Rough onboarding; need good defaults for MacOS user

As new Duplicati user on MacOS the experience feels a bit rough so far. Some examples:

  • Default download for MacOS is the .dmg file. However, that one does not install Duplicati with auto-start after a reboot. For that you would need to download the .pkg file. Why is that not the default? Or alternatively, why doesn’t Duplicati offer me to enable auto-start when it runs the first time?

  • When creating a backup set, it will include everything by default. For most users that is way too much and gives problems with file locking (see also my next items). Another well known backup application uses the list below as the default exclusions (it takes 10 minutes to set these manually). It would be great to have these set by default on MacOS, or have a single one-line option to set all these.

.DocumentRevisions-V100
.MobileBackups
.MobileBackups.trash
.Spotlight-V100
.TemporaryItems
.Trash
.Trashes
.dbfseventsd
.dropbox
.dropbox.cache
.fseventsd
.hotfiles.btree
.vol
Backups.backupdb
Cache
Caches
DerivedData
node_modules
Logs
*/iTunes/iTunes Media/Downloads
*/iTunes/iTunes Media/Podcasts
*/iTunes/Album Artwork
*/iTunes/Previous iTunes Libraries
*/Library/Application Support/CrashReporter
*/Library/Application Support/Dropbox
*/Library/Application Support/Google
*/Library/Application Support/MobileSync/Backup
*/Library/Application Support/com.apple.LaunchServicesTemplateApp.dv
*/Library/Biome
*/Library/Caches
*/Library/Containers/com.apple.mail/Data/Library/Mail Downloads
*/Library/Containers/com.apple.mail/Data/DataVaults
*/Library/Developer
*/Library/Google/GoogleSoftwareUpdate
*/Library/Metadata/CoreSpotlight
*/Library/Mirrors
*/Library/PubSub/Database
*/Library/PubSub/Downloads
*/Library/PubSub/Feeds
*/Library/Safari/Favicon Cache
*/Library/Safari/Icons.db
*/Library/Safari/Touch Icons Cache
*/Library/Safari/WebpageIcons.db
*/Library/Safari/HistoryIndex.sk
*/Library/VoiceTrigger/SAT
*/MailData/AvailableFeeds
*/MailData/BackingStoreUpdateJournal
*/MailData/Envelope Index
*/MailData/Envelope Index-journal
*/MailData/Envelope Index-shm
*/MailData/Envelope Index-wal
  • Next I got many errors during backups. For example “Access to the path ‘/Users/yoriz/Library/...’ is denied.”. It could not access large parts of my harddisk. Took me some time searching the forums to learn that I need to enable “Full Disk Access” in the MacOS Settings for the Duplicati app to work correctly. Again, shouldn’t that be the default? Or at least have the installer open the corresponding pane from Settings with an explanation what the user should do?

  • Now I still get errors during backup, because certain files are in use: The process cannot access the file ‘/Users/yoriz/Library/...’ because it is being used by another process. That is to be expected on a running system, right? So there must be more users running into this error. I have not yet solved this problem. The –snapshot-policy = required option is broken on MacOS: An error occurred trying to start process '/Applications/Duplicati.app/Contents/MacOS/lvm-scripts/find-volume.sh' with working directory '/'. No such file or directory

I will continue searching the forums for a fix for the above problem, because there must be more users running into this. I fear that after fixing this I will run into yet another problem…

The defaults settings for MacOS can be improved. As a typical MacOS user, I don’t want to hunt for obscure low-level options and settings. I want to install Duplicati and just run it with the defaults. I am happy to help the developers improve this.

Question to other MacOS users: what options/settings do you recommend for a user that simply wants to backup his entire harddisk?

P.S., Even after I enabled Full Disk Access, I still get errors when backing up files from other users: UnauthorizedAccessException: Access to the path '/Users/otheruser/Documents' is denied.. I have again an hour of searching the forums ahead of me… :frowning:

After trying out many settings and options and reading a lot of forum posts, I finally got Duplicati to backup all files. The trick is to not use the standard Duplicati install or use the tray icon because that will run Duplicati as your owner user without access to the files of other users.

