copies a local database to a remote server where Firebird is running and the firebird user has its environment set up so that the gbak tool is on $PATH by default, on login.

Note

In each of the following examples, the -⁠user sysdba and -⁠password whatever parameters on the command lines have been replaced by {...}.When executing these commands, any remote gbak commands will require to have them specified unless the firebird user on the remote database(s) has ISC_USER and ISC_PASSWORD defined in the .profile or .bashrc (or equivalent) login files.However, that is a seriously bad idea and incredibly insecure.

 
tux> # Clone a test database to a different server, without requiring a backup file.
tux> gbak -backup employee stdout | \
ssh firebird@tuxrep "gbak {...} -r o stdin emptest"

When the above is executed, you will be prompted for a password for the remote firebird user on server tuxrep, assuming that you don’t have a proper SSH key-pair already set up and active.The command will replace the local database according to the alias name emptest, but you can, if required, supply full path names for the databases.The following shows an example of the above being executed.

tux> # Clone a test database to a different server, without requiring a backup file.
tux> gbak -backup employee stdout | \
ssh firebird@tuxrep "gbak {...} -r o stdin emptest"

firebird@tuxrep's password:

As you can see, there’s not much in the way of output, but you can connect remotely and check:

tux> isql {...} tuxrep:emptest

Database:  tuxrep:emptest

SQL> show database;

Database: tuxrep:emptest
        Owner: SYSDBA
PAGE_SIZE 4096
...

The next example, shows a remote database being backed up to a local one, in a similar manner.

tux> ssh firebird@tuxrep "gbak -backup {...} emptest stdout" | \
gbak -create stdin data/tuxrep_emptest.fdb

firebird@tuxrep's password:

tux> ls data

employee.fdb  tuxrep_emptest.fdb

You can see that a new tuxrep_emptest.fdb database has been created.Does it work?Checking with isql shows that it does.

tux> isql data/tuxrep_emptest.fdb

Database:  data/tuxrep_emptest.fdb

SQL> quit;

The final example shows how to backup a remote database on one server, to a remote database on another.

tux> ssh firebird@tuxrep "gbak -backup {...} emptest stdout" |  \
ssh firebird@tuxqa "gbak -create {...} stdin data/tuxrep_empqa.fdb"

firebird@tuxrep's password:
firebird@tuxqa's password

tux> ssh firebird@tuxqa "ls data"

employee.fdb  tuxrep_empqa.fdb

Using External Tools

Gbak and nbackup are the best tools to use when backing up and/or restoring Firebird databases.They have been extensively tested and know the internals of the database and how it works, so the chances of these tools corrupting your valuable data are very slim.However, some DBAs still like to use external tools (those not supplied with Firebird) to make backups for whatever reason.

Because it is not possible for external tools to know where a database is to be found, given the alias name, the scriptwriter and/or DBA must explicitly find out the correct location of the database file(s) and supply these to the external tool.To make this simpler for scriptwriters, my own installation uses a standard in my aliases.conf file as follows:

  • The database alias must start in column one.

  • There must be a single space before the equals sign (=).

  • There must be a single space after the equals sign (=).

  • Double quotes around the database filename is not permitted — it doesn’t work for the Firebird utilities either.

  • Databases are all single file databases.

The last rule applies to my installation only and means that the following simple backup script will work.If multiple file databases were used, more coding would be required to take a backup using external tools.

tux> cat /opt/firebird/aliases.conf
# ---------------------------------------------------------
# WARNING: Backup Standards require that:
#          The database name starts in column 1.
#          There is a single space before the equals sign.
#          There is a single space after the equals sign.
#          The path has no double quotes (they don't work!)
# ----------------------------------------------------------
employee = /opt/firebird/examples/empbuild/employee.fdb

The following shows the use of the gzip utility on a Linux server to take and compress a backup of a running database.The following is run as the root user due to the requirement to run gfix to shut down the database.

tux> # Backup the production employee database using gzip.
tux> gfix -shut -tran 60 employee
tux> DBFILE=`grep -i "^employee =" /opt/firebird/aliases.conf | cut -d" " -f3`
tux> gzip -9 --stdout $DBFILE > /backups/employee.fdb.gz

