Linux Backups

Restore a single file from an rsync backup

Granular recovery without restoring the entire backup tree.

9 min read Beginner Updated 9 Jun 2026
Linux library Start the guide

Step-by-step guide

Work through each section in order. Stop when your issue is resolved — you do not need every step for every situation.

Warning

Restoring over a newer file destroys current data. Copy to a staging path first when unsure. Verify ownership — rsync as root can leave files owned by root when the app expects www-data.

What you will achieve

Pull a single file or directory from an rsync mirror back to production — granular recovery without restoring an entire backup tree or untarring archives.

1) Identify the file in the backup

ls -la /backup/var/www/html/config.php
find /backup/home/alice -name "report.pdf" -type f

Know the backup layout mirrors the source path. Document where nightly jobs write — /backup/host/etc/ vs flat dumps trip people up.

2) Restore one file (local mirror)

sudo rsync -av /backup/etc/nginx/sites-available/mysite \
  /etc/nginx/sites-available/mysite

-a preserves mode and timestamps. Add --backup to keep a copy of the current file before overwrite:

sudo rsync -av --backup --suffix=.bak-$(date +%F) \
  /backup/etc/ssh/sshd_config /etc/ssh/sshd_config

3) Restore from remote backup server

rsync -av -e ssh backup@backup-host:/srv/backups/web1/etc/nginx/nginx.conf \
  /tmp/nginx.conf.restore

Review in /tmp, then move into place during maintenance. Safer than direct overwrite.

4) Restore a directory subset

sudo rsync -av /backup/var/www/html/uploads/2024/ \
  /var/www/html/uploads/2024/

Trailing slash on source copies contents into destination — same semantics as normal rsync backups, just reversed direction.

5) Fix ownership after restore

sudo rsync -av --chown=www-data:www-data \
  /backup/var/www/html/index.php /var/www/html/index.php

Or chown manually:

sudo chown www-data:www-data /var/www/html/index.php
sudo chmod 644 /var/www/html/index.php

6) Verify integrity with checksums

md5sum /backup/etc/ssl/certs/mycert.pem /etc/ssl/certs/mycert.pem
diff -u /backup/etc/app/config.yml /etc/app/config.yml

Checksum match confirms byte-identical restore. Use diff when comparing text configs.

7) When backup is snapshot-based

If backups use hardlink snapshots (rsnapshot, etc.), files live under daily.0/path. Restore from the dated snapshot that predates the corruption:

sudo rsync -av /backup/daily.1/localhost/etc/hosts /etc/hosts

8) Partial restore with include filter

rsync -av --include='*/' --include='*.conf' --exclude='*' \
  /backup/etc/ /tmp/etc-conf-only/

Pull only matching files from a large backup tree — handy when you need configs but not entire /var/lib databases.

Prerequisites

Known backup path and timestamp of the good copy. Stop dependent services before restoring live configs or database files they hold open.

Verify

systemctl reload nginx
curl -I https://localhost/

Service reload and smoke test after config restores. For databases, restore files only when the DB is stopped — prefer proper DB dump restore for live databases.

Related guides

backup restore rsync

Related guides

Continue with these next if you are building a fuller setup or troubleshooting path.

Backups
rsync backup basics on Linux
Simple, scriptable backups with rsync — the workhorse every Linux admin should know.
Read guide
Backups
Restore from tar backup
Practical Linux guide: restore from tar backup without the usual guesswork.
Read guide