I stumbled upon this site, that explained how to run duplicati-server as a System service. That enables Duplicati to have access to all files, also those of other users on the system. Unfortunately, this requires some low-level hacking using the Terminal:

% sudo edit /Library/LaunchDaemons/com.duplicati.server.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.duplicati.server</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Applications/Duplicati.app/Contents/MacOS/duplicati-server</string>
        <string>--webservice-port=8200</string>
        <string>--log-file=/Library/Logs/duplicati_server.log</string>
        <string>--log-level=Information</string>
        <string>--verbose=true</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>StandardOutPath</key>
    <string>/Library/Logs/duplicati_out.log</string>
    <key>StandardErrorPath></key>
    <string>/Library/Logs/duplicati_err.log</string>
    <key>Nice</key>
    <integer>20</integer>
</dict>
</plist>

After this, reboot your Mac. When rebooted, quickly look in the log file to see the URL of the GUI (that link is only valid for a short time):

% grep link /Library/Logs/duplicati_server.log

2025-09-20 16:10:33 +02 - [Warning-Duplicati.Server.Program-ServerStartedSignin]: Use the following link to sign in: http://localhost:8200/signin.html?token=eyJh...9of0

Use that URL in your webbrowser and set a password for the GUI (otherwise you can no longer access Duplicati later; don’t ask me how I know). The next time you want to access the GUI, you only need the first part of the URL: http://localhost:8200 and your password.

In addition you need to use the –ignore-advisory-locking=true flag to work around the problem that APFS snapshots are not working in order to back up files that are currently in use.

I can’t get the tray icon to work. It opens a new instance of Duplicati at port 8300 (and ignores the service already running at 8200, even with the –no-hosted-server flag), but I am too exhausted to continue troubleshooting for one more hour. I’ll use a browser bookmark for now…

Is this really what it takes for the average MacOS user to simply backup his Mac? I persevered because Duplicati seems to be the only backup tool that supports Jottacloud. But if I had a common storage like S3, OneDrive, etc. then I would have surely given up and tried something simple like Backblaze or ArqBackup.

It is a pitty, because you can tell Duplicati is a well-designed, robust application. However, it is obviously made by- and for hard-core engineers. I am happy to work with the developers to act as a noob test user/guinea pig to help smoothen the install procedure and improve the default settings for MacOS. Surely we must be able to create a .pkg installer that simply installs Duplicati and just makes backups of the system using all the default settings?

Welcome to the forum @Yoriz

What you posted is not two separate dashes which is pretty much always what’s needed. Forum and word processing programs tend to mangle double dashes and double quotes.

It looks like the code is trying to go down the Linux path, where LVM snapshots are used. While I’d consider that error message broken, APFS snapshots just aren’t done currently.

2.1.0.5 help text:

  --snapshot-policy (Enumeration): Control the use of disk snapshots
    This setting controls the usage of snapshots, which allows Duplicati to
    backup files that are locked by other programs. If this is set to "off",
    Duplicati will not attempt to create a disk snapshot. Setting this to
    "auto" makes Duplicati attempt to create a snapshot, and fail silently
    if that was not allowed or supported (note that the OS may still log
    system warnings). A setting of "on" will also make Duplicati attempt to
    create a snapshot, but will produce a warning message in the log if it
    fails. Setting it to "required" will make Duplicati abort the backup if
    the snapshot creation fails. On windows this uses the Volume Shadow Copy
    Services (VSS) and requires administrative privileges. On Linux this
    uses Logical Volume Management (LVM) and requires root privileges.
    * values: Auto, On, Off, Required
    * default value: off

Predefined filter groups would be worth a look, then you could decide which to ask for.

2.1.0.5 help, which I cite mainly because you wanted a single one-line option. Is it CLI?

  --exclude (String): Exclude files
    Exclude files that match this filter. The special character * means any
    number of character, and the special character ? means any single
    character. Use *.txt to exclude all files with a txt extension. Regular
    expressions are also supported and can be supplied by using hard braces,
    e.g. [.*\.txt]. Filter groups (which encapsulate a built-in set of
    well-known files and folders) can be specified by using curly braces,
    e.g. {TemporaryFiles}.