The restore process for this database would be the reverse of the above.Again, the following runs as root.

tux> # Restore the production employee database from a gzip backup.
tux> gfix -shut -tran 60 employee
tux> DBFILE=`grep -i "^employee =" /opt/firebird/aliases.conf | cut -d" " -f3`
tux> gunzip --stdout /backups/employee.fdb.gz > $DBFILE

tux> # Make sure firebird can see the file.
tux> chown firebird:firebird $DBFILE

A Simple Backup & Restore

This example takes a backup, then immediately overwrites the original database using the new backup.This is not normally a good idea as the first action of the -⁠recreate overwrite is to wipe out the database.

tux> # Backup the database.
tux> gbak -backup employee /backups/employee.fbk

tux> # Restore the database.
tux> gfix -shut -tran 60 employee
tux> gbak -recreate overwrite /backups/employee.fbk employee

Metadata Only

It is possible to use gbak to recreate an empty database containing only the various domains, tables, indices and so on, of the original database but none of the data.This can be useful when you have finished testing your application in a test environment and wish to migrate the system to a production environment, for example, but starting afresh with none of your test data.

tux> #Backup only the database metadata.
tux> gfix -shut -tran 60 employee
tux> gbak -backup -meta_data employee employee.meta.fbk

When the above backup file is restored on the production server, only the metadata will be present.

There is another way to create a database with no data and only the metadata.Simply restore from an existing backup which contains the data and supply the [gbak-cmdline-meta-data] switch to the restore command line.The database will be restored but none of the original data will be present.

tux> #Restore only the database metadata.
tux> gbak -create employee.fbk mytest.fdb -meta_data

The [gbak-cmdline-meta-data] switch can be used on either a backup or a restore to facilitate the creation of a clone database (or overwrite an existing one) with no actual data.

Splitting The Backup

The gsplit filter application, documented in its own manual, doesn’t actually work anymore.This filter was supplied with old versions of InterBase and Firebird to allow large database backups to be split over a number of files so that file system limits could be met.Such limits could be the size of a CD, the 2GB limit on individual file sizes on a DVD, where some Unix file systems have a 2 GB limit and so on.

Gbak allows the backup files to be split into various sizes (with a minimum of 2048 bytes) and will only create files it needs.

tux> # Backup the database to multiple files.
tux> gbak -backup employee /backups/emp.a.fbk 600m /backups/emp.b.fbk 600m

The sizes after each filename indicate how large that particular file is allowed to be.The default size is bytes, but you can specify a suffix of k, m or g to use units of kilo, mega or gigabytes.

If the backup completes before writing to some files, then those files are not created.A backup file is only ever created when it must be.

The size of the final backup file will be quietly ignored if the database has grown too large to allow a truncated backup to complete.If, in the example above, the backup needs a total of 1500M, then the last file would be written to a final size of 900m rather than the 600m specified.

To restore such a multi-file backup requires that you specify all filenames in the backup and in the correct order.The following example shows the employee database above being restored from the two files backed up above:

tux> # Restore the database from multiple files.
tux> gfix -shut -tran 60 employee
tux> gbak -r o /backups/employee.a.fbk /backups/employee.b.fbk employee

Changing The ODS

Normally the ODS used is the one in force by the version of Firebird used to restore the database.So, the examples above will actually change the ODS when the database is restored.The backup should be taken using the gbak utility supplied by the old ODS version of Firebird.The restore should be carried out using gbak from the newer version of Firebird.

tux> setenv_firebird 2.0
Firebird environment set for version 2.0.

tux> # Check current ODS version (as root user!)
tux> gstat -h employee|grep ODS
        ODS version             11.0

tux> # Backup the (old) database.
tux> gbak -backup employee /backups/employee.2_0.fbk

tux> setenv_firebird 2.1
Firebird environment set for version 2.1.

tux> # Recreate the database and upgrade the ODS.
tux> gfix -shut -tran 60 employee
tux> gbak -r o /backups/employee.2_0.fbk employee

tux> # Check new ODS version (as root user!)
tux> gstat -h employee|grep ODS
        ODS version             11.1

After the above, the old 2.0 Firebird database will have been recreated — wiping out the old database — as a Firebird 2.1 database with the corresponding upgrade to the ODS from 11.0 to 11.1.

The script setenv_firebird is not supplied with Firebird and simply sets PATH, etc., to use the correct version of Firebird as per the supplied parameter.

Changing The Cache Size

The default database cache (page buffer) is set when the database is created, or subsequently by using gfix -⁠b[uffers] <number-of-pages>.Gbak can restore a database and set the default cache size as well.The process is as follows:

tux> # Check current cache size (as root user!)
tux> gstat -h employee | grep -i buffer
        Page buffers            0

tux> # Restore the database & change the cache size.
tux> gfix -shut -tran 60 employee
tux> gbak -r o -buffer 200 /backups/employee.fbk employee

tux> # Check the new cache size (as root user!)
tux> gstat -h employee | grep -i buffer
        Page buffers            200

The default cache size is used when the number of buffers is zero, as in the first example above.Gbak allows this to be changed if desired.Gbak, however, cannot set the cache size back to zero.You must use gfix to do this.

Changing The Page Size

Similar to the example above to change the default database cache size, the database page size can also be changed using gbak.

tux> # Check current page size (as root user!)
tux> gstat -h employee | grep -i "page size"
        Page size               4096

tux> # Restore the database & change the page size.
tux> gfix -shut -tran 60 employee
tux> gbak -r o -page_size 8192 /backups/employee.fbk employee

tux> # Check the new page size (as root user!)
tux> gstat -h employee | grep -i "page size"
        Page size               8192

Creating A Read-Only Database Clone

Sometimes you do not want your reporting staff running intensive queries against your production database.To this end, you can quite easily create a clone of your production database on a daily basis, and make it read-only.This allows the reporting team to run as many intensive reports as they wish with no ill effects on the production database, and it prevents them from inadvertently making changes.

The following example shows the production employee database running on Linux server tux, being cloned to the reporting team’s Linux server named tuxrep.First on the production tux server:

tux> # Backup the production database.
tux> gbak -backup employee /backups/employee.fbk

Then on the reporting team’s tuxrep server:

tuxrep> # Scp the backup file from tux.
tuxrep> scp fbuser@tux:/backups/employee.fbk ./
Using keyboard-interactive authentication.
Password:
employee.fbk              |         19 kB |  19.3 kB/s | ETA: 00:00:00 | 100%

tuxrep> # Restore the employee database as read-only.
tuxrep> gfix -shut -tran 60 employee
tuxrep> gbak -r o -mode read_only employee.fbk employee

tuxrep> # Check database mode (as root user)
tuxrep> gstat -h employee|grep -i attributes
        Attributes              no reserve, read only

Creating a Database Clone Without a Backup File.

You may use gbak to create a clone of a database, on the same server, without needing to create a potentially large backup file.To do this, you pipe the output of a gbak backup directly to the input of a gbak restore, as follows.

tux> # Clone a test database to the same server, without requiring a backup file.
tux> gbak -backup emptest stdout | gbak -r o stdin emptest_2

You will notice that the output filename for the backup is stdout and the input filename for the restore is stdin.This ability to pipe standard output of one process to the standard input of another, is how you can avoid creating an intermediate backup file.The commands above assume that there are suitable alias names set up for both emptest and emptest_2.If not, you will need to supply the full path to the two databases rather than the alias.

The -⁠r o option on the restore process will overwrite the database name specified — as an alias or as a full path — if it exists and will create it anew if it doesn’t.

If you don’t want to overwrite any existing databases, use [gbak-cmdline-create-database] which will only create a database if it doesn’t already exist, and will exit with an error if it does.In POSIX compatible systems, the error code in $? is 1 in this case.

Further examples of backing up and restoring remote databases over ssh, using the stdin and stdout filenames, can be seen below.

Gbak Caveats

The following is a brief list of gotchas and funnies that I have detected in my own use of gbak.Some of these are mentioned above, others may not be.By collecting them all here in one place, you should be able to find out what’s happening if you have problems.

Gbak Default Mode

If you do not specify a mode switch such as -⁠b[ackup] or -⁠c[reate] etc, then gbak will perform a backup as if the -⁠b[ackup] switch had been specified — provided that the other switches specified are correct for a backup.