CLI help filter-groups (also available as GUI Commandline, where output tailored to user) shows exact content for the groups. You may or may not like the suggestions, but they’re sometimes amended. GitHub Issue makes it easier to track – forum is not really a tracker.

I don’t use a Mac, so can’t comment much on specifics. Maybe somebody else can assist.

Thank you for your suggestions.

Yes, I used --no-hosted-server two dashes. However, the tray icon will simply open a new Duplicati instance at port 8300, ignoring the already running instance at port 8200.

Ah, that explains. Then I suggest the GUI gives feedback on MacOS that the option is not supported yet.

Thanks, that can be useful. Although it is not entirely clear what exact file(patterns) it will filter. Can I see somehow what files are filtered in the web-GUI?

CLI? I am a Mac user, what do you think :wink:
With single one-line option I meant a single option in the GUI, not having to painstakingly create 50 separate exclude rules.

Thank you for your help!

I don’t recall that ever happening. Can you isolate it to a simple command line example?

For example, here’s a test from my .zip install (a Mac path would be different anyway):

C:\Duplicati\duplicati-2.1.0.5_stable_2025-03-04-win-x64-gui>Duplicati.GUI.TrayIcon --no-hosted-server --webservice-password=REDACTED

C:\Duplicati\duplicati-2.1.0.5_stable_2025-03-04-win-x64-gui>Unexpected error: System.AggregateException: One or more errors occurred. (No connection could be made because the target machine actively refused it. (localhost:8200))

I don’t have a service up here, but you can see that it’s aiming for service at port 8200.
For formatting, I use three backticks above and below to keep forum from adding style.

Filters in Duplicati discusses those, and links to the official .NET documentation.
I don’t know why it wasn’t mentioned, but there’s The TEST-FILTERS command.
That’s handy for complex filters, as it can get quite extensive and hard to dissect.

It’s automatic. If you already added manual filters per original post, check for red X.
Accuracy may vary. GUI JavaScript regex is different from .NET in advanced cases.
Source data has a picture.

New UI that’s now in Beta doesn’t use green/red select/exclude, but deselects lines.

That might be because Jottacloud doesn’t publish an API, which means if they change things (and they have before), access can be disrupted. Here’s their statement of wish:

Does Jottacloud provide an API?

Sure. Here is what happens:

# I have Duplicati running a system service (user ID 0 aka root):
% ps -ef | grep -i dupl
       0  2383     1   0 Sat04PM ??       326:00.16 /Applications/Duplicati.app/Contents/MacOS/duplicati-server --webservice-port=8200 --log-file=/Library/Logs/duplicati_server.log --log-level=Information --verbose=true

# Now I start the tray icon. AFAIK there is no separate binary for that
# for MacOS:
% ls -l /Applications/Duplicati.app/Contents/MacOS |grep '^-rwx'
-rwxr-xr-x@  1 root   wheel    124000 Mar  4  2025 duplicati*
-rwxr-xr-x@  1 root   wheel    124000 Mar  4  2025 duplicati-aescrypt*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-autoupdater*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-backend-tester*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-backend-tool*
-rwxr-xr-x@  1 root   wheel    124000 Mar  4  2025 duplicati-cli*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-recovery-tool*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-secret-tool*
-rwxr-xr-x@  1 root   wheel    124000 Mar  4  2025 duplicati-server*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-server-util*
-rwxr-xr-x@  1 root   wheel    124000 Mar  4  2025 duplicati-service*
-rwxr-xr-x@  1 root   wheel    124016 Mar  4  2025 duplicati-snapshots*
-rwxr-xr-x@  1 root   wheel      8098 Mar  4  2025 run-script-example.sh*
-rwxr-xr-x@  1 root   wheel      1444 Jan 31  2025 uninstall.sh*

# Therefore, I start the main app "Duplicati.app" using `open`:
% /usr/bin/open /Applications/Duplicati.app --args --no-hosted-server --hosturl='http://localhost:8200' --webservice-password='SECRET'

# Tray icon now appears, and is running as my own user (user ID 502):
% ps -ef | grep -i dupl
       0  2383     1   0 Sat04PM ??       326:00.35 /Applications/Duplicati.app/Contents/MacOS/duplicati-server --webservice-port=8200 --log-file=/Library/Logs/duplicati_server.log --log-level=Information --verbose=true
     502 49195     1   0  6:41PM ??         0:00.75 /Applications/Duplicati.app/Contents/MacOS/duplicati --no-hosted-server --hosturl=http://localhost:8200 --webservice-password=SECRET

# Clicking "Open" in the tray icon menu gives me a spinning beachball when
# I hover the tray icon. Nothing else happens. It is not eating up a lot of CPU:
% top -pid 49195
Processes: 551 total, 2 running, 549 sleeping, 2838 threads                                                                                                                    19:50:07
Load Avg: 1.22, 1.27, 1.19  CPU usage: 2.12% user, 2.49% sys, 95.38% idle  SharedLibs: 626M resident, 142M data, 95M linkedit.
MemRegions: 0 total, 0B resident, 0B private, 2301M shared.   PhysMem: 15G used (2163M wired, 1624M compressor), 935M unused.
VM: 224T vsize, 5702M framework vsize, 316823(0) swapins, 521999(0) swapouts. Networks: packets: 20353971/19G in, 25196220/32G out. Disks: 74742304/3695G read, 18320241/424G written.

PID    COMMAND      %CPU TIME     #TH  #WQ  #POR MEM  PURG CMPR PGRP  PPID STATE    BOOSTS    %CPU_ME %CPU_OTHRS UID  FAULTS COW  MSGSEN MSGRE SYSBSD  SYSMAC CSW    PAGE IDLEW POWE
50871  duplicati    0.9  00:03.87 20   3    242  71M  272K 0B   50871 8870 sleeping *9[6]     0.00000 0.60493    502  19409+ 398  35903+ 9091+ 105183+ 95770+ 85082+ 11   5672+ 1.1

# It does not time out after waiting several minutes, so I have to kill
# the tray icon:
% sudo kill -9 49195

# There is nothing in the server log file:
% cat /Library/Logs/duplicati_server.log
...

# Don't know where to look for another log (if the tray icon app even has that)

I remember I also had a case where it did open a browser window but on port 8300 with a new instance (my config was gone in the GUI, so it must have been running as my user rather than the system user). I can’t remember how to reproduce this.

P.S. Reading this thread, I tried using the TrayIcon from 2.1.2.0 Beta. This worked!

% /usr/bin/open /Applications/Duplicati\ 2.1.2.0_beta.app --args --no-hosted-server --webservice-password=SECRET

The TrayIcon opens a webbrower window connecting to the already running background server on port 8200!

I don’t like running production backups with a beta version, so I’ll keep the service on version 2.1.0.5 stable for now, and only use the beta for the TrayIcon. That is a safe thing to do, I assume?

For others reading this, I installed duplicati in two different directories:

/Applications/Duplicati.app                    # (this is 2.1.0.5 stable)
/Applications/Duplicati 2.1.2.0_beta.app

And have added an additional launch agent for the tray icon (see first post for launch agent of backup service):

# /Users/<user>/Library/LaunchAgents/com.duplicati.app.launchagent.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
   <dict>
      <key>Label</key>
      <string>com.duplicati.app.launchagent</string>
      <key>ProgramArguments</key>
      <array>
         <string>/usr/bin/open</string>
         <string>/Applications/Duplicati 2.1.2.0_beta.app</string>
         <string>--args</string>
         <string>--no-hosted-server</string>
         <string>--webservice-password=SECRET</string>
      </array>
      <key>RunAtLoad</key>
      <true/>
   </dict>
</plist>

This ensures the tray icon gets loaded automatically after a system reboot.

TrayIcon section in manual:

The main application in the Duplicati installation is the TrayIcon program, called Duplicati.GUI.TrayIcon.exe on Windows and simply duplicati on Linux and MacOS.

I’d say that’s the one to try. I’m not familiar with “Duplicati.app”. Might be only macOS.

I haven’t tried that blend, but if it seems fine it likely is, and if it isn’t, not likely a big deal.
When used with --no-hosted-server it’s just a little bit of extra UI for those wishing it.