Warning

This detection of whether you are attempting a backup or a restore means that if you use the -⁠z command line switch to view gbak information, then you will create a backup — and in Firebird 1.5 and older, overwrite the backup file you supply — if the command line also has a database name and a backup filename present.This assumes that there is a way for gbak to determine the username and password to be used — either as command line parameters or via defined environment variables.

Normal Versus Privileged Users

Only a SYSDBA, a user with the RDB$ADMIN role, the owner of a database, or a user with the USE_GBAK_UTILITY system privilege can take a backup of the database.However, any authenticated user can restore a database backup using the -⁠c[reate] switch (in Firebird 3.0 and higher, this user will need the CREATE DATABASE DDL privilege).This means that you must make sure you prevent your backup files from falling into the wrong hands because there is nothing then to stop unauthorised people from seeing your data by the simple process of restoring your backups onto their server.

The database restore will fail, of course, if the user carrying it out is not the database owner and a database with the same filename already exists.

Silent Running?

The -⁠y suppress_output switch is supposed to cause all output to be suppressed.Similar in fact to running with -⁠v[erify] not specified.However, all it seems to do is cause the output (according to the -⁠v[erify] switch setting) to be written to a file called suppress_output, however this only works once because the next run of gbak with -⁠y suppress_output will fail because the file, suppress_output, already exists.

It is possible that this problem was introduced at version 2 for Firebird, because both 2.0 and 2.1 versions actually use the -⁠y suppress switch rather then -⁠y suppress_output.Using this (shorter) option does work as intended and the output is indeed suppressed.

Gbak Log File Cannot Be Overwritten

If you specify a log filename with the -⁠y <log file> switch, and the file already exists, then even though the firebird user owns the file, and has write permissions to it, gbak cannot overwrite it.You must always specify the name of a log file that doesn’t exist.On Linux systems, the following might help:

tux> # Generate unique backup and log filename.
tux> FILENAME=employee_`date "+%Y%m%d_%H%M%S"`

tux> # Shut down and Backup the database
tux> gfix -shut -tran 60 employee
tux> gbak -backup employee /backups/${FILENAME}.fbk -y /logs/${FILENAME}.log -v

The above is quite useful in as much as it prevents you from overwriting previous backups that may be required.The downside is that you now need to introduce a housekeeping system to tidy away old, unwanted backups to prevent your backup area filling up.

Use of stdin or stdout Filenames

Gbak recognizes the literal strings stdin and stdout as source or destination filenames.In POSIX systems, when the standard input and/or standard output channels are used, it is not permitted to execute seek operations on these channels.Using stdin or stdout as filenames with gbak will force gbak to use processing that will not seek on the input or output channels, making them suitable for use in pipes — as per the examples in the recipes section above.

These filenames, while they appear to be POSIX names, are definitely not synonyms for /dev/stdin or /dev/stdout, they are simply literals that gbak checks for while processing its parameters.Do not attempt to use names /dev/stdin or /dev/stdout in a piped process as it will most likely fail.

If you wish to create a backup file actually named either stdin or stdout, then you should specify the filename as a full, or relative, path name such as ./stdin or ./stdout, which causes gbak to treat them as a literal filename rather than a special filename that causes different to normal processing during the backup or restore process.

Document history

The exact file history is recorded in the firebird-documentation git repository; see https://github.com/FirebirdSQL/firebird-documentation

Revision History

1.18

17 Apr 2024

MR

Moved and reworded -NODBTRIGGERS as it is a backup switch, not a restore switch (#207)

1.17

2 Apr 2024

MR

Protocol names are lowercase (#205)

1.16

24 Feb 2024

MR

Fixed rendering issue with -⁠INCLUDE[_DATA] syntax

1.15

24 Feb 2024

MR

Include gbak name in the document title, making it the same as on https://firebirdsql.org/en/reference-manuals/

1.14

17 Feb 2024

MR

  • Fix wrong rendering due to wrong double quotes

  • -⁠STATISTICS also displayed for -⁠VERBINT

  • -⁠USER cannot be abbreviated to -⁠U

  • Added notes on -⁠REPLICA vs -⁠MODE

  • Added word-joiner in commandline switches between minus (-) and first character to ensure they aren’t broken up on word wrap

  • Add links from usage instruction to relevant sections

1.13

16 Feb 2024

MR

  • Reordered document history so most recent changes are on the top

  • Some copy-editing and formatting of the document history

  • Added common options added in Firebird 3.0, 4.0, and 5.0, and some from 2.5 that weren’t documented yet (documented with minimal information, will be expanded later)

  • Removed common options repeated with "see above" in the backup and restore options

  • Reordered restore options to put the main restore options (-⁠CREATE_DATABASE and -⁠RECREATE_DATABASE [OVERWRITE]) first

  • Misc. copy-editing of commandline options

  • Convert commandline options from definition lists to sections

  • Replaced usage of -⁠REPLACE_DATABASE (or its abbreviations) in examples with -⁠RECREATE_DATABASE OVERWRITE (or abbreviations)

  • Added more information on -⁠CRYPT, -⁠DIRECT_IO, -⁠KEYHOLDER, -⁠KEYNAME, -⁠PARALLEL, -⁠REPLICA, -⁠VERBINT

1.12

18 Jun 2020

MR

Conversion to AsciiDoc, minor copy-editing

1.11

1 May 2013

ND

A correction to the above change to the -⁠use_[all_space] command line switch — it affects all subsequent pages as well as the ones created during the restore.

1.10

1 May 2013

ND

Slight update to the -⁠use_[all_space] command line switch, to explain how it works in a more understandable manner.

1.9

11 Apr 2013

ND

  • A section has been added to explain how to speed up your backups.

  • A note has been added to the -⁠service option to explain that it’s use is not restricted to remote databases.

  • Syntax errors in some examples corrected.

1.8

14 Jan 2013

ND

Further updates to document the use of the stdin and stdout filenames in backups and restores.A section has been added to Gbak Caveats giving more in depth detail about these two special filenames.

1.7

11 Jan 2013

ND

  • Updated to document the use of the stdin and stdout filenames in backups and restores, which allow backups to be written to or read from standard input and standard output.

  • A section was added on the use of the above to clone databases without requiring an intermediate backup file.

  • An additional section was also added to show how — using the above in conjunction with SSH — backup and/or restore operations could be carried out on databases where one or both of the databases in question, are remote.

  • A few minor formatting errors, URLs and some examples were corrected.

  • Also added an example of a metadata only backup and restore.

1.6

11 Oct 2011

ND

*Updated to cover Firebird 2.5 changes.* Corrected description of -⁠g[arbage_collect] switch.* Lots of spelling mistakes corrected.

1.5

31 Mar 2011

ND

Updated the -⁠z option to indicate that it does carry out a backup.

1.4

09 Aug 2010

ND

Noted that gbak defaults to running a backup or recover according to the first filename parameter supplied.

1.3

24 Jun 2010

ND

Added a bit more details to the -⁠o[ne_at_a_time] restore option to explain transactions.

1.2

24 Nov 2009

ND

Corrected the section on -⁠y Suppress_output plus corrected the formatting of various screen dumps.They had been reformatted as text at some point.

1.1

20 Oct 2009

ND

More minor updates and converted to a standalone manual.

1.0

10 Oct 2009

ND

Created as a chapter in the Command Line Utilities manual.

License notice

The contents of this Documentation are subject to the Public Documentation License Version 1.0 (the “License”); you may only use this Documentation if you comply with the terms of this License.Copies of the License are available at https://www.firebirdsql.org/pdfmanual/pdl.pdf (PDF) and https://www.firebirdsql.org/manual/pdl.html (HTML).

The Original Documentation is titled Firebird Backup & Restore Utility.

The Initial Writer of the Original Documentation is: Norman Dunbar.

Copyright © 2009-2013.All Rights Reserved.Initial Writer contact: NormanDunbar at users dot sourceforge dot net.

Contributor(s): Mark Rotteveel.

Portions created by Mark Rotteveel are Copyright © 2020-2024.All Rights Reserved.(Contributor contact(s): mrotteveel at users dot sourceforge dot